Lucene search
K

1229 matches found

Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.13 views

PT-2026-34844

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, AnythingLLM's in-chat markdown renderer has an unsafe custom rule for images that interpolates the markdown image's alt text into an HTML alt="..."...

5.4CVSS5.7AI score0.00195EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.11 views

AnythingLLM 跨站脚本漏洞

AnythingLLM is an integrated AI application developed by Mintplex. Versions of AnythingLLM prior to 1.12.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the markdown renderer in the chart component not encoding the alt text as HTML, which could lead to storage-ty...

5.4CVSS5.6AI score0.00195EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.5 views

SUSE SLES15 Security Update : helm (SUSE-SU-2026:1483-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1483-1 advisory. - CVE-2025-55199: crafted JSON Schema can lead to out of memory OOM termination bsc1248093. - CVE-2026-35206: files written to...

6.5CVSS7.2AI score0.00311EPSS
Exploits0References7
NVD
NVD
added 2026/04/13 7:16 p.m.5 views

CVE-2026-29955

The /registercrd endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses subprocess.Popen with shell=True parameter to execute shell commands, and the user-supplied chartName parameter is directly concatenated into the command string...

8.8CVSS0.02183EPSS
Exploits1References2
OSV
OSV
added 2026/04/13 5:40 a.m.2 views

BIT-HELM-2026-35206 Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment

Helm is a package manager for Charts for Kubernetes. In Helm versions =3.20.1 and =4.1.3, a specially crafted Chart will cause helm pull --untar chart URL | repo/chartname to write the Chart's contents to the immediate output directory as defaulted to the current working directory; or as given by...

4.8CVSS5.8AI score0.00199EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/13 12:0 a.m.18 views

CVE-2026-29955

The /registercrd endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses subprocess.Popen with shell=True parameter to execute shell commands, and the user-supplied chartName parameter is directly concatenated into the command string...

0.02183EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/13 12:0 a.m.5 views

CVE-2026-29955

The /registercrd endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses subprocess.Popen with shell=True parameter to execute shell commands, and the user-supplied chartName parameter is directly concatenated into the command string...

6.1AI score0.02183EPSS
Exploits1References2
CVE
CVE
added 2026/04/13 12:0 a.m.13 views

CVE-2026-29955

CVE-2026-29955 affects KubePlus 4.14 (kubeconfiggenerator) /registercrd. The root cause is command injection via an unsanitized chartName that is directly concatenated into a shell command executed with subprocess.Popen(shell=True). This can allow arbitrary shell commands to be executed if a mali...

8.8CVSS6.1AI score0.02183EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/13 12:0 a.m.3 views

CVE-2026-29955

The /registercrd endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses subprocess.Popen with shell=True parameter to execute shell commands, and the user-supplied chartName parameter is directly concatenated into the command string...

6.1AI score0.02183EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.8 views

KubePlus 安全漏洞

KubePlus is an open-source Kubernetes multi-tenant application management platform developed by cloud-ark. Version 4.14 of KubePlus contains a security vulnerability. This vulnerability stems from the /registercrd endpoint in the kubeconfiggenerator component, which fails to clean up or validate...

8.8CVSS5.8AI score0.02183EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.4 views

PT-2026-32490

Name of the Vulnerable Software and Affected Versions KubePlus version 4.14 Description The '/registercrd' endpoint in the kubeconfiggenerator component is susceptible to command injection. The issue occurs because the component utilizes the subprocess.Popen function with the shell=True parameter...

8.8CVSS6AI score0.02183EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2026/04/12 11:24 p.m.4 views

SUSE CVE-2026-35206

Helm is a package manager for Charts for Kubernetes. In Helm versions =3.20.1 and =4.1.3, a specially crafted Chart will cause helm pull --untar chart URL | repo/chartname to write the Chart's contents to the immediate output directory as defaulted to the current working directory; or as given by...

4.4CVSS5.8AI score0.00199EPSS
Exploits0References8
Microsoft CVE
Microsoft CVE
added 2026/04/12 8:1 a.m.9 views

Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment

...

4.8CVSS5.2AI score0.00199EPSS
Exploits0
Wolfi
Wolfi
added 2026/04/11 2:41 p.m.7 views

GHSA-HR2V-4R36-88HR vulnerabilities

Vulnerabilities for packages: chart-testing, kube-arangodb, helm-set-status, k8ssandra-client, helm-operator, kuma, rancher-fleet, consul-k8s, flux, headlamp, tigera-operator, istio, cilium-cli, flux-source-controller, k9s, kubescape, linkerd2, envoy-gateway, eksctl, zarf, tw, cerbos, kots, harbo...

5.9AI score
Exploits0
Wolfi
Wolfi
added 2026/04/11 2:41 p.m.7 views

CVE-2026-35206 vulnerabilities

Vulnerabilities for packages: chart-testing, kube-arangodb, helm-set-status, k8ssandra-client, helm-operator, kuma, rancher-fleet, consul-k8s, flux, headlamp, tigera-operator, istio, cilium-cli, flux-source-controller, k9s, kubescape, linkerd2, envoy-gateway, eksctl, zarf, tw, cerbos, kots, harbo...

4.8CVSS6.1AI score0.00199EPSS
Exploits0
Chainguard
Chainguard
added 2026/04/11 2:17 p.m.5 views

GHSA-HR2V-4R36-88HR vulnerabilities

Vulnerabilities for packages: kubescape-server, helm-operator-fips, nova, trivy-operator, gitlab-operator-fips, harbor, trivy-operator-fips, cloudbeat-fips, envoy-gateway-fips, kubescape, harbor-fips, helm-exporter-fips, helm-operator, pluto-fips, flux-source-controller, gitlab-operator,...

5.9AI score
Exploits0
EUVD
EUVD
added 2026/04/10 7:17 p.m.4 views

EUVD-2026-21553

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.9.0, a cross-tenant authorization bypass exists in Chartbrew in GET /team/:teamid/template/generate/:projectid. The GET handler calls checkAccessreq,...

7.7CVSS5.8AI score0.00285EPSS
Exploits1References2
OSV
OSV
added 2026/04/10 3:33 p.m.3 views

GHSA-HR2V-4R36-88HR Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment

Helm is a package manager for Charts for Kubernetes. In Helm versions /, instead of the expected //, potentially overwriting the contents of the targeted directory. Note: a chart name containing POSIX dot-dot, or dot-dot and slashes as if to refer to parent directories do not resolve beyond the...

4.8CVSS5.7AI score0.00199EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/10 3:33 p.m.11 views

Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment

Helm is a package manager for Charts for Kubernetes. In Helm versions /, instead of the expected //, potentially overwriting the contents of the targeted directory. Note: a chart name containing POSIX dot-dot, or dot-dot and slashes as if to refer to parent directories do not resolve beyond the...

4.8CVSS5.7AI score0.00199EPSS
Exploits0References5Affected Software2
RedhatCVE
RedhatCVE
added 2026/04/10 9:52 a.m.4 views

CVE-2026-35206

A flaw was found in Helm, a package manager for Kubernetes. A remote attacker could exploit this vulnerability by providing a specially crafted Chart to the helm pull --untar command. This would cause the Chart's contents to be written to an unintended directory, potentially overwriting existing...

4.8CVSS5.8AI score0.00199EPSS
Exploits0References6
Rows per page
Query Builder