CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

140 matches found

OSV•added 2026/05/18 1:47 p.m.•4 views

CLEANSTART-2026-OH47925 Security fixes for CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33186, CVE-2026-33810 applied in versions: 4.13.0-r0, 4.13.0-r1, 4.13.0-r2

Multiple security vulnerabilities affect the kubernetes-csi-driver-nfs-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS6.9AI score0.00044EPSS

Exploits2References27

OSV•added 2026/05/18 1:32 p.m.•4 views

CLEANSTART-2026-LA07853 Security fixes for CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-29181, CVE-2026-33186, ghsa-mh2q-q3fh-2475 applied in versions: 4.13.0-r0, 4.13.0-r1, 4.13.2-r0

Multiple security vulnerabilities affect the kubernetes-csi-driver-nfs-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS6.8AI score0.00077EPSS

Exploits3References14

Wolfi•added 2026/05/09 2:21 a.m.•12 views

CVE-2026-33814 vulnerabilities

Vulnerabilities for packages: k8sgpt-operator, external-secrets-operator, step-issuer, sops, tfsec, volume-modifier-for-k8s, mongo-tools, kubelet-csr-approver, mountpoint-s3-csi-driver, step-ca, tkn, knative-operator, wal-g, fulcio, grafana-pyroscope, rabbitmq-cluster-operator, kapp-controller,...

7.5CVSS5.4AI score0.00018EPSS

Exploits0

EUVD•added 2026/04/18 1:7 a.m.•3 views

EUVD-2026-23500

Amazon EFS CSI Driver has mount option injection via unsanitized volumeHandle and mounttargetip fields...

6.9CVSS5.7AI score0.00018EPSS

Exploits0References5

CVE•added 2026/04/17 6:41 p.m.•4 views

CVE-2026-6437

CVE-2026-6437 concerns the AWS EFS CSI Driver (aws-efs-csi-driver) prior to v3.0.1. The flaw is improper neutralization of argument delimiters in the volume handling component, which allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via...

6.9CVSS5.9AI score0.00018EPSS

Exploits0References3Affected Software1

CNNVD•added 2026/04/17 12:0 a.m.•5 views

Amazon EFS CSI Driver 安全漏洞

The Amazon EFS CSI Driver is an open-source component developed by the Kubernetes SIGs, used for mounting AWS File Storage in Kubernetes clusters. Previous versions of the Amazon EFS CSI Driver, such as 3.0.1, contained security vulnerabilities. These vulnerabilities stemmed from improper paramet...

6.9CVSS5.9AI score0.00018EPSS

Exploits0References1

Wolfi•added 2026/04/11 2:51 a.m.•6 views

GHSA-FV83-X2XW-2J55 vulnerabilities

Vulnerabilities for packages: polaris, karpenter, clickhouse-operator, stakater-reloader, gh, flux-helm-controller, flux-image-automation-controller, external-secrets-operator, dbmate, omnibump, actions-runner-controller, rabbitmq-messaging-topology-operator, spire-server, supercronic,...

5.4AI score

Exploits0

Wolfi•added 2026/04/11 2:51 a.m.•6 views

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: k8sgpt-operator, pulumi, trivy-operator, external-secrets-operator, step-issuer, kube-logging-operator-custom-runner, nsc, kubescape-operator, volume-modifier-for-k8s, mailpit, mongo-tools, mountpoint-s3-csi-driver, step-ca, tkn, knative-operator, wal-g,...

7.5CVSS7.1AI score0.00022EPSS

Exploits0

Wolfi•added 2026/04/11 2:51 a.m.•5 views

GHSA-7MR4-XJXG-34G6 vulnerabilities

Vulnerabilities for packages: karpenter, k8sgpt-operator, witness, xeol, trivy-operator, step, prometheus-operator, external-secrets-operator, snyk-cli, dbmate, step-issuer, juicefs-csi-driver, kubescape-operator, oauth2-proxy, certificate-transparency, docker-cli, volume-modifier-for-k8s, grafan...

5.4AI score

Exploits0

Chainguard•added 2026/04/11 2:18 a.m.•5 views

CVE-2026-32289 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-cognitoidentity, apache-beam-python-3.12-sdk, knative-net-istio-fips, apache-exporter, tetragon-fips, prometheus-postgres-exporter, secrets-store-csi-driver, vexctl, bank-vaults-fips, request-1279-14, neuvector-scanner, crossplane-fips,...

6.1CVSS7.1AI score0.00011EPSS

Exploits0

Chainguard•added 2026/04/11 2:18 a.m.•7 views

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-cognitoidentity, knative-net-istio-fips, apache-exporter, flux-source-watcher-fips, tetragon-fips, prometheus-postgres-exporter, gpu-operator, secrets-store-csi-driver, esbuild-fips, malcontent, thanos-operator-fips, vexctl, bank-vaults-fips,...

7.5CVSS7.1AI score0.00019EPSS

Exploits0

OSV•added 2026/04/01 9:45 a.m.•0 views

CLEANSTART-2026-PK48502 Security fixes for CVE-2025-47911, CVE-2025-58190, CVE-2025-68121 applied in versions: 2.3.0-r0

Multiple security vulnerabilities affect the mountpoint-s3-csi-driver package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS6.8AI score0.00018EPSS

Exploits2References7

Vulnrichment•added 2026/03/20 10:21 p.m.•2 views

CVE-2026-3864 CSI Driver for NFS path traversal via subDir may delete unintended directories on the NFS server

A vulnerability was discovered in the Kubernetes CSI Driver for NFS where the subDir parameter in volume identifiers was insufficiently validated. Attackers with the ability to create PersistentVolumes referencing the NFS CSI driver could craft volume identifiers containing path traversal sequenc...

6.5CVSS5.8AI score0.00113EPSS

Exploits0References2

Positive Technologies•added 2026/03/17 12:0 a.m.•2 views

PT-2026-25942

Name of the Vulnerable Software and Affected Versions Kubernetes CSI Driver for NFS affected versions not specified Description A flaw exists in the Kubernetes CSI Driver for NFS related to insufficient validation of the subDir parameter within volume identifiers. An attacker capable of creating...

6.5CVSS6AI score0.00113EPSS

Exploits0References13

Wolfi•added 2026/03/10 1:48 p.m.•4 views

CVE-2026-27142 vulnerabilities

Vulnerabilities for packages: tempo, thanos, crossplane-provider-aws-ec2, kubernetes-csi-external-provisioner, pulumi, step, prometheus-operator, external-secrets-operator, snyk-cli, step-issuer, sops, crossplane-provider-aws-firehose, kubo, rook, tfsec, oauth2-proxy, aws-load-balancer-controller...

6.1CVSS7.5AI score0.00013EPSS

Exploits0

Wolfi•added 2026/03/10 1:48 p.m.•4 views

GHSA-RV83-G57W-FR8J vulnerabilities

Vulnerabilities for packages: pulumi, external-secrets-operator, step-issuer, sops, kube-logging-operator-custom-runner, nsc, tfsec, volume-modifier-for-k8s, mongo-tools, rootlesskit, kubelet-csr-approver, mountpoint-s3-csi-driver, step-ca, tkn, knative-operator, wal-g, wazero, grafana-pyroscope,...

5.4AI score

Exploits0

Chainguard•added 2026/03/10 1:17 p.m.•4 views

CVE-2026-25679 vulnerabilities

Vulnerabilities for packages: metallb-fips, thanos, crossplane-provider-aws-cognitoidentity, knative-net-istio-fips, apache-exporter, terraform-provider-grafana-fips, tetragon-fips, prometheus-postgres-exporter, amazon-k8s-cni, secrets-store-csi-driver, esbuild-fips, thanos-operator-fips,...

7.5CVSS7.6AI score0.00044EPSS

Exploits0

Chainguard•added 2026/03/10 1:17 p.m.•3 views

GHSA-J4J7-VW47-RHFQ vulnerabilities

Vulnerabilities for packages: thanos, crossplane-provider-aws-cognitoidentity, knative-net-istio-fips, apache-exporter, terraform-provider-grafana-fips, tetragon-fips, prometheus-postgres-exporter, secrets-store-csi-driver, bank-vaults-fips, request-1279-14, crossplane-fips, opentofu,...

5.4AI score

Exploits0

Chainguard•added 2026/03/10 1:17 p.m.•3 views

GHSA-J3GX-2473-5FP8 vulnerabilities

5.4AI score

Exploits0

Wolfi•added 2026/02/10 1:48 p.m.•20 views

CVE-2025-68121 vulnerabilities

Vulnerabilities for packages: gitlab-kas, mailpit, ctop, nats-top, hydra, kubernetes-dashboard-metrics-scraper, cert-exporter, mods, db-operator, promxy, nri-mysql, openbao, spark-operator, custom-pod-autoscaler-operator, x509-certificate-exporter, docker-machine-driver-harvester,...

10CVSS6.8AI score0.00018EPSS

Exploits1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by