Common Weakness Enumeration

CWE-653

Allowed

Improper Isolation or Compartmentalization

Abstraction: Class · Status: Draft

The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.

101 vulnerabilities reference this CWE, most recent first.

GHSA-MGVX-RPFC-9MPV

Vulnerability from github – Published: 2025-03-25 00:30 – Updated: 2026-02-04 21:49
VLAI
Summary
ingress-nginx admission controller RCE escalation
Details

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "k8s.io/ingress-nginx"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.11.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "k8s.io/ingress-nginx"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.12.0-beta.0"
            },
            {
              "fixed": "1.12.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-1974"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-653"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-25T15:10:14Z",
    "nvd_published_at": "2025-03-25T00:15:14Z",
    "severity": "CRITICAL"
  },
  "details": "A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)",
  "id": "GHSA-mgvx-rpfc-9mpv",
  "modified": "2026-02-04T21:49:40Z",
  "published": "2025-03-25T00:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1974"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubernetes/kubernetes/issues/131009"
    },
    {
      "type": "WEB",
      "url": "https://github.com/B1ack4sh/Blackash-CVE-2025-1974"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/kubernetes/ingress-nginx"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.11.5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.12.1"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/g/kubernetes-security-announce/c/2qa9DFtN0cQ"
    },
    {
      "type": "WEB",
      "url": "https://https://github.com/kubernetes/kubernetes/issues/131009"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20250328-0008"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/52475"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "ingress-nginx admission controller RCE escalation"
}

GHSA-P5GP-JV8C-QR96

Vulnerability from github – Published: 2025-06-23 21:31 – Updated: 2025-06-23 21:31
VLAI
Details

Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the implementation of ACL-U links. The issue results from the lack of L2CAP channel isolation. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26284.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-5476"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-653"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-21T01:15:28Z",
    "severity": "MODERATE"
  },
  "details": "Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the implementation of ACL-U links. The issue results from the lack of L2CAP channel isolation. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26284.",
  "id": "GHSA-p5gp-jv8c-qr96",
  "modified": "2025-06-23T21:31:46Z",
  "published": "2025-06-23T21:31:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5476"
    },
    {
      "type": "WEB",
      "url": "https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax8500/software/00344092"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-357"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PC23-5PPW-9J7M

Vulnerability from github – Published: 2026-06-16 15:33 – Updated: 2026-07-15 12:31
VLAI
Details

Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-12295"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-653",
      "CWE-693"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-16T13:16:29Z",
    "severity": "CRITICAL"
  },
  "details": "Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.",
  "id": "GHSA-pc23-5ppw-9j7m",
  "modified": "2026-07-15T12:31:49Z",
  "published": "2026-06-16T15:33:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12295"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2026-61"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2026-60"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2026-59"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2026-58"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2026-57"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12295.json"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489226"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2040160"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-12295"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:39706"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:39428"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:39142"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:39141"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:39011"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:38753"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:38751"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:38750"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:38506"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:37391"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:37210"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36103"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36102"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36101"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36100"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:33445"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:30846"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:29940"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:27734"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:27733"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:27717"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PFV4-WMPH-5GC6

Vulnerability from github – Published: 2026-02-09 09:30 – Updated: 2026-02-12 03:09
VLAI
Summary
MCP Run Python has a Sandbox Escape & Server Takeover Vulnerability
Details

Impact

Critical Sandbox Escape & Server Takeover: A critical security vulnerability exists in mcp-run-python due to a lack of isolation between the Python runtime (Pyodide) and the host JavaScript environment.

The runPython and runPythonAsync functions execute Python code using Pyodide without restricting access to the JavaScript bridge. This allows any executed Python code—whether from a user or an AI model—to access the js module in Pyodide. Through this bridge, the Python code can modify the global JavaScript environment, interact with the Node.js process, and alter the behavior of the MCP server.

Specific Attack Vector: MCP Tool Shadowing Because the Python code can modify the JS runtime, an attacker can dynamically overwrite or "shadow" existing MCP tools registered on the server. For example, an attacker could replace a secure file-reading tool with a malicious version that exfiltrates data to an external server, all while the MCP server appears to be functioning normally.

Patches

No Patch Available: The mcp-run-python project is currently archived and maintainers have indicated it is unlikely to receive a fix.

Recommendation: Users are strongly advised to immediately stop using this package. If functionality is required, users must migrate to a maintained alternative that implements proper sandboxing (e.g., running Python in a Docker container or a restricted WASM environment with the JS bridge disabled).

Workarounds

There are no configuration-based workarounds. Securing the environment requires modifying the source code to disable the Pyodide-to-JS bridge or moving the execution environment to a fully isolated sandbox (e.g., a separate container).

Resources

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "mcp-run-python"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.0.22"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-25905"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-653"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-12T03:09:38Z",
    "nvd_published_at": "2026-02-09T09:16:34Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n**Critical Sandbox Escape \u0026 Server Takeover:**\nA critical security vulnerability exists in `mcp-run-python` due to a lack of isolation between the Python runtime (Pyodide) and the host JavaScript environment.\n\nThe `runPython` and `runPythonAsync` functions execute Python code using Pyodide without restricting access to the JavaScript bridge. This allows any executed Python code\u2014whether from a user or an AI model\u2014to access the `js` module in Pyodide. Through this bridge, the Python code can modify the global JavaScript environment, interact with the Node.js process, and alter the behavior of the MCP server.\n\n**Specific Attack Vector: MCP Tool Shadowing**\nBecause the Python code can modify the JS runtime, an attacker can dynamically overwrite or \"shadow\" existing MCP tools registered on the server. For example, an attacker could replace a secure file-reading tool with a malicious version that exfiltrates data to an external server, all while the MCP server appears to be functioning normally.\n\n### Patches\n**No Patch Available:**\nThe `mcp-run-python` project is currently **archived** and maintainers have indicated it is unlikely to receive a fix.\n\n**Recommendation:**\nUsers are strongly advised to **immediately stop using** this package.\nIf functionality is required, users must migrate to a maintained alternative that implements proper sandboxing (e.g., running Python in a Docker container or a restricted WASM environment with the JS bridge disabled).\n\n### Workarounds\nThere are no configuration-based workarounds. Securing the environment requires modifying the source code to disable the Pyodide-to-JS bridge or moving the execution environment to a fully isolated sandbox (e.g., a separate container).\n\n### Resources\n* [CVE-2026-25905](https://nvd.nist.gov/vuln/detail/CVE-2026-25905)\n* [JFrog Security Analysis: MCP Takeover](https://research.jfrog.com/vulnerabilities/mcp-run-python-lack-of-isolation-mcp-takeover-jfsa-2026-001653030)",
  "id": "GHSA-pfv4-wmph-5gc6",
  "modified": "2026-02-12T03:09:38Z",
  "published": "2026-02-09T09:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25905"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/pydantic/mcp-run-python"
    },
    {
      "type": "WEB",
      "url": "https://research.jfrog.com/vulnerabilities/mcp-run-python-lack-of-isolation-mcp-takeover-jfsa-2026-001653030"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "MCP Run Python has a Sandbox Escape \u0026 Server Takeover Vulnerability"
}

GHSA-PQ55-R4G8-R76Q

Vulnerability from github – Published: 2024-11-09 00:30 – Updated: 2025-03-24 18:30
VLAI
Details

vmir e8117 was discovered to contain a segmentation violation via the function_prepare_parse function at /src/vmir_function.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-35425"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-653",
      "CWE-754"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-08T22:15:16Z",
    "severity": "MODERATE"
  },
  "details": "vmir e8117 was discovered to contain a segmentation violation via the function_prepare_parse function at /src/vmir_function.c.",
  "id": "GHSA-pq55-r4g8-r76q",
  "modified": "2025-03-24T18:30:44Z",
  "published": "2024-11-09T00:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35425"
    },
    {
      "type": "WEB",
      "url": "https://github.com/andoma/vmir/issues/19"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/haruki3hhh/c64ff6431c71be1b08e15d4ff480ce6b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PQFH-XH7W-7H3P

Vulnerability from github – Published: 2024-09-03 20:13 – Updated: 2024-09-03 21:45
VLAI
Summary
The Bare Metal Operator (BMO) can expose particularly named secrets from other namespaces via BMH CRD
Details

Impact

The Bare Metal Operator (BMO) implements a Kubernetes API for managing bare metal hosts in Metal3. The BareMetalHost (BMH) CRD allows the userData, metaData, and networkData for the provisioned host to be specified as links to Kubernetes Secrets. There are fields for both the Name and Namespace of the Secret, meaning that the baremetal-operator will read a Secret from any namespace. A user with access to create or edit a BareMetalHost can thus exfiltrate a Secret from another namespace by using it as e.g. the userData for provisioning some host (note that this need not be a real host, it could be a VM somewhere).

Limiting factors

BMO will only read a key with the name value (or userData, metaData, or networkData), so that limits the exposure somewhat. value is probably a pretty common key though. Secrets used by other BareMetalHosts in different namespaces are always vulnerable.

It is probably relatively unusual for anyone other than cluster administrators to have RBAC access to create/edit a BareMetalHost. This vulnerability is only meaningful, if the cluster has users other than administrators and users' privileges are limited to their respective namespaces.

Patches

The patch prevents BMO from accepting links to Secrets from other namespaces as BMH input. Any BMH configuration is only read from the same namespace only.

The problem is patched in BMO releases v0.8.0, v0.6.2 and v0.5.2 and users should upgrade to those versions. Prior upgrading and if needed, duplicate the BMC Secrets to the namespace where the corresponding BMH is. After upgrade, remove the old Secrets.

Workarounds

Operator can configure BMO RBAC to be namespace scoped for Secrets, instead of cluster scoped, to prevent BMO from accessing Secrets from other namespaces.

References

  • https://nvd.nist.gov/vuln/detail/CVE-2024-43803
  • https://github.com/metal3-io/baremetal-operator/pull/1929
  • https://github.com/metal3-io/baremetal-operator/pull/1930
  • https://github.com/metal3-io/baremetal-operator/pull/1931
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/metal3-io/baremetal-operator"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.7.0-rc.0"
            },
            {
              "fixed": "0.8.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/metal3-io/baremetal-operator"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.6.0"
            },
            {
              "fixed": "0.6.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/metal3-io/baremetal-operator"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.5.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-43803"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-653"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-09-03T20:13:25Z",
    "nvd_published_at": "2024-09-03T19:15:14Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nThe Bare Metal Operator (BMO) implements a Kubernetes API for managing bare metal hosts in Metal3. The `BareMetalHost` (BMH) CRD allows the `userData`, `metaData`, and `networkData` for the provisioned host to be specified as links to Kubernetes Secrets. There are fields for both the `Name` and `Namespace` of the Secret, meaning that the baremetal-operator will read a `Secret` from any namespace. A user with access to create or edit a `BareMetalHost` can thus exfiltrate a `Secret` from another namespace by using it as e.g. the `userData` for provisioning some host (note that this need not be a real host, it could be a VM somewhere).\n\n### Limiting factors\nBMO will only read a key with the name `value` (or `userData`, `metaData`, or `networkData`), so that limits the exposure somewhat. `value` is probably a pretty common key though. Secrets used by _other_ `BareMetalHost`s in different namespaces are always vulnerable.\n\nIt is probably relatively unusual for anyone other than cluster administrators to have RBAC access to create/edit a `BareMetalHost`. This vulnerability is only meaningful, if the cluster has users other than administrators and users\u0027 privileges are limited to their respective namespaces.\n\n### Patches\nThe patch prevents BMO from accepting links to Secrets from other namespaces as BMH input. Any BMH configuration is only read from the same namespace only.\n\nThe problem is patched in BMO releases v0.8.0, v0.6.2 and v0.5.2 and users should upgrade to those versions. Prior upgrading and if needed, duplicate the BMC Secrets to the namespace where the corresponding BMH is. After upgrade, remove the old Secrets.\n\n### Workarounds\nOperator can configure BMO RBAC to be namespace scoped for Secrets, instead of cluster scoped, to prevent BMO from accessing Secrets from other namespaces.\n\n### References\n- https://nvd.nist.gov/vuln/detail/CVE-2024-43803\n- https://github.com/metal3-io/baremetal-operator/pull/1929\n- https://github.com/metal3-io/baremetal-operator/pull/1930\n- https://github.com/metal3-io/baremetal-operator/pull/1931",
  "id": "GHSA-pqfh-xh7w-7h3p",
  "modified": "2024-09-03T21:45:28Z",
  "published": "2024-09-03T20:13:25Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/metal3-io/baremetal-operator/security/advisories/GHSA-pqfh-xh7w-7h3p"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43803"
    },
    {
      "type": "WEB",
      "url": "https://github.com/metal3-io/baremetal-operator/pull/1929"
    },
    {
      "type": "WEB",
      "url": "https://github.com/metal3-io/baremetal-operator/pull/1930"
    },
    {
      "type": "WEB",
      "url": "https://github.com/metal3-io/baremetal-operator/pull/1931"
    },
    {
      "type": "WEB",
      "url": "https://github.com/metal3-io/baremetal-operator/commit/3af4882e9c5fadc1a7550f53daea21dccd271f74"
    },
    {
      "type": "WEB",
      "url": "https://github.com/metal3-io/baremetal-operator/commit/bedae7b997d16f36e772806681569bb8eb4dadbb"
    },
    {
      "type": "WEB",
      "url": "https://github.com/metal3-io/baremetal-operator/commit/c2b5a557641bc273367635124047d6c958aa15f7"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/metal3-io/baremetal-operator"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "The Bare Metal Operator (BMO) can expose particularly named secrets from other namespaces via BMH CRD"
}

GHSA-Q7X4-X9MC-MW9F

Vulnerability from github – Published: 2025-01-23 03:30 – Updated: 2025-01-23 15:31
VLAI
Details

lunasvg v3.0.0 was discovered to contain a segmentation violation via the component plutovg_path_add_path.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-57721"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-653"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-23T01:15:26Z",
    "severity": "MODERATE"
  },
  "details": "lunasvg v3.0.0 was discovered to contain a segmentation violation via the component plutovg_path_add_path.",
  "id": "GHSA-q7x4-x9mc-mw9f",
  "modified": "2025-01-23T15:31:05Z",
  "published": "2025-01-23T03:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57721"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sammycage/lunasvg/issues/209"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keepinggg/poc/blob/main/poc_of_lunasvg_3.1.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RH6F-6762-MX44

Vulnerability from github – Published: 2024-05-01 03:30 – Updated: 2024-07-03 18:37
VLAI
Details

lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_solid_source_over.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-33768"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-653"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-01T03:15:07Z",
    "severity": "CRITICAL"
  },
  "details": "lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_solid_source_over.",
  "id": "GHSA-rh6f-6762-mx44",
  "modified": "2024-07-03T18:37:57Z",
  "published": "2024-05-01T03:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33768"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keepinggg/poc/tree/main/poc_of_lunasvg"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RHC9-477G-9P44

Vulnerability from github – Published: 2025-11-11 21:30 – Updated: 2025-11-19 18:31
VLAI
Details

When using the Grafana Databricks Datasource Plugin, if Oauth passthrough is enabled on the datasource, and multiple users are using the same datasource at the same time on a single Grafana instance, it  could result in 

the wrong user identifier being used, and information for which the viewer is not authorized being returned. 

This issue affects Grafana Databricks Datasource Plugin: from 1.12.1 before 1.12.0

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-41116"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-653"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-11T21:15:38Z",
    "severity": "LOW"
  },
  "details": "When using the Grafana Databricks Datasource Plugin,\nif Oauth passthrough is enabled on the datasource, and multiple users are using the same datasource at the same time on a single Grafana instance, it\u00a0 could result in\u00a0\n\nthe wrong user identifier being used, and information for which the viewer is not authorized being returned.\u00a0\n\nThis issue affects Grafana Databricks Datasource Plugin: from 1.12.1 before 1.12.0",
  "id": "GHSA-rhc9-477g-9p44",
  "modified": "2025-11-19T18:31:18Z",
  "published": "2025-11-11T21:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41116"
    },
    {
      "type": "WEB",
      "url": "https://grafana.com/security/security-advisories/cve-2025-41116"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-RR5W-74H2-XQHC

Vulnerability from github – Published: 2026-05-12 15:31 – Updated: 2026-06-30 03:36
VLAI
Details

Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-8401"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-653",
      "CWE-693"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-12T15:16:20Z",
    "severity": "CRITICAL"
  },
  "details": "Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3.",
  "id": "GHSA-rr5w-74h2-xqhc",
  "modified": "2026-06-30T03:36:39Z",
  "published": "2026-05-12T15:31:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8401"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2026-51"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2026-48"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2026-47"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2026-45"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-8401.json"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476492"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2038679"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-8401"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:27715"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:26630"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:26629"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:26606"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:26551"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:26539"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:26536"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:26521"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:26493"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:26492"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:26491"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:26270"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:26269"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:26268"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:26174"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:22643"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:22325"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:21382"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:21381"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:21380"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:21378"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Break up privileges between different modules, objects, or entities. Minimize the interfaces between modules and require strong access control between them.

No CAPEC attack patterns related to this CWE.