33227 matches found
Distribution's tag deletion bypasses `storage.delete.enabled` configuration
Summary Tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has explicitly disabled deletion. Details When storage.delete.enabled is configured to false,...
OpenClaw's exec allowlist analysis rejects shell expansion in unquoted heredocs
Summary Exec allowlist analysis rejects shell expansion in unquoted heredocs Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.4.21 - Fixed version: 2026.4.22 Impact An allowlisted command containing an unquoted heredoc could hide shell expansion in the heredoc body...
OpenClaw: MCP loopback owner context is derived from server-issued bearer tokens
Summary MCP loopback owner context is derived from server-issued bearer tokens. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.4.21 - Fixed version: 2026.4.22 Impact The loopback MCP path accepted spoofable owner-context metadata from request headers, which could...
OpenClaw: Workspace dotenv files cannot override connector endpoint hosts
Summary Workspace dotenv files cannot override connector endpoint hosts. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.4.21 - Fixed version: 2026.4.22 Impact A workspace .env file could set connector endpoint variables for Matrix, Mattermost, IRC, or...
OpenClaw's ACP child sessions inherit subagent security envelope constraints
Summary ACP child sessions inherit subagent security envelope constraints. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.4.21 - Fixed version: 2026.4.22 Impact A restricted subagent spawning an ACP child session could fail to carry forward subagent-only...
OpenClaw validates Zalo outbound photo URLs through the SSRF guard
Summary Zalo outbound photo URLs are validated through the SSRF guard. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.4.21 - Fixed version: 2026.4.22 Impact The Zalo plugin could forward an attacker-controlled outbound photo URL to the Zalo Bot API without first...
Pillow has an OOB Write with Invalid PSD Tile Extents (Integer Overflow)
Impact Processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. Patches Patched version: 12.2.0 Pillow 12.1.1 addressed CVE-2026-25990 by adding checks for tile extents in PSD image decoding/encoding to prevent an out-of-bounds...
Pillow has a PDF Parsing Trailer Infinite Loop (DoS)
Impact An attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. Patches Patched version: 12.2.0. PdfParser introduced in Pillow 4.2.0 follows Prev pointers in PDF trailers to read cross-reference sections. If ...
Pillow has an integer overflow when processing fonts
If a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This has been fixed...
Pillow has a heap buffer overflow with nested list coordinates
Passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line could cause a heap buffer overflow, as nested lists were recursively unpacked beyond the allocated buffer. Coordinate lists are now validated to...
pyp2spec is Vulnerable to Code Injection
Impact pyp2spec was writing PyPI package metadata e.g. the summary field into the generated spec file without escaping RPM macro directives. When a packager then runs rpmbuild, those directives get evaluated, so a malicious package can execute arbitrary commands on the build machine. The macro...
Argo vulnerable to exposure of artifact repository credentials
Summary The workflow executor logs all artifact repository credentials S3 access keys, secret keys, GCS service account keys, Azure account keys, Git passwords, etc. in plaintext on artifact operation. Any user with read access to workflow pod logs can extract these credentials. Note: This is an...
Argo has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure
The fix for CVE-2026-31892 commit 534f4ff blocks podSpecPatch when templateReferencing: Strict is active, but doesn't restrict other WorkflowSpec fields that flow through the same merge path and get applied to pods. A user can set hostNetwork: true, override serviceAccountName, or change...
Argo Vulnerable to Unauthenticated Memory Exhaustion (DoS) in Webhook Interceptor
Severity: Medium Component: Webhook Interceptor server/auth/webhook Vulnerability Type: Denial of Service DoS Description The Webhook Interceptor loads the entire request body into memory before authenticating the request or verifying its signature. This occurs on the /api/v1/events/ endpoint,...
Argo Affected by SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go)
Summary A nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization causes a panic denial of service for SSO users whose claims match a namespace-level RBAC rule but not an SSO-namespace rule, when SSODELEGATERBACTONAMESPACE=true. Details When getServiceAccountclaims, ssoNamespace...
Argo has Missing Authorization in its Sync ConfigMap Provider
Summary The Sync Service's ConfigMap-backed provider server/sync/synccm.go performs zero authorization checks on all CRUD operations create, read, update, delete. Any authenticated user — including those using fake Bearer tokens — can create, read, update, and delete Kubernetes ConfigMaps...
Kirby CMS's system API endpoint leaks installed version and license data to authenticated users
TL;DR This vulnerability affects all Kirby sites that might have potential attackers in the group of authenticated Panel users. ---- Introduction Missing authorization allows authenticated users to perform actions they are not intended to have access to. The effects of missing authorization can...
Kirby CMS doesn't gate user avatar creation, replacement and deletion with user update permissions
TL;DR This vulnerability affects all Kirby sites where users of a particular role have no permission to update user information user.update or users.update permission is disabled. This can be due to configuration in the blueprints of the acting users, via options in the blueprints of the target...
Kirby CMS's read access to site, user and role information is not gated by permissions
TL;DR This vulnerability affects all Kirby sites that might have potential attackers in the group of authenticated Panel users. This vulnerability is of high severity for affected sites. Sites using Kirby are not affected if they intend all users of the site to be able to list and access the site...
Incus is affected by unbounded binary import disk exhaustion
Summary Uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking down the host system. The impact here is limited for anyone using storage.imagesvolume and storage.backupsvolume as those users will have large uploads be stored on those...
Incus has Nil Dereferences on Restore via Malformed YAML
Summary Details It was found that backup.GetInfo trusts the inline backup/index.yaml config when present and only falls back to parsing the legacy backup/container/backup.yaml file if result.Config == nil. As a result, an archive can carry a valid inline config that passes the initial import...
Incus has Unbounded YAML Metadata Decode via Parsing
Summary User provided image and backup tarballs would be unpacked and YAML files parsed without any size restrictions. This was making it easy for an authenticated user to provide a crafted image or backup tarball that when parsed by Incus would lead to a very large YAML document being loaded int...
Incus has Nil-Pointer Dereference via S3 Bucket Import
Summary Missing error handling could lead an authenticated Incus user to cause a daemon crash through the import of a truncated storage bucket backup file. Details It was found that TransferManager.UploadAllFiles iterates over tar entries but only checks for io.EOF from tr.Next. When tr.Next...
Kata Container has CopyFile Policy Subversion via Symlinks
Summary An oversight in the CopyFile policy and perhaps the CopyFile handler allows untrusted hosts to write to arbitrary locations inside the guest workload image. This can be used to overwrite binaries inside the guest and exfiltrate data from containers; even those running inside CVMs. Details...
OpenMRS has Stored Velocity SSTI to RCE via ConceptReferenceRange
Impact The ConceptReferenceRangeUtility.evaluateCriteria method in OpenMRS Core evaluates database-stored criteria strings as Apache Velocity templates without any sandbox configuration. The VelocityEngine is initialized with only logging properties and noSecureUberspector, leaving the default...
Traefik's errors middleware forwards Authorization and Cookie headers to separate error page service
Summary There is a medium severity information disclosure vulnerability in Traefik's errors custom error pages middleware. When the backend returns a response matching the configured status range, the middleware forwards the original request's complete header set, including Authorization, Cookie,...
Gotenberg has an ExifTool Dangerous Tag Blocklist Bypass via Group-Prefixed Tag Names that Allows Arbitrary File Rename and Move
Summary Gotenberg blocks certain ExifTool tag names like FileName and Directory to stop attackers from renaming or moving files on the server. But ExifTool allows a longer form of the same tag — System:FileName — which does the exact same thing. Gotenberg only checks if the tag is exactly FileNam...
Incus Vulnerable to Panic via Snapshot Bounds Check
Summary Missing validation logic in the storage volume import logic allows an authenticated user with access to Incus' storage volume feature to cause the Incus daemon to crash. Repeated use of this issue can be used to keep Incus offline causing a denial of service. Details The backup restore...
Incus has an OVN TLS Verification that Accepts Peer-Supplied Roots
Summary Broken TLS validation logic in the OVN database connection logic could allow connections to an attacker's OVN database. OVN uses mTLS for authentication, so the attacker cannot actually perform a full man in the middle attack as they won't be able to authenticated with the real OVN...
Apache Polaris has an Improper Input Validation issue
In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead. Apache Polaris builds Google Cloud Storage downscoped credentials b...
Apache Polaris has an Improper Input Validation Issue
Apache Polaris can issue broad temporary "vended" storage credentials during staged table creation before the effective table location has been validated or durably reserved. Those temporary credentials are meant to limit the scope of accessible table data and metadata, but this scope limitation...
Apache OpenNLP ExtensionLoader Vulnerable to Arbitrary Class Instantiation via Model Manifest
Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The ExtensionLoader.instantiateExtensionClass, String method loads a class by its fully-qualified name via Class.forName and invokes its no-arg...
Apache Polaris has an Improper Input Validation Issue
Apache Polaris accepts literal characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused unescaped in S3 IAM resource patterns and s3:prefix conditions. In S3 IAM policy matching, is treated as ...
Apache OpenNLP AbstractModelReader has an OOM Denial of Service via Unbounded Array Allocation
OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader Versions Affected: Before 2.5.9 Before 3.0.0-M3 Description: The AbstractModelReader methods getOutcomes, getOutcomePatterns, and getPredicates each read a 32-bit signed integer count field from a binary...
Apache Polaris has an Improper Input Validation issue
In Apache Iceberg, the table's metadata files are control files: they tell readers which data files belong to the table and which table version to read. write.metadata.path is an optional table property that tells Polaris where to write those metadata files. For a table already registered in a...
Apache OpenNLP DictionaryEntryPersistor Vulnerable to XML External Entity (XXE) via Unsanitized Dictionary Parsing
XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURESECUREPROCESSING ...
GoBGP has an out-of-bounds read in the ParseIP6Extended function
An out-of-bounds read in the ParseIP6Extended function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...
Apache Atlas has a Code Injection Vulnerability
Description: Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Atlas. Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data. Affected...
Incus has a Nil-Pointer Dereference via Custom Volume Import
Summary Missing validation logic in the storage volume import logic allows an authenticated user with access to Incus' storage volume feature to cause the Incus daemon to crash. Repeated use of this issue can be used to keep Incus offline causing a denial of service. Details The custom volume...
Incus has a Nil-Pointer Dereference Panic via Bucket Metadata
Summary Missing validation logic in the storage bucket import logic allows an authenticated user with access to Incus' storage bucket feature to cause the Incus daemon to crash. Repeated use of this issue can be used to keep Incus offline causing a denial of service. Details The storage bucket...
OpenMRS Module Upload Vulnerable to Path Traversal (Zip Slip)
Affected Versions version ≤ 2.7.8 latest version at time of disclosure https://github.com/openmrs/openmrs-core Impact The endpoint POST /openmrs/ws/rest/v1/module is vulnerable to a path traversal Zip Slip attack. An authenticated attacker can upload a crafted .omod archive containing ZIP entries...
Quarkus has Authentication/Authorization bypasses
Quarkus version 3.32.4 is vulnerable to an authorization bypass issue GHSL-2026-099, in which semicolons matrix parameters in HTTP requests can be used to bypass security constraints, potentially allowing unauthorized access to protected resources. Unauthenticated or lower-privileged users can...
OpenMRS ModuleResourcesServlet has Path Traversal that Leads to Arbitrary File Read
Affected Versions version ≤ 2.7.8 latest version at time of disclosure https://github.com/openmrs/openmrs-core Impact The /openmrs/moduleResources/moduleid endpoint in OpenMRS Core is vulnerable to a path traversal attack. The ModuleResourcesServlet does not properly validate user-supplied path...
Incus has Blind SSRF via Image Import Preflight HEAD
Summary A partial implementation of our restricted.images.servers project restriction allows users in such restricted projects to still cause Incus to send HEAD requests to arbitrary endpoints. The actual image download will be rejected by the project restriction, but the ability to trigger...
OpenClaw: Slack thread context could include messages from non-allowlisted senders
Summary Before OpenClaw 2026.4.2, Slack thread starter and thread-history context fetched through the API was not filtered by the effective sender allowlist. Messages from non-allowlisted senders could still enter the agent context when an allowlisted user replied in the same thread. Impact A Sla...
VM2 Sandbox Breakout Through __lookupGetter__
Summary VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details The lookupGetter method allows to read the getter of an object. It is special in VM2 since it will switch...
jOpenDocument has an improper restriction of XML external entity reference vulnerability
Improper restriction of XML external entity reference vulnerability in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup. This issue affects jOpenDocument: 1.5...
Ollama contains a heap out-of-bounds read vulnerability in the GGUF model loader
Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and...
GoBGP has Improper Restriction of Operations within the Bounds of a Memory Buffer
A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component BMP Parser. The manipulation leads to out-of-bounds read. The attack can be initiated...
GoBGP has an Integer Underflow Issue
A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file pkg/packet/mrt/mrt.go. Executing a manipulation can lead to integer underflow. It is possible to launch the attack remotely. Upgrading to version 4.4.0 addresses this...