PulsePatch.io

A critical vulnerability (CVE-2026-33557) in `Apache Kafka` OAUTHBEARER authentication may allow JWT bypass. Review configurations and apply patches when available. #Kafka #AuthN #InfoSec pulsepatch.io/posts/cve-2026…

rust-openssl has an incorrect bounds assertion in its AES key wrap, risking data integrity/confidentiality. #CVE-2026-41678 #rust #cryptography. Monitor for updates. pulsepatch.io/posts/cve-2026…

`OpenC3 COSMOS` has a critical SQL Injection flaw (GHSA-v529-vhwc-wfc5) in its `QuestDB` integration, risking data compromise. Review input validation and monitor for patches. #OpenC3COSMOS #SQLi #infosec pulsepatch.io/posts/openc3-c…

`OpenC3 COSMOS` contains a permissions bypass (GHSA-2wvh-87g2-89hr) via its Script Runner tool, granting unauthorized administrative action access. Monitor for official fixes. #OpenC3 #infosec #permissionsbypass pulsepatch.io/posts/ghsa-2wv…

`Pipecat` is vulnerable to remote code execution (CVE-2025-62373) via insecure Pickle deserialization in `LivekitFrameSerializer`. This allows for arbitrary code execution. #Pipecat #RCE #InfoSec pulsepatch.io/posts/cve-2025…

`OAuth2 Proxy` has an authentication bypass vulnerability (CVE-2026-40575) via `X-Forwarded-Uri` header spoofing, potentially leading to unauthorized access. Monitor for updates. #OAuth2Proxy #AuthBypass #infosec pulsepatch.io/posts/cve-2026…

A buffer overflow (CVE-2026-41676) affects `rust-openssl` when using `OpenSSL 1.1.1`, potentially causing DoS. Review usage of `Deriver::derive` and `PkeyCtxRef::derive`. #Rust #OpenSSL #infosec pulsepatch.io/posts/cve-2026…

A path traversal vulnerability (GHSA-r466-rxw4-3j9j) in `Evolver` allows arbitrary file writes via the `fetch` command's `--out` flag. Review input sanitization for `Evolver` commands. #PathTraversal #Evolver #InfoSec pulsepatch.io/posts/evolver-…

OpenC3 COSMOS is affected by GHSA-wgx6-g857-jjf7, allowing session token hijacking for password resets. This poses a persistence risk. Review session management. #OpenC3 #Infosec #AuthN pulsepatch.io/posts/ghsa-wgx…

A high-severity ServiceAccount token leak (GHSA-f9g8-6ppc-pqq4) affects `Kyverno`. If `apiCall`s are misconfigured, tokens can be exposed to external servers, risking #Kubernetes cluster compromise. Review your `Kyverno` policies. #InfoSec #CloudNative pulsepatch.io/posts/kyverno-…

`Kyverno`'s `apiCall` feature can expose ServiceAccount tokens (GHSA-8wfp-579w-6r25). Review policies to prevent credential leaks in #Kubernetes environments. #CloudNative #Security. pulsepatch.io/posts/kyverno-…

A service account token leak in `Kyverno` (CVE-2026-40868) via implicit bearer token injection impacts `apicall`/`servicecall`. Review `Kyverno` permissions. #Kubernetes #CloudNative #infosec pulsepatch.io/posts/cve-2026…

An RCE vulnerability (CVE-2026-25917) affects Apache Airflow, allowing code execution via crafted XCom payloads. Monitor for updates. #ApacheAirflow #RCE #infosec pulsepatch.io/posts/cve-2026…

The `openvpn-auth-oauth2` module is affected by `CVE-2026-41070`, allowing unauthenticated VPN access due to incorrect client-deny handling. Review configurations and monitor for updates. #OpenVPN #OAuth2 #infosec pulsepatch.io/posts/cve-2026…

`RClone` is affected by an unauthenticated remote command execution vulnerability (CVE-2026-41179) via operations/fsinfo. This allows attacker-controlled backend instantiation. #RClone #RCE #infosec pulsepatch.io/posts/cve-2026…

An unauthenticated auth bypass in `Rclone` (CVE-2026-41176) can lead to sensitive operations and command execution. Restrict network access to `Rclone` remote control interfaces. #Rclone #CVE #InfoSec pulsepatch.io/posts/cve-2026…

`CI4MS Backup::restore` is vulnerable to a Zip Slip flaw (CVE-2026-41202) leading to RCE. Validate archive inputs and run restore processes with least privilege. #infosec #RCE #Vulnerability pulsepatch.io/posts/cve-2026…

A critical Zip Slip vulnerability (CVE-2026-41203) affects CI4MS Theme's upload function, enabling remote code execution. Monitor for patch availability. #ZipSlip #RCE #infosec pulsepatch.io/posts/cve-2026…

A critical skip block quorum bypass (CVE-2026-33471) affects `nimiq-block` via out-of-range BitSet indices & u16 truncation. Monitor official `Nimiq` channels for updates. #Blockchain #Nimiq #Infosec pulsepatch.io/posts/cve-2026…

The `NornicDB` Bolt Server has an improper network binding (GHSA-2hp7-65r3-wv54) enabling unauthorized remote access. Review network configurations and access controls. #NornicDB #infosec #networksecurity pulsepatch.io/posts/ghsa-2hp…