366355 matches found
CVE-2026-48058
Nebula Mesh up to v0.3.1 is affected by a vulnerability where session and OIDC state cookies are created without the Secure attribute, allowing plaintext cookie exposure over a single HTTP request to a non-TLS origin. The issue resides in internal/web/session.go and internal/web/oidc.go (Login, S...
CVE-2026-11626
CVE-2026-11626 concerns the CleanWipe Removal Tool on macOS, affected prior to version 16.0.0.65. The vulnerability is described as a Local Privilege Escalation, allowing an attacker with limited privileges to raise privileges to administrative level. The available details indicate a local attack...
CVE-2026-48025
CVE-2026-48025 is reserved, but connected advisory GHSA-8H84-FHQQ-Q58V documents a concrete issue in nebula-mesh: decrypted CA private keys persist in process heap after signing due to CAManager not wiping, exposing memory contents. Affected: all released versions up to v0.3.6. Root cause: plaint...
CVE-2026-50639
Metric injection vulnerability in Metrics::Any::Adapter::SignalFx for Perl: versions before 0.04 do not protect against metric injections. The issue spans the StatsD protocol and its extensions (dogstatsd); per-packet metrics can include multiple metrics separated by newlines. The _labels functio...
CVE-2026-50638
CVE-2026-50638 affects Metrics::Any::Adapter::DogStatsd (Perl) versions before 0.04. The issue arises because the DogStatsd adapter does not validate newline or statsd control characters in tags, enabling potential metric injections when multiple metrics are sent per UDP/TCP packet. The vulnerabi...
CVE-2026-50637
The CVE concerns Metrics::Any::Adapter::Statsd (Perl) prior to v0.04, where the send path did not validate metric names/values, allowing metric injections when names contain newlines and statsd control characters (colon, pipe). This vulnerability affects Metrics::Any::Adapter::Statsd and related ...
CVE-2026-10740
CVE-2026-10740 affects s2n-quic prior to version 1.8.2, where an unbounded memory allocation in the CRYPTO frame reassembler can allow an unauthenticated remote actor to trigger a denial of service (degraded availability) by sending crafted QUIC Initial packets. The vulnerability is triggered dur...
CVE-2026-46642
CVE-2026-46642 affects draw.io prior to 29.7.12. A crafted .drawio file can execute arbitrary JavaScript in the editor’s origin when opened. The root cause is a feature-detection routine in the Text Format panel that reads the raw cell label and assigns it to a detached element’s innerHTML withou...
CVE-2026-11417
OS command injection in the NodejsFunction local bundling pipeline of aws-cdk-lib (pre-2.245.0; 2.246.0 on Windows) allows a threat actor who controls bundling properties (externalModules, define, loader, inject, esbuildArgs) to execute arbitrary commands on the host running the CDK toolchain via...
CVE-2026-45062
CVE-2026-45062 affects FrankenPHP (versions 1.11.2–1.12.2). The vulnerability arises in the CGI path splitting logic (splitPos in cgi.go), where fallback matching uses golang.org/x/text/search with ignore-case, and engages when the request path contains non-ASCII bytes. Two flaws enable an attack...
CVE-2026-50570
Fission prior to v1.25.0 allowed tenant-created Function/Environment CRDs to request securityContext.capabilities.add: ["SYS_TIME"] despite a fixed denylist (SYS_ADMIN, NET_ADMIN, SYS_PTRACE, SYS_MODULE, DAC_READ_SEARCH, DAC_OVERRIDE). The validation/merge-layer sanitization did not block CAP_SYS...
CVE-2026-50569
The CVE concerns Fission (Kubernetes-native serverless framework). Before version 1.25.0, HTTPTriggerSpec.Validate() checked Methods, FunctionReference, Host, IngressConfig, and CorsConfig but silently skipped RelativeURL and Prefix; these fields were only validated at the CLI. As a result, an HT...
CVE-2026-50568
Fission (Kubernetes-native serverless framework) has a lexical path check vulnerability in SanitizeFilePath (pkg/utils/utils.go) that used strings.HasPrefix(path, safedir) instead of a directory-boundary check. This allowed a sibling directory escape (e.g., /packages-extra/evil under /packages) t...
CVE-2026-50567
CVE-2026-50567 affects Fission prior to 1.25.0. The vulnerability resides in Unarchive (pkg/utils/zip.go) where archive entry paths are joined with the destination path without validating that the final path stays under the destination. An attacker who can control a Package.Spec.Source.URL or Dep...
CVE-2026-50566
Fission prior to v1.24.0 is affected: a tenant with environments.fission.io create/update RBAC could run privileged / allowPrivilegeEscalation / dangerous-capability containers in the Fission function or builder namespace, scheduled under the executor’s high-privilege service account. This enable...
CVE-2026-50565
CVE-2026-50565 affects Fission (Kubernetes-native serverless framework). Before v1.24.0, builder pods were created with ServiceAccountName: fission-builder and AutomountServiceAccountToken was not disabled, causing the kubelet to auto-mount the service-account token into every container in the po...
CVE-2026-50564
CVE-2026-50564 concerns Fission’s Environment CRD prior to version 1.24.0, where spec.runtime.podSpec and spec.builder.podSpec were merged into runtime/builder pod specs without filtering. This allowed propagation of hostNetwork, hostPID, hostIPC, container privileged, and serviceAccountName from...
CVE-2026-50563
Fission before v1.24.0 allows a tenant to supply Function.spec.podspec, which is merged into the executor-built podspec and used to create a Deployment for the user’s container image. This directly explains the root cause of the listed vulnerability and aligns with the patched state in v1.24.0. T...
CVE-2026-50545
Fission (Kubernetes-native serverless) prior to version 1.24.0 allowed Environment.spec.runtime.podSpec and spec.builder.podSpec passthrough without validation, and MergePodSpec could propagate dangerous fields into generated pods. This CVE—CVE-2026-50545—describes a PodSpec injection with potent...
CVE-2026-49824
Fission (Kubernetes-native serverless framework) prior to v1.24.0 allowed a cross-namespace environment reference via the Function admission webhook because spec.environment.namespace was not validated, unlike spec.secrets[].namespace and spec.configmaps[].namespace. The issue affects the Functio...
CVE-2026-47701
OpenTelemetry Operator for Kubernetes (OpenTelemetry Operator) CVE-2026-47701 is substantiated by a connected advisory: the TargetAllocator in cmd/otel-allocator reads a ServiceMonitor bearerTokenFile and propagates it as HTTP Authorization.CredentialsFile into the scrape config, allowing a tenan...
CVE-2026-49823
Summary : CVE-2026-49823 affects Fission (Kubernetes-native serverless framework). Before version 1.24.0, the PackageRef.Namespace in a Fission Function spec was not validated by the admission webhook (unlike Secret/ConfigMap). This allowed cross-namespace access via an unvalidated Package refere...
CVE-2026-49822
CVE-2026-49822 affects the Fission framework (Kubernetes-native serverless) prior to version 1.24.0. A low-privilege developer who could create a KubernetesWatchTrigger (KWT) in their own namespace could establish a persistent surveillance channel into other namespaces, enabling cross-namespace e...
CVE-2026-49821
Fission (Kubernetes-native serverless framework) prior to v1.24.0 is affected where the buildermgr controller processed Package CRDs without validating that Package.spec.environment.namespace equals Package.metadata.namespace. This cross-namespace environment reference could enable build-time com...
CVE-2026-46618
CVE-2026-46618 affects Fission before v1.23.0: pkg/builder/builder.go passed Environment.spec.builder.command directly to exec.Command after strings.Fields, with no validation of the executable path or arguments. A user with Environment CRD privileges in a namespace could point the builder pod to...
CVE-2026-46617
CVE-2026-46617 (Fission) affects Fission runtimes prior to v1.23.0. The runtime pod was created with ServiceAccountName: fission-fetcher, which had namespace-wide get permissions on secrets and configmaps. The automounted token was accessible inside user function containers at /var/run/secrets/ku...
CVE-2026-46612
Fission StorageSvc exposes archive CRUD endpoints (/v1/archive and /v1/archives) on the HTTP router without authentication prior to v1.23.0, allowing any caller within the same Kubernetes cluster to enumerate archive IDs, download archives from other tenants, upload arbitrary content, and delete ...
CVE-2026-46614
CVE-2026-46614 affects Fission router prior to v1.23.0, where internal routes /fission-function/ and /fission-function// were registered on the same public listener as HTTPTriggers. This allowed any caller that could reach the router to invoke any Function by guessing metadata.name/namespace, byp...
CVE-2026-20258
This CVE concerns Stored XSS in Splunk Enterprise and Splunk Cloud Platform via a classic dashboard HTML panel. A low-privileged user (not admin/power roles) can store a malicious script that executes in another user’s browser, triggered by a phishing-like action to initiate a request. Affected v...
CVE-2026-20253
Summary: CVE-2026-20253 affects Splunk Enterprise and Splunk Cloud Platform due to an unauthenticated PostgreSQL sidecar service endpoint that can create or truncate arbitrary files when exposed on the network. Affected software/versions (per sources): Splunk Enterprise < 10.2.4 and < 10.0....
CVE-2026-20260
In Splunk SOAR (Security Orchestration, Automation, and Response) versions below 8.5.0, an unauthenticated attacker can inject ANSI escape codes into SOAR logs via specially crafted HTTP request paths. The root cause is that SOAR does not strip control characters from HTTP request paths before wr...
CVE-2026-20252
Splunk Enterprise and Splunk Cloud Platform are affected by CVE-2026-20252 due to an SSRF in Dashboard Studio PDF export. A low-privilege user (not admin/power role) can cause server-side requests to arbitrary internal destinations by abusing the PDF export feature. Root cause: trusted-domain val...
CVE-2026-20257
CVE-2026-20257 affects Splunk Enterprise (versions below 10.2.4, 10.0.7, 9.4.12, 9.3.13) and Splunk Cloud Platform (below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, 9.3.2411.132). A low-privileged user without admin/power roles can craft a classic dashboard that exfiltrates sensitive data from the...
CVE-2026-20259
CVE-2026-20259 affects Splunk Enterprise (below 10.2.4 and below 10.0.7) and Splunk Cloud Platform (below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, 9.3.2411.131). A user with the high-privilege capability edit_saved_search_owner can reassign saved search ownership to us...
CVE-2026-20251
CVE-2026-20251 affects Splunk Enterprise (versions below 10.2.4/10.0.7/9.4.12/9.3.13), Splunk Cloud Platform (below 10.3.2512.12/10.2.2510.14/10.1.2507.22/9.3.2411.132), and Splunk Secure Gateway (below 3.10.6/3.9.20/3.8.67). A low-privileged user (not admin/power) can achieve Remote Code Executi...
CVE-2026-20255
The CVE-2026-20255 issue affects Splunk Enterprise (versions below 10.2.4, 10.0.7, 9.4.12, 9.3.13) and Splunk Cloud Platform (below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, 9.3.2411.132). A low-privilege user can craft a malicious classic dashboard to exfiltrate sensitive data to an external ser...
CVE-2026-20254
The affected products are Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132. A low-privileged user (not admin/power) can craft a malicious classic dashboard that exfiltrates sens...
CVE-2026-20256
Splunk Enterprise (versions < 10.2.4, 10.0.7, 9.4.12, 9.3.13) and Splunk Cloud Platform (versions
CVE-2026-11596
Affected software: ScreenConnect™ (before version 26.2). The vulnerability concerns input validation in the Host Pass creation flow, where an authenticated user with Host Pass creation privileges could set a delegated access token expiration longer than the intended maximum. Impact, as described,...
CVE-2026-47253
CVE-2026-47253 (via Connected GHSA-J9RX-RPPG-6HH4) describes a path traversal in AnyQuery’s clear_plugin_cache(plugin) function. The code passes a caller-supplied plugin argument to path.Join and then os.RemoveAll, with only an empty-string guard, allowing an attacker to craft a plugin value that...
CVE-2026-9151
The CVE-2026-9151 entry describes a command-injection in the VPN module of TP-Link Archer routers (AX12 v1, AX17 v1, AX18 v1, AX1300 v1.6). The root cause is improper filtering of special characters, enabling an adjacent, authenticated attacker to inject commands by importing a specially crafted ...
CVE-2026-46609
CVE-2026-46609 affects Umbraco CMS (ASP.NET). From 14.0.0 up to before 17.4.0, authenticated users can inject HTML into an input field, which is rendered in the backoffice confirmation dialog without proper output encoding, enabling a Cross‑Site Scripting (XSS) vector. The issue is mitigated by u...
CVE-2026-46616
Umbraco CMS (ASP.NET) contains an Open Redirect vulnerability in Surface Controllers used for member-related operations. Prior to versions 13.14.0 and 17.4.0, redirect URL validation fails for RedirectUrl supplied via user-controlled query parameters, allowing Razor templates to derive RedirectUr...
CVE-2026-46497
CVE-2026-46497 affects Crawlee (Python) from 1.0.0 up to before 1.7.0. An attacker-controlled sitemap or robots.txt can cause SSRF to internal HTTP endpoints (Layer 1) via sitemap-derived URLs, potentially affecting internal services. A second Layer (Layer 2) exists for CurlImpersonateHttpClient ...
CVE-2026-46558
Plane is an open-source project management tool. The CVE-2026-46558 issue exists in versions prior to 1.3.1 and is a cross-workspace asset authorization bypass that allowed any authenticated user to read, copy, delete, and overwrite assets in other Plane workspaces. This indicates a loss of acces...
CVE-2026-45569
Roxy-WI path-traversal patch in commit d4d10006 uses a tuple-membership check, which can bypass common ../../ payloads; no publicly available patches yet.
CVE-2026-45567
Roxy-WI is a web interface for managing HAProxy, Nginx, Apache and Keepalived. In versions 8.2.6.4 and prior, there is an authentication bypass via the URL containing the substring 'api' and an unauthenticated /api/gpt path. The CVSS v3.1 base score is 8.3 (HIGH) with NETWORK attack vector and no...
CVE-2026-45566
Roxy-WI unauthenticated login flow flaw (affecting 8.2.6.4 and prior) allows an open redirect via the next parameter. The code rejects strings containing https:// or http:// but then builds https://{request.host}{next_url} and redirects with window.location.replace(), not accounting for userinfo@...
CVE-2026-45565
CVE-2026-45565 affects Roxy-WI up to 8.2.6.4. The issue lies in the EscapedString Pydantic validator (app/modules/roxywi/class_models.py:16-30): its if/elif/else path strips metacharacters but does not apply the surrounding .. block, allowing an attacker to append a single ;, &, |, $, or ` to a p...
CVE-2026-48096
OpenFGA: The CVE affects the OpenFGA authorization engine prior to v1.16.0 due to an issue with iterator caching where two distinct check requests could produce the same cache key, causing reuse of an earlier cached result. The root cause is described as a cache-key issue in the shared-iterator a...