CWE-653
AllowedImproper Isolation or Compartmentalization
Abstraction: Class · Status: Draft
The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.
101 vulnerabilities reference this CWE, most recent first.
GHSA-MGVX-RPFC-9MPV
Vulnerability from github – Published: 2025-03-25 00:30 – Updated: 2026-02-04 21:49A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "k8s.io/ingress-nginx"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.11.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "k8s.io/ingress-nginx"
},
"ranges": [
{
"events": [
{
"introduced": "1.12.0-beta.0"
},
{
"fixed": "1.12.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-1974"
],
"database_specific": {
"cwe_ids": [
"CWE-653"
],
"github_reviewed": true,
"github_reviewed_at": "2025-03-25T15:10:14Z",
"nvd_published_at": "2025-03-25T00:15:14Z",
"severity": "CRITICAL"
},
"details": "A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)",
"id": "GHSA-mgvx-rpfc-9mpv",
"modified": "2026-02-04T21:49:40Z",
"published": "2025-03-25T00:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1974"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/issues/131009"
},
{
"type": "WEB",
"url": "https://github.com/B1ack4sh/Blackash-CVE-2025-1974"
},
{
"type": "PACKAGE",
"url": "https://github.com/kubernetes/ingress-nginx"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.11.5"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.12.1"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/2qa9DFtN0cQ"
},
{
"type": "WEB",
"url": "https://https://github.com/kubernetes/kubernetes/issues/131009"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20250328-0008"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/52475"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "ingress-nginx admission controller RCE escalation"
}
GHSA-P5GP-JV8C-QR96
Vulnerability from github – Published: 2025-06-23 21:31 – Updated: 2025-06-23 21:31Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of ACL-U links. The issue results from the lack of L2CAP channel isolation. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26284.
{
"affected": [],
"aliases": [
"CVE-2025-5476"
],
"database_specific": {
"cwe_ids": [
"CWE-653"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-21T01:15:28Z",
"severity": "MODERATE"
},
"details": "Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the implementation of ACL-U links. The issue results from the lack of L2CAP channel isolation. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26284.",
"id": "GHSA-p5gp-jv8c-qr96",
"modified": "2025-06-23T21:31:46Z",
"published": "2025-06-23T21:31:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5476"
},
{
"type": "WEB",
"url": "https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax8500/software/00344092"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-357"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-PC23-5PPW-9J7M
Vulnerability from github – Published: 2026-06-16 15:33 – Updated: 2026-07-15 12:31Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.
{
"affected": [],
"aliases": [
"CVE-2026-12295"
],
"database_specific": {
"cwe_ids": [
"CWE-653",
"CWE-693"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-16T13:16:29Z",
"severity": "CRITICAL"
},
"details": "Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.",
"id": "GHSA-pc23-5ppw-9j7m",
"modified": "2026-07-15T12:31:49Z",
"published": "2026-06-16T15:33:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12295"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-61"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-60"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-59"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-58"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-57"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12295.json"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489226"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2040160"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-12295"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:39706"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:39428"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:39142"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:39141"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:39011"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:38753"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:38751"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:38750"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:38506"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:37391"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:37210"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36103"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36102"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36101"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36100"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:33445"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:30846"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:29940"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:27734"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:27733"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:27717"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PFV4-WMPH-5GC6
Vulnerability from github – Published: 2026-02-09 09:30 – Updated: 2026-02-12 03:09Impact
Critical Sandbox Escape & Server Takeover:
A critical security vulnerability exists in mcp-run-python due to a lack of isolation between the Python runtime (Pyodide) and the host JavaScript environment.
The runPython and runPythonAsync functions execute Python code using Pyodide without restricting access to the JavaScript bridge. This allows any executed Python code—whether from a user or an AI model—to access the js module in Pyodide. Through this bridge, the Python code can modify the global JavaScript environment, interact with the Node.js process, and alter the behavior of the MCP server.
Specific Attack Vector: MCP Tool Shadowing Because the Python code can modify the JS runtime, an attacker can dynamically overwrite or "shadow" existing MCP tools registered on the server. For example, an attacker could replace a secure file-reading tool with a malicious version that exfiltrates data to an external server, all while the MCP server appears to be functioning normally.
Patches
No Patch Available:
The mcp-run-python project is currently archived and maintainers have indicated it is unlikely to receive a fix.
Recommendation: Users are strongly advised to immediately stop using this package. If functionality is required, users must migrate to a maintained alternative that implements proper sandboxing (e.g., running Python in a Docker container or a restricted WASM environment with the JS bridge disabled).
Workarounds
There are no configuration-based workarounds. Securing the environment requires modifying the source code to disable the Pyodide-to-JS bridge or moving the execution environment to a fully isolated sandbox (e.g., a separate container).
Resources
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "mcp-run-python"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.0.22"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-25905"
],
"database_specific": {
"cwe_ids": [
"CWE-653"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-12T03:09:38Z",
"nvd_published_at": "2026-02-09T09:16:34Z",
"severity": "MODERATE"
},
"details": "### Impact\n**Critical Sandbox Escape \u0026 Server Takeover:**\nA critical security vulnerability exists in `mcp-run-python` due to a lack of isolation between the Python runtime (Pyodide) and the host JavaScript environment.\n\nThe `runPython` and `runPythonAsync` functions execute Python code using Pyodide without restricting access to the JavaScript bridge. This allows any executed Python code\u2014whether from a user or an AI model\u2014to access the `js` module in Pyodide. Through this bridge, the Python code can modify the global JavaScript environment, interact with the Node.js process, and alter the behavior of the MCP server.\n\n**Specific Attack Vector: MCP Tool Shadowing**\nBecause the Python code can modify the JS runtime, an attacker can dynamically overwrite or \"shadow\" existing MCP tools registered on the server. For example, an attacker could replace a secure file-reading tool with a malicious version that exfiltrates data to an external server, all while the MCP server appears to be functioning normally.\n\n### Patches\n**No Patch Available:**\nThe `mcp-run-python` project is currently **archived** and maintainers have indicated it is unlikely to receive a fix.\n\n**Recommendation:**\nUsers are strongly advised to **immediately stop using** this package.\nIf functionality is required, users must migrate to a maintained alternative that implements proper sandboxing (e.g., running Python in a Docker container or a restricted WASM environment with the JS bridge disabled).\n\n### Workarounds\nThere are no configuration-based workarounds. Securing the environment requires modifying the source code to disable the Pyodide-to-JS bridge or moving the execution environment to a fully isolated sandbox (e.g., a separate container).\n\n### Resources\n* [CVE-2026-25905](https://nvd.nist.gov/vuln/detail/CVE-2026-25905)\n* [JFrog Security Analysis: MCP Takeover](https://research.jfrog.com/vulnerabilities/mcp-run-python-lack-of-isolation-mcp-takeover-jfsa-2026-001653030)",
"id": "GHSA-pfv4-wmph-5gc6",
"modified": "2026-02-12T03:09:38Z",
"published": "2026-02-09T09:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25905"
},
{
"type": "PACKAGE",
"url": "https://github.com/pydantic/mcp-run-python"
},
{
"type": "WEB",
"url": "https://research.jfrog.com/vulnerabilities/mcp-run-python-lack-of-isolation-mcp-takeover-jfsa-2026-001653030"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "MCP Run Python has a Sandbox Escape \u0026 Server Takeover Vulnerability"
}
GHSA-PQ55-R4G8-R76Q
Vulnerability from github – Published: 2024-11-09 00:30 – Updated: 2025-03-24 18:30vmir e8117 was discovered to contain a segmentation violation via the function_prepare_parse function at /src/vmir_function.c.
{
"affected": [],
"aliases": [
"CVE-2024-35425"
],
"database_specific": {
"cwe_ids": [
"CWE-653",
"CWE-754"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-08T22:15:16Z",
"severity": "MODERATE"
},
"details": "vmir e8117 was discovered to contain a segmentation violation via the function_prepare_parse function at /src/vmir_function.c.",
"id": "GHSA-pq55-r4g8-r76q",
"modified": "2025-03-24T18:30:44Z",
"published": "2024-11-09T00:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35425"
},
{
"type": "WEB",
"url": "https://github.com/andoma/vmir/issues/19"
},
{
"type": "WEB",
"url": "https://gist.github.com/haruki3hhh/c64ff6431c71be1b08e15d4ff480ce6b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PQFH-XH7W-7H3P
Vulnerability from github – Published: 2024-09-03 20:13 – Updated: 2024-09-03 21:45Impact
The Bare Metal Operator (BMO) implements a Kubernetes API for managing bare metal hosts in Metal3. The BareMetalHost (BMH) CRD allows the userData, metaData, and networkData for the provisioned host to be specified as links to Kubernetes Secrets. There are fields for both the Name and Namespace of the Secret, meaning that the baremetal-operator will read a Secret from any namespace. A user with access to create or edit a BareMetalHost can thus exfiltrate a Secret from another namespace by using it as e.g. the userData for provisioning some host (note that this need not be a real host, it could be a VM somewhere).
Limiting factors
BMO will only read a key with the name value (or userData, metaData, or networkData), so that limits the exposure somewhat. value is probably a pretty common key though. Secrets used by other BareMetalHosts in different namespaces are always vulnerable.
It is probably relatively unusual for anyone other than cluster administrators to have RBAC access to create/edit a BareMetalHost. This vulnerability is only meaningful, if the cluster has users other than administrators and users' privileges are limited to their respective namespaces.
Patches
The patch prevents BMO from accepting links to Secrets from other namespaces as BMH input. Any BMH configuration is only read from the same namespace only.
The problem is patched in BMO releases v0.8.0, v0.6.2 and v0.5.2 and users should upgrade to those versions. Prior upgrading and if needed, duplicate the BMC Secrets to the namespace where the corresponding BMH is. After upgrade, remove the old Secrets.
Workarounds
Operator can configure BMO RBAC to be namespace scoped for Secrets, instead of cluster scoped, to prevent BMO from accessing Secrets from other namespaces.
References
- https://nvd.nist.gov/vuln/detail/CVE-2024-43803
- https://github.com/metal3-io/baremetal-operator/pull/1929
- https://github.com/metal3-io/baremetal-operator/pull/1930
- https://github.com/metal3-io/baremetal-operator/pull/1931
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/metal3-io/baremetal-operator"
},
"ranges": [
{
"events": [
{
"introduced": "0.7.0-rc.0"
},
{
"fixed": "0.8.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/metal3-io/baremetal-operator"
},
"ranges": [
{
"events": [
{
"introduced": "0.6.0"
},
{
"fixed": "0.6.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/metal3-io/baremetal-operator"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.5.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-43803"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-653"
],
"github_reviewed": true,
"github_reviewed_at": "2024-09-03T20:13:25Z",
"nvd_published_at": "2024-09-03T19:15:14Z",
"severity": "MODERATE"
},
"details": "### Impact\nThe Bare Metal Operator (BMO) implements a Kubernetes API for managing bare metal hosts in Metal3. The `BareMetalHost` (BMH) CRD allows the `userData`, `metaData`, and `networkData` for the provisioned host to be specified as links to Kubernetes Secrets. There are fields for both the `Name` and `Namespace` of the Secret, meaning that the baremetal-operator will read a `Secret` from any namespace. A user with access to create or edit a `BareMetalHost` can thus exfiltrate a `Secret` from another namespace by using it as e.g. the `userData` for provisioning some host (note that this need not be a real host, it could be a VM somewhere).\n\n### Limiting factors\nBMO will only read a key with the name `value` (or `userData`, `metaData`, or `networkData`), so that limits the exposure somewhat. `value` is probably a pretty common key though. Secrets used by _other_ `BareMetalHost`s in different namespaces are always vulnerable.\n\nIt is probably relatively unusual for anyone other than cluster administrators to have RBAC access to create/edit a `BareMetalHost`. This vulnerability is only meaningful, if the cluster has users other than administrators and users\u0027 privileges are limited to their respective namespaces.\n\n### Patches\nThe patch prevents BMO from accepting links to Secrets from other namespaces as BMH input. Any BMH configuration is only read from the same namespace only.\n\nThe problem is patched in BMO releases v0.8.0, v0.6.2 and v0.5.2 and users should upgrade to those versions. Prior upgrading and if needed, duplicate the BMC Secrets to the namespace where the corresponding BMH is. After upgrade, remove the old Secrets.\n\n### Workarounds\nOperator can configure BMO RBAC to be namespace scoped for Secrets, instead of cluster scoped, to prevent BMO from accessing Secrets from other namespaces.\n\n### References\n- https://nvd.nist.gov/vuln/detail/CVE-2024-43803\n- https://github.com/metal3-io/baremetal-operator/pull/1929\n- https://github.com/metal3-io/baremetal-operator/pull/1930\n- https://github.com/metal3-io/baremetal-operator/pull/1931",
"id": "GHSA-pqfh-xh7w-7h3p",
"modified": "2024-09-03T21:45:28Z",
"published": "2024-09-03T20:13:25Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/metal3-io/baremetal-operator/security/advisories/GHSA-pqfh-xh7w-7h3p"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43803"
},
{
"type": "WEB",
"url": "https://github.com/metal3-io/baremetal-operator/pull/1929"
},
{
"type": "WEB",
"url": "https://github.com/metal3-io/baremetal-operator/pull/1930"
},
{
"type": "WEB",
"url": "https://github.com/metal3-io/baremetal-operator/pull/1931"
},
{
"type": "WEB",
"url": "https://github.com/metal3-io/baremetal-operator/commit/3af4882e9c5fadc1a7550f53daea21dccd271f74"
},
{
"type": "WEB",
"url": "https://github.com/metal3-io/baremetal-operator/commit/bedae7b997d16f36e772806681569bb8eb4dadbb"
},
{
"type": "WEB",
"url": "https://github.com/metal3-io/baremetal-operator/commit/c2b5a557641bc273367635124047d6c958aa15f7"
},
{
"type": "PACKAGE",
"url": "https://github.com/metal3-io/baremetal-operator"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "The Bare Metal Operator (BMO) can expose particularly named secrets from other namespaces via BMH CRD"
}
GHSA-Q7X4-X9MC-MW9F
Vulnerability from github – Published: 2025-01-23 03:30 – Updated: 2025-01-23 15:31lunasvg v3.0.0 was discovered to contain a segmentation violation via the component plutovg_path_add_path.
{
"affected": [],
"aliases": [
"CVE-2024-57721"
],
"database_specific": {
"cwe_ids": [
"CWE-653"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-23T01:15:26Z",
"severity": "MODERATE"
},
"details": "lunasvg v3.0.0 was discovered to contain a segmentation violation via the component plutovg_path_add_path.",
"id": "GHSA-q7x4-x9mc-mw9f",
"modified": "2025-01-23T15:31:05Z",
"published": "2025-01-23T03:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57721"
},
{
"type": "WEB",
"url": "https://github.com/sammycage/lunasvg/issues/209"
},
{
"type": "WEB",
"url": "https://github.com/keepinggg/poc/blob/main/poc_of_lunasvg_3.1.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RH6F-6762-MX44
Vulnerability from github – Published: 2024-05-01 03:30 – Updated: 2024-07-03 18:37lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_solid_source_over.
{
"affected": [],
"aliases": [
"CVE-2024-33768"
],
"database_specific": {
"cwe_ids": [
"CWE-653"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-01T03:15:07Z",
"severity": "CRITICAL"
},
"details": "lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_solid_source_over.",
"id": "GHSA-rh6f-6762-mx44",
"modified": "2024-07-03T18:37:57Z",
"published": "2024-05-01T03:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33768"
},
{
"type": "WEB",
"url": "https://github.com/keepinggg/poc/tree/main/poc_of_lunasvg"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RHC9-477G-9P44
Vulnerability from github – Published: 2025-11-11 21:30 – Updated: 2025-11-19 18:31When using the Grafana Databricks Datasource Plugin, if Oauth passthrough is enabled on the datasource, and multiple users are using the same datasource at the same time on a single Grafana instance, it could result in
the wrong user identifier being used, and information for which the viewer is not authorized being returned.
This issue affects Grafana Databricks Datasource Plugin: from 1.12.1 before 1.12.0
{
"affected": [],
"aliases": [
"CVE-2025-41116"
],
"database_specific": {
"cwe_ids": [
"CWE-653"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-11T21:15:38Z",
"severity": "LOW"
},
"details": "When using the Grafana Databricks Datasource Plugin,\nif Oauth passthrough is enabled on the datasource, and multiple users are using the same datasource at the same time on a single Grafana instance, it\u00a0 could result in\u00a0\n\nthe wrong user identifier being used, and information for which the viewer is not authorized being returned.\u00a0\n\nThis issue affects Grafana Databricks Datasource Plugin: from 1.12.1 before 1.12.0",
"id": "GHSA-rhc9-477g-9p44",
"modified": "2025-11-19T18:31:18Z",
"published": "2025-11-11T21:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41116"
},
{
"type": "WEB",
"url": "https://grafana.com/security/security-advisories/cve-2025-41116"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-RR5W-74H2-XQHC
Vulnerability from github – Published: 2026-05-12 15:31 – Updated: 2026-06-30 03:36Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3.
{
"affected": [],
"aliases": [
"CVE-2026-8401"
],
"database_specific": {
"cwe_ids": [
"CWE-653",
"CWE-693"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-12T15:16:20Z",
"severity": "CRITICAL"
},
"details": "Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3.",
"id": "GHSA-rr5w-74h2-xqhc",
"modified": "2026-06-30T03:36:39Z",
"published": "2026-05-12T15:31:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8401"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-51"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-48"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-47"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-45"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-8401.json"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476492"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2038679"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-8401"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:27715"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26630"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26629"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26606"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26551"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26539"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26536"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26521"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26493"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26492"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26491"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26270"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26269"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26268"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26174"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22643"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22325"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:21382"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:21381"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:21380"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:21378"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Break up privileges between different modules, objects, or entities. Minimize the interfaces between modules and require strong access control between them.
No CAPEC attack patterns related to this CWE.