Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

45 matches found

SUSE CVE
SUSE CVEadded 2026/03/25 11:52 a.m.1 views

SUSE CVE-2026-22728

Bitnami Sealed Secrets is vulnerable to a scope-widening attack during the secret rotation /v1/rotate flow. The rotation handler derives the sealing scope for the newly encrypted output from untrusted spec.template.metadata.annotations present in the input SealedSecret. By submitting a victim...

4.9CVSS5.9AI score0.00057EPSS
Exploits0References3
OSV
OSVadded 2026/03/10 6:28 p.m.2 views

GO-2026-4565 Sealed Secrets for Kubernetes: Rotate API Allows Scope Widening from Strict/Namespace-Wide to Cluster-Wide via Untrusted Template Annotations in github.com/bitnami-labs/sealed-secrets

Sealed Secrets for Kubernetes: Rotate API Allows Scope Widening from Strict/Namespace-Wide to Cluster-Wide via Untrusted Template Annotations in github.com/bitnami-labs/sealed-secrets...

4.9CVSS5.8AI score0.00057EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2026/02/27 4:13 a.m.2 views

CVE-2026-22728

Bitnami Sealed Secrets is vulnerable to a scope-widening attack during the secret rotation /v1/rotate flow. The rotation handler derives the sealing scope for the newly encrypted output from untrusted spec.template.metadata.annotations present in the input SealedSecret. By submitting a victim...

4.9CVSS5.5AI score0.00057EPSS
Exploits0References1
EUVD
EUVDadded 2026/02/26 10:49 p.m.2 views

EUVD-2026-8795

Sealed Secrets for Kubernetes: Rotate API Allows Scope Widening from Strict/Namespace-Wide to Cluster-Wide via Untrusted Template Annotations...

4.9CVSS5.3AI score0.00057EPSS
Exploits0References4
NVD
NVDadded 2026/02/26 2:16 a.m.3 views

CVE-2026-22728

Bitnami Sealed Secrets is vulnerable to a scope-widening attack during the secret rotation /v1/rotate flow. The rotation handler derives the sealing scope for the newly encrypted output from untrusted spec.template.metadata.annotations present in the input SealedSecret. By submitting a victim...

4.9CVSS0.00057EPSS
Exploits0References1
CVE
CVEadded 2026/02/26 12:50 a.m.11 views

CVE-2026-22728

CVE-2026-22728 concerns Bitnami Sealed Secrets during the secret rotation flow (/v1/rotate). The rotation process derives the new sealing scope from input SealedSecret metadata, and untrusted annotations in the template can widen the scope to cluster-wide (sealedsecrets.bitnami.com/cluster-wide=t...

4.9CVSS5.5AI score0.00057EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/02/26 12:50 a.m.4 views

CVE-2026-22728

Bitnami Sealed Secrets is vulnerable to a scope-widening attack during the secret rotation /v1/rotate flow. The rotation handler derives the sealing scope for the newly encrypted output from untrusted spec.template.metadata.annotations present in the input SealedSecret. By submitting a victim...

4.9CVSS5.5AI score0.00057EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologiesadded 2026/02/26 12:0 a.m.3 views

PT-2026-22072

Name of the Vulnerable Software and Affected Versions Bitnami Sealed Secrets affected versions not specified Description Bitnami Sealed Secrets is susceptible to a scope-widening attack during the secret rotation process via the /v1/rotate API endpoint. The rotation handler uses untrusted data fr...

9.9CVSS6.9AI score0.07313EPSS
Exploits68References140
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2025-22486

Malicious code in bioql PyPI...

10CVSS6.4AI score0.01323EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2021-9150

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00132EPSS
Exploits1References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2025-14374

Malicious code in bioql PyPI...

9.4CVSS6.3AI score0.00269EPSS
Exploits0References1
OSV
OSVadded 2025/08/14 6:52 p.m.1 views

MAL-2025-15763 Malicious code in bitnami-helpers (npm)

The package bitnami-helpers was found to contain malicious code...

7.2AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/08/14 6:52 p.m.2 views

Malicious code in bitnami-helpers (npm)

The package bitnami-helpers was found to contain malicious code...

7AI score
Exploits0
Positive Technologies
Positive Technologiesadded 2025/07/31 12:0 a.m.1 views

PT-2025-31491 · Bitnami · Golang

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...

7.8AI score0.00022EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2025/07/26 7:26 a.m.6 views

CVE-2025-41240

Three Bitnami Helm charts mount Kubernetes Secrets under a predictable path /opt/bitnami//secrets that is located within the web server document root. In affected versions, this can lead to unauthenticated access to sensitive credentials via HTTP/S. A remote attacker could retrieve these secrets ...

10CVSS7.3AI score0.01323EPSS
Exploits0References1
OSV
OSVadded 2025/07/24 7:15 a.m.1 views

CVE-2025-41240

Three Bitnami Helm charts mount Kubernetes Secrets under a predictable path /opt/bitnami//secrets that is located within the web server document root. In affected versions, this can lead to unauthenticated access to sensitive credentials via HTTP/S. A remote attacker could retrieve these secrets ...

10CVSS5.9AI score
Exploits0References1
NVD
NVDadded 2025/07/24 7:15 a.m.2 views

CVE-2025-41240

Three Bitnami Helm charts mount Kubernetes Secrets under a predictable path /opt/bitnami//secrets that is located within the web server document root. In affected versions, this can lead to unauthenticated access to sensitive credentials via HTTP/S. A remote attacker could retrieve these secrets ...

10CVSS0.01323EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/07/24 6:42 a.m.8 views

CVE-2025-41240 Mounted Kubernetes Secrets under a predictable path located within the web server document root

Three Bitnami Helm charts mount Kubernetes Secrets under a predictable path /opt/bitnami//secrets that is located within the web server document root. In affected versions, this can lead to unauthenticated access to sensitive credentials via HTTP/S. A remote attacker could retrieve these secrets ...

10CVSS0.01323EPSS
Exploits0References1
CVE
CVEadded 2025/07/24 6:42 a.m.24 views

CVE-2025-41240

CVE-2025-41240 involves Bitnami Helm charts mounting Kubernetes Secrets under a predictable path (/opt/bitnami/*/secrets) inside the web server document root. Affected deployments using the default usePasswordFiles=true may expose secrets via HTTP/S when the application is externally accessible, ...

10CVSS6.3AI score0.01323EPSS
Exploits0References1
OSV
OSVadded 2025/07/23 2:0 p.m.29 views

BIT-WORDPRESS-2025-41240

The Bitnami WordPress Helm chart mounts Kubernetes Secrets under a predictable path /opt/bitnami/wordpress/secrets that is located within the web server document root. In affected versions, this can lead to unauthenticated access to sensitive credentials via HTTP/S. A remote attacker could retrie...

10CVSS6.5AI score0.01323EPSS
Exploits0References1
Rows per page
Query Builder