π¨ CVE-2019-25716
DrΓ€ger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending a malformed network packet. Attackers can repeatedly send malformed network packets to disrupt patient monitoring until the device falls back to default configuration and loses network connectivity.
π@cveNotify
DrΓ€ger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending a malformed network packet. Attackers can repeatedly send malformed network packets to disrupt patient monitoring until the device falls back to default configuration and loses network connectivity.
π@cveNotify
Draeger
DrΓ€ger Security | Coordinated Disclosure Statement
DrΓ€ger Product Security - Coordinated Disclosure Statement. Here's how you can report a security or privacy vulnerability to DrΓ€ger.
π¨ CVE-2025-22424
In multiple locations, there is a possible way to reveal images across users due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
π@cveNotify
In multiple locations, there is a possible way to reveal images across users due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
π@cveNotify
π¨ CVE-2025-22426
In many functions of ComputerEngine.java, there is a possible way to access URIs across users due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
In many functions of ComputerEngine.java, there is a possible way to access URIs across users due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
π¨ CVE-2020-8554
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.
π@cveNotify
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.
π@cveNotify
GitHub
CVE-2020-8554: Man in the middle using LoadBalancer or ExternalIPs Β· Issue #97076 Β· kubernetes/kubernetes
CVSS Rating: Medium (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) This issue affects multitenant clusters. If a potential attacker can already create or edit services and pods, then they may be ab...
π¨ CVE-2020-8561
A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.
π@cveNotify
A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.
π@cveNotify
GitHub
CVE-2020-8561: Webhook redirect in kube-apiserver Β· Issue #104720 Β· kubernetes/kubernetes
A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver ...
π¨ CVE-2021-25740
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.
π@cveNotify
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.
π@cveNotify
GitHub
CVE-2021-25740: Endpoint & EndpointSlice permissions allow cross-Namespace forwarding Β· Issue #103675 Β· kubernetes/kubernetes
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack. This issue has bee...
π¨ CVE-2020-8562
As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a DNS name resolution check and validates that response IPs are not in the link-local (169.254.0.0/16) or localhost (127.0.0.0/8) range. Kubernetes then performs a second DNS resolution without validation for the actual connection. If a non-standard DNS server returns different non-cached responses, a user may be able to bypass the proxy IP restriction and access private networks on the control plane.
π@cveNotify
As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a DNS name resolution check and validates that response IPs are not in the link-local (169.254.0.0/16) or localhost (127.0.0.0/8) range. Kubernetes then performs a second DNS resolution without validation for the actual connection. If a non-standard DNS server returns different non-cached responses, a user may be able to bypass the proxy IP restriction and access private networks on the control plane.
π@cveNotify
GitHub
CVE-2020-8562: Bypass of Kubernetes API Server proxy TOCTOU Β· Issue #101493 Β· kubernetes/kubernetes
CVSS Rating: Low (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N) A security issue was discovered in Kubernetes where an authorized user may be able to access private networks on the Kubernetes contr...
π¨ CVE-2025-48595
In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
π¨ CVE-2026-0091
In multiple locations, there is a possible way to execute code in the launcher process due to an over-privileged shell user. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
In multiple locations, there is a possible way to execute code in the launcher process due to an over-privileged shell user. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
π¨ CVE-2026-48545
Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform cross-Space session fixation by exploiting a shared module-level HTTP client used across all users in the reverse proxy endpoint. Attackers controlling any HF Space can return a parent-domain cookie that the shared client stores and automatically replays into all subsequent proxy requests to other legitimate Spaces, affecting all users of the same Gradio deployment.
π@cveNotify
Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform cross-Space session fixation by exploiting a shared module-level HTTP client used across all users in the reverse proxy endpoint. Attackers controlling any HF Space can return a parent-domain cookie that the shared client stores and automatically replays into all subsequent proxy requests to other legitimate Spaces, affecting all users of the same Gradio deployment.
π@cveNotify
GitHub
fix(security): isolate /proxy= cookie jars across Spaces (GHSA-2mr9-9β¦ Β· gradio-app/gradio@feb7237
β¦r47-px2g) (#13384)
* fix(security): isolate /proxy= cookie jars (GHSA-2mr9-9r47-px2g)
The module-level `httpx.AsyncClient` shared by the `/proxy=` reverse
proxy persists `Set-Cookie` headers fro...
* fix(security): isolate /proxy= cookie jars (GHSA-2mr9-9r47-px2g)
The module-level `httpx.AsyncClient` shared by the `/proxy=` reverse
proxy persists `Set-Cookie` headers fro...
π¨ CVE-2025-55664
A heap buffer overflow in the m2tsdmx_send_packet function (filters/dmx_m2ts.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
π@cveNotify
A heap buffer overflow in the m2tsdmx_send_packet function (filters/dmx_m2ts.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
π@cveNotify
GitHub
Fixed #3310 Β· gpac/gpac@9bd6a72
GPAC Ultramedia OSS for Video Streaming & Next-Gen Multimedia Transcoding, Packaging & Delivery - Fixed #3310 Β· gpac/gpac@9bd6a72
π¨ CVE-2025-60481
A NULL pointer dereference in the gf_odf_ac4_cfg_dsi_v1 function (/odf/descriptors.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted AC4 file.
π@cveNotify
A NULL pointer dereference in the gf_odf_ac4_cfg_dsi_v1 function (/odf/descriptors.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted AC4 file.
π@cveNotify
GitHub
fix several ac4 fuzzing issues: Β· gpac/gpac@e02d1fd
- ossfuzz issues 431448397, 431452248, 431448415, 431836200
- autofuzz bugs ref hY44lXy4bSOybg, TxWvZRk8AD8y7g
- fixes #3297, fixes #3296, fixes #3295, fixes #3293, fixes #3292, fixes #3291, fixes ...
- autofuzz bugs ref hY44lXy4bSOybg, TxWvZRk8AD8y7g
- fixes #3297, fixes #3296, fixes #3295, fixes #3293, fixes #3292, fixes #3291, fixes ...
π¨ CVE-2025-60483
A NULL pointer dereference in the gf_ac4_pres_b_4_back_channels_present function (/media_tools/av_parsers.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted AC4 file.
π@cveNotify
A NULL pointer dereference in the gf_ac4_pres_b_4_back_channels_present function (/media_tools/av_parsers.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted AC4 file.
π@cveNotify
GitHub
more ac4 and fuzzing fixes: Β· gpac/gpac@13eb5b7
- fixes #3301, fixes #3302, #3303
- autofuzz ref bsYSHNFQpzEF8w
- autofuzz ref bsYSHNFQpzEF8w
π¨ CVE-2025-60485
A segmentation violation in the gf_isom_apple_set_tag_ex function (/isomedia/isom_write.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
π@cveNotify
A segmentation violation in the gf_isom_apple_set_tag_ex function (/isomedia/isom_write.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
π@cveNotify
GitHub
minor mem issues (fixes #3323, fixes #3325) Β· gpac/gpac@4860a1a
GPAC Ultramedia OSS for Video Streaming & Next-Gen Multimedia Transcoding, Packaging & Delivery - minor mem issues (fixes #3323, fixes #3325) Β· gpac/gpac@4860a1a
π¨ CVE-2025-60486
A heap use-after-free in the dasher_process function (/filters/dasher.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG-2 file.
π@cveNotify
A heap use-after-free in the dasher_process function (/filters/dasher.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG-2 file.
π@cveNotify
GitHub
fix some memory issues Β· gpac/gpac@e6d0182
closes #3314, closes #3320, closes #3321
fixes autofuzz bug N7jC-gq0MTkg4g
fixes autofuzz bug N7jC-gq0MTkg4g
π¨ CVE-2026-24425
Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that fails to use the current template source to bypass sandbox restrictions and execute arbitrary code when the sandbox is enabled through a source policy rather than globally.
π@cveNotify
Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the runtime check that fails to use the current template source to bypass sandbox restrictions and execute arbitrary code when the sandbox is enabled through a source policy rather than globally.
π@cveNotify
GitHub
Release v3.26.0 Β· twigphp/Twig
Changelog (v3.25.0...v3.26.0)
security #cve-2026-46627 Document that the sandbox doesn't protect against resource exhaustion (@fabpot)
security #cve-2026-46628 Pre-escape HTML input on the spa...
security #cve-2026-46627 Document that the sandbox doesn't protect against resource exhaustion (@fabpot)
security #cve-2026-46628 Pre-escape HTML input on the spa...
π¨ CVE-2026-28764
MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability
π@cveNotify
MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability
π@cveNotify
π¨ CVE-2026-9617
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-anonymity function, the malicious code is executed with superuser privileges. The risk is higher with PostgreSQL 14 or with instances upgraded from PostgreSQL 14 or a prior version. With PostgreSQL 15 and later, the creation permission on the public schema is revoked by default and this exploit can only be achieved by a user who was explicitly granted the CREATE TABLE privilege. The problem is resolved in PostgreSQL Anonymizer 3.1.0 and further versions
π@cveNotify
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-anonymity function, the malicious code is executed with superuser privileges. The risk is higher with PostgreSQL 14 or with instances upgraded from PostgreSQL 14 or a prior version. With PostgreSQL 15 and later, the creation permission on the public schema is revoked by default and this exploit can only be achieved by a user who was explicitly granted the CREATE TABLE privilege. The problem is resolved in PostgreSQL Anonymizer 3.1.0 and further versions
π@cveNotify
GitLab
SQL injection in postgresql_anonymizer anon.k_anonymity() (#640) Β· Issues Β· dalibo / PostgreSQL Anonymizer Β· GitLab
Affected: postgresql_anonymizer 2.5.1 Function: anon.k_anonymity(regclass) Column names from anon.pg_identifiers are aggregated with string_agg(attname, ',') and inserted into a dynamic GROUP BY...
π¨ CVE-2026-9149
A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS).
π@cveNotify
A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS).
π@cveNotify
π¨ CVE-2026-2734
In mlflow/mlflow versions up to 3.9.0, the `SearchModelVersions` REST API endpoint and the `mlflowSearchModelVersions` GraphQL query lack proper per-model authorization checks when basic authentication is enabled. This allows any authenticated user to enumerate all model versions across all registered models, regardless of their permission level. The issue arises due to the absence of `SearchModelVersions` in the `BEFORE_REQUEST_VALIDATORS` and `AFTER_REQUEST_HANDLERS` for the REST API, and its omission from `GraphQLAuthorizationMiddleware.PROTECTED_FIELDS` for GraphQL. This vulnerability can expose sensitive information such as model names, version descriptions, source URIs, tags, and other metadata, potentially revealing proprietary or confidential details in multi-tenant environments. The issue is resolved in version 3.10.0.
π@cveNotify
In mlflow/mlflow versions up to 3.9.0, the `SearchModelVersions` REST API endpoint and the `mlflowSearchModelVersions` GraphQL query lack proper per-model authorization checks when basic authentication is enabled. This allows any authenticated user to enumerate all model versions across all registered models, regardless of their permission level. The issue arises due to the absence of `SearchModelVersions` in the `BEFORE_REQUEST_VALIDATORS` and `AFTER_REQUEST_HANDLERS` for the REST API, and its omission from `GraphQLAuthorizationMiddleware.PROTECTED_FIELDS` for GraphQL. This vulnerability can expose sensitive information such as model names, version descriptions, source URIs, tags, and other metadata, potentially revealing proprietary or confidential details in multi-tenant environments. The issue is resolved in version 3.10.0.
π@cveNotify
GitHub
Add model version search filtering based on user permissions (#20964) Β· mlflow/mlflow@6989066
Signed-off-by: Tomu Hirata <tomu.hirata@gmail.com>
π¨ CVE-2026-45043
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper validation in the PUT /rustfs/admin/v3/import-iam endpoint allows a user with ImportIAMAction to create service accounts under arbitrary parent identities, including the root user (minioadmin). The endpoint accepts attacker-controlled parent, claims, accessKey, and secretKey values without enforcing privilege boundaries or sanitization. This enables privilege escalation to full administrative access using a persistent, attacker-defined credential. This vulnerability is fixed in 1.0.0-beta.2.
π@cveNotify
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper validation in the PUT /rustfs/admin/v3/import-iam endpoint allows a user with ImportIAMAction to create service accounts under arbitrary parent identities, including the root user (minioadmin). The endpoint accepts attacker-controlled parent, claims, accessKey, and secretKey values without enforcing privilege boundaries or sanitization. This enables privilege escalation to full administrative access using a persistent, attacker-defined credential. This vulnerability is fixed in 1.0.0-beta.2.
π@cveNotify
GitHub
ImportIam Allows Creation of Backdoor Service Accounts Under Any Parent Including Root
## Summary
Improper validation in the `PUT /rustfs/admin/v3/import-iam` endpoint allows a user with `ImportIAMAction` to create service accounts under arbitrary parent identities, including the ...
Improper validation in the `PUT /rustfs/admin/v3/import-iam` endpoint allows a user with `ImportIAMAction` to create service accounts under arbitrary parent identities, including the ...