|
1211
|
- |
|
-
|
-
|
In Calico, the install-cni init container logs the rendered CNI configuration to standard output. When the configuration template uses the __SERVICEACCOUNT_TOKEN__ placeholder (Canal/Flannel-Calico d…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-41184
|
2026-05-29 03:55 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1212
|
8.6 |
HIGH
Local
|
-
|
-
|
Zed is a code editor. Prior to 0.227.1, Zed builds SSH/WSL remote commands as a shell command string that starts with exec env ..., but environment variable keys are inserted without shell quoting or…
|
CWE-78
OS Command
|
CVE-2026-44461
|
2026-05-29 03:55 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1213
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash variable expansion chaining (${var@P}), allowing arbitrary command execution under an allowliste…
|
CWE-184
Incomplete Blacklist
|
CVE-2026-44462
|
2026-05-29 03:55 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1214
|
8.6 |
HIGH
Local
|
-
|
-
|
Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior (e.g.,…
|
CWE-78
CWE-184
OS Command
Incomplete Blacklist
|
CVE-2026-44463
|
2026-05-29 03:55 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1215
|
- |
|
-
|
-
|
When Calico is configured with the Azure IPAM plugin, the Calico CNI binary mutates the incoming CNI configuration to attach subnet information before delegating to the IPAM plugin. After mutating, t…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-41185
|
2026-05-29 03:55 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1216
|
8.6 |
HIGH
Local
|
-
|
-
|
Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This allow…
|
CWE-78
OS Command
|
CVE-2026-44465
|
2026-05-29 03:55 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1217
|
8.2 |
HIGH
Network
|
free5gc
|
free5gc
|
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, PCF Npcf_SMPolicyControl missing authentication middleware allows unauthenticated access to SM policy handlers and dis…
|
CWE-862
Missing Authorization
|
CVE-2026-42083
|
2026-05-29 03:40 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1218
|
7.7 |
HIGH
Network
|
-
|
-
|
OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, OpenReplay's Python API exposes several app_apikey routes that trust a caller-provided projectKey after validating only that the API…
|
CWE-284
Improper Access Control
|
CVE-2026-45296
|
2026-05-29 03:40 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1219
|
- |
|
-
|
-
|
OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, there is a cross-tenant IDOR on feature-flag and assist-stats routes via {project_id} case mismatch. ProjectAuthorizer.__call__ (OSS…
|
CWE-285
CWE-639
CWE-863
Improper Authorization
Authorization Bypass Through User-Controlled Key
Incorrect Authorization
|
CVE-2026-45297
|
2026-05-29 03:40 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1220
|
9.6 |
CRITICAL
Network
|
-
|
-
|
CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the run_tests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meaning it runs without any user…
|
CWE-94
Code Injection
|
CVE-2026-45311
|
2026-05-29 03:40 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
