CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

30 matches found

RedHat Linux•added 2026/05/19 1:8 p.m.•10 views

Important: Red Hat Security Advisory: Assisted Installer RHEL 9 components for Multicluster Engine for Kubernetes 2.10.3

Assisted installer RHEL 9 components for the multicluster engine for Kubernetes 2.10.3 General Availability release, with updates to container images. Assisted Installer RHEL 9 integrates components for the general multicluster engine for Kubernetes 2.10.3 release that simplify the process of...

9.1CVSS6.6AI score0.00035EPSS

Exploits2References5

EUVD•added 2026/05/14 4:20 p.m.•6 views

EUVD-2026-30331

Kubetail is a real-time logging dashboard for Kubernetes. Prior to 0.14.0, Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A malicious web page visited by a user with an active Kubetail session could open a WebSocket to th...

6.5CVSS5.8AI score0.00006EPSS

Exploits0References1

OSV•added 2026/05/07 2:34 a.m.•5 views

GHSA-V8J7-HP7C-738F Kubetail has a Cross-Site WebSocket Hijacking issue that allows attacker to read Kubernetes logs from authenticated users

Summary Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A malicious web page visited by a user with an active Kubetail session could open a WebSocket to the user's dashboard and read their Kubernetes logs in real time. Thi...

6.5CVSS5.8AI score0.00006EPSS

Exploits0References3

RedhatCVE•added 2025/05/23 6:1 a.m.•3 views

CVE-2023-28432

Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including MINIOSECRETKEY and MINIOROOTPASSWORD, resulting in information disclosure. All users of...

7.5CVSS6.5AI score0.94061EPSS

Exploits13References1

Snyk•added 2025/03/19 6:30 p.m.•1 views

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions due interaction between unexpected parameter values set for ClusterDeployment.hive.openshift.io/v1 and ClusterSync.hiveinternal.openshift.io/v1alpha1 objects in the Reconcile method i...

5.3CVSS6.9AI score0.00169EPSS

Exploits0References2

OSV•added 2024/11/13 2:15 p.m.•1 views

CVE-2022-45157

A vulnerability has been identified in the way that Rancher stores vSphere's CPI Cloud Provider Interface and CSI Container Storage Interface credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being stored in a plaintext...

8.5CVSS5.7AI score0.00096EPSS

Exploits0References2

CNNVD•added 2024/09/15 12:0 a.m.•19 views

OpenDaylight 安全漏洞

OpenDaylight ODL is an open source SDN controller from OpenDaylight Open Source. A security vulnerability exists in OpenDaylight Model-Driven Service Abstraction Layer MD-SAL version 13.0.1 and earlier, which stems from the fact that controllers with the follower role can configure flow entries i...

9.1CVSS6.5AI score0.00223EPSS

Exploits0References4

RedHat Linux•added 2024/07/03 11:29 a.m.•36 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.1 bug fix and security update

Red Hat OpenShift Container Platform release 4.16.1 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

7.5CVSS7.1AI score0.00343EPSS

Exploits0References37

OSV•added 2024/04/03 5:15 p.m.•2 views

CVE-2024-20283

A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to learn cluster deployment information on an affected device. This vulnerability is due to improper access controls on a specific API endpoint. An attacker could exploit this vulnerability by sending queries t...

4.3CVSS5.8AI score

Exploits0References1

CVE•added 2024/04/03 4:25 p.m.•82 views

CVE-2024-20283

Cisco Nexus Dashboard contains an information-disclosure vulnerability (CVE-2024-20283) due to improper access controls on a specific API endpoint. An authenticated remote attacker could query the API to access metrics and deployment information for devices within the Nexus Dashboard cluster. The...

4.3CVSS6.6AI score0.00224EPSS

Exploits0References1Affected Software1

Cvelist•added 2024/04/03 4:25 p.m.•11 views

CVE-2024-20283

4.3CVSS4.9AI score0.00224EPSS

Exploits0References1

Rapid7 Blog•added 2024/03/15 6:20 p.m.•56 views

Metasploit Wrap-Up 03/15/2024

New module content 3 GitLab Password Reset Account Takeover Authors: asterion04 and h00die Type: Auxiliary Pull request: 18716 contributed by h00die Path: admin/http/gitlabpasswordresetaccounttakeover AttackerKB reference: CVE-2023-7028 Description: This adds an exploit module that leverages an...

7.5CVSS8.7AI score0.94061EPSS

Exploits52

OSV•added 2024/03/06 10:56 a.m.•30 views

BIT-MINIO-2023-28432 Minio Information Disclosure in Cluster Deployment

7.5CVSS7.4AI score0.94061EPSS

Exploits13References7

CISA KEV Catalog•added 2023/04/21 12:0 a.m.•25 views

MinIO Information Disclosure Vulnerability

MinIO contains a vulnerability in a cluster deployment where MinIO returns all environment variables, which allows for information disclosure...

7.5CVSS6.9AI score0.94061EPSS

In wildExploits13

Veracode•added 2023/03/30 10:29 a.m.•33 views

Information Exposure

github.com/minio/minio-go, is vulnerable to Sensitive Information Exposure. The vulnerability exists during cluster deployment due to a lack of sensitive environment variable masking in the MINIOSECRETKEY and MINIOROOTPASSWORD, allowing an attacker to exfiltrate sensitive tokens from the system...

7.5CVSS7.1AI score0.94061EPSS

Exploits13References8Affected Software1