GHSA-9MJ6-HXHV-W67J vulnerabilities

Vulnerabilities for packages: cluster-api-aws-controller-fips, argo-events, vault, cluster-api-aws-controller, bento, dapr-fips, splunk-otel-collector, grafana-alloy, jitsucom-bulker, sqlexporter, dapr, argo-events-fips, splunk-otel-collector-fips, opentelemetry-collector-contrib, sqlexporter-fip...

CVE-2025-63811 vulnerabilities

Vulnerabilities for packages: cluster-api-aws-controller-fips, argo-events, vault, cluster-api-aws-controller, bento, dapr-fips, splunk-otel-collector, grafana-alloy, jitsucom-bulker, sqlexporter, dapr, argo-events-fips, splunk-otel-collector-fips, opentelemetry-collector-contrib, sqlexporter-fip...

EUVD-2013-5770

Malware in sbrugna...

EUVD-2013-5040

Malware in sbrugna...

EUVD-2024-20948

Malicious code in bioql PyPI...

CVE-2025-47910 vulnerabilities

Vulnerabilities for packages: grafana-rollout-operator, kind, kor, grafana-alloy, mattermost, spire-controller-manager, terraform, k8sgateway, rclone, tekton-chains, cloud-sql-proxy, nri-f5, cni-plugins, buildkitd, gatekeeper, cerbos, nri-mysql, prometheus, rancher-security-scan, cluster-api,...

GHSA-8PJC-487G-W6P2 vulnerabilities

Vulnerabilities for packages: grafana-rollout-operator, kind, kor, grafana-alloy, mattermost, spire-controller-manager, terraform, k8sgateway, rclone, tekton-chains, cloud-sql-proxy, nri-f5, cni-plugins, buildkitd, gatekeeper, cerbos, nri-mysql, prometheus, rancher-security-scan, cluster-api,...

GHSA-8PJC-487G-W6P2 vulnerabilities

Vulnerabilities for packages: teleport, flux, gendesk, kubeflow-katib, tkn, cert-manager, caddy, kube-bench, trivy, rancher-system-agent, azure-service-operator, rancher, rancher-security-scan, controller-gen, swagger, steampipe, flux-operator, kubernetes-dashboard-auth, apm-server, bom, kor,...

GHSA-GWRF-JF3H-W649 vulnerabilities

Vulnerabilities for packages: terraform-provider-sendgrid-fips, yace-fips, nemo, karpenter, kube-vip-cloud-provider, secrets-store-csi-driver-fips, grafana-operator, kserve-rest-proxy, lvm-driver, custom-pod-autoscaler-operator, configmap-reload-fips, php-fpmexporter, rancher-machine,...

GHSA-J5PM-7495-QMR3 vulnerabilities

Vulnerabilities for packages: spicedb, helm-operator-fips, kube-bench, trivy, gitlab-kas, kepler, rancher-security-scan, containerd-fips, postgres-operator-fips, aws-application-networking-k8s-fips, amazon-ssm-agent-fips, amazon-cloudwatch-agent, kyverno-policy-reporter-fips,...

CVE-2025-26521

When an Apache CloudStack user-account creates a CKS-based Kubernetes cluster in a project, the API key and the secret key of the 'kubeadmin' user of the caller account are used to create the secret config in the CKS-based Kubernetes cluster. A member of the project who can access the CKS-based...

CVE-2013-5936

The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 allows remote attackers to obtain sensitive information about 1 runtime activity, 2 network configuration, 3 user sessions, 4 the memcache interface, and 5 the REST interface via API calls suc...

CVE-2013-5935

The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 does not properly restrict the set of network interfaces that can receive API calls, which makes it easier for remote attackers to obtain access by sending network traffic from an unintended...

CVE-2013-5200

The 1 REST and 2 memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote attackers to obtain sensitive information or modify data via an API call...

CVE-2024-5721

Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific...

CVE-2024-23445 Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions

It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.htmlsecurity-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the fieldsecurity parameter, an...

CVE-2024-23445 Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions

It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.htmlsecurity-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the fieldsecurity parameter, an...

CVE-2024-23445

CVE-2024-23445 affects Elasticsearch remote-cluster API key security model (GA 8.14.0). The issue: a cross-cluster API key that restricts index search via query or field_security and also grants replication for the same index may not enforce search restrictions during cross-cluster search, potent...

PT-2024-37098 · Logsign · Logsign Unified Secops Platform

Name of the Vulnerable Software and Affected Versions: Logsign Unified SecOps Platform affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit...

Akamai Adds Support for Kubernetes Cluster API

...