Lucene search
K

139 matches found

Cvelist
Cvelist
added 2025/12/14 9:27 p.m.19 views

CVE-2025-13281 Portworx Half-Blind SSRF in kube-controller-manager

A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...

5.8CVSS0.00355EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/12/14 9:27 p.m.5 views

CVE-2025-13281

A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...

5.8CVSS7.8AI score0.00355EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/12/14 9:27 p.m.4 views

CVE-2025-13281

A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...

5.8CVSS6.5AI score0.00355EPSS
Exploits0References3
OSV
OSV
added 2025/12/12 12:20 p.m.3 views

OESA-2025-2819 kubernetes security update

Container cluster management. Security Fixes: A vulnerability was found in Kubernetes kube-controller-manager up to versions 1.30.14, 1.31.14, 1.32.9, 1.33.5 and 1.34.1. It has been classified as CWE-918 Server-Side Request Forgery. The web server receives a URL or similar request from an upstrea...

5.8CVSS6.7AI score0.00355EPSS
Exploits0References2
OSV
OSV
added 2025/12/12 12:20 p.m.4 views

OESA-2025-2818 kubernetes security update

Container cluster management. Security Fixes: A vulnerability was found in Kubernetes kube-controller-manager up to versions 1.30.14, 1.31.14, 1.32.9, 1.33.5 and 1.34.1. It has been classified as CWE-918 Server-Side Request Forgery. The web server receives a URL or similar request from an upstrea...

5.8CVSS6.7AI score0.00355EPSS
Exploits0References2
OSV
OSV
added 2025/12/12 12:20 p.m.4 views

OESA-2025-2817 kubernetes security update

Container cluster management. Security Fixes: A vulnerability was found in Kubernetes kube-controller-manager up to versions 1.30.14, 1.31.14, 1.32.9, 1.33.5 and 1.34.1. It has been classified as CWE-918 Server-Side Request Forgery. The web server receives a URL or similar request from an upstrea...

5.8CVSS6.7AI score0.00355EPSS
Exploits0References2
OSV
OSV
added 2025/12/12 12:20 p.m.7 views

OESA-2025-2816 kubernetes security update

Container cluster management. Security Fixes: A vulnerability was found in Kubernetes kube-controller-manager up to versions 1.30.14, 1.31.14, 1.32.9, 1.33.5 and 1.34.1. It has been classified as CWE-918 Server-Side Request Forgery. The web server receives a URL or similar request from an upstrea...

5.8CVSS6.7AI score0.00355EPSS
Exploits0References2
OSV
OSV
added 2025/12/12 12:20 p.m.7 views

OESA-2025-2815 kubernetes security update

Container cluster management. Security Fixes: A vulnerability was found in Kubernetes kube-controller-manager up to versions 1.30.14, 1.31.14, 1.32.9, 1.33.5 and 1.34.1. It has been classified as CWE-918 Server-Side Request Forgery. The web server receives a URL or similar request from an upstrea...

5.8CVSS6.7AI score0.00355EPSS
Exploits0References2
Wolfi
Wolfi
added 2025/12/07 7:47 p.m.8 views

CVE-2025-61727 vulnerabilities

Vulnerabilities for packages: nri-apache, mkcert, rancher, opensearch-k8s-operator, k8s-device-plugin, s5cmd, pulumi-kubernetes-operator, terraform-mcp-server, mesosphere-vsphere-csi, postgres-operator, src, cert-manager-webhook-pdns, pgtimetable, rabbitmq-messaging-topology-operator, kiali,...

6.5CVSS6.8AI score0.00274EPSS
Exploits0
Wolfi
Wolfi
added 2025/12/07 7:47 p.m.7 views

GHSA-5MH9-3JWC-RP59 vulnerabilities

Vulnerabilities for packages: nri-apache, mkcert, rancher, opensearch-k8s-operator, k8s-device-plugin, s5cmd, pulumi-kubernetes-operator, terraform-mcp-server, mesosphere-vsphere-csi, postgres-operator, src, cert-manager-webhook-pdns, pgtimetable, rabbitmq-messaging-topology-operator, kiali,...

5.8AI score
Exploits0
Kubernetes Security Advisories
Kubernetes Security Advisories
added 2025/11/30 11:8 p.m.4 views

Portworx Half-Blind SSRF in kube-controller-manager

CVSS Rating: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N - Medium 5.8 A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This was patched for other in-tree StorageClasses GlusterFS, Quobyte, StorageOS, and...

5.8CVSS7.2AI score0.00355EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-29176

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.02926EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-29177

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.03269EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-3260

Malicious code in bioql PyPI...

7.7CVSS7.8AI score0.00598EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-29178

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.02814EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-1110

Malicious code in bioql PyPI...

5.5CVSS5.8AI score0.00505EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2025/09/19 11:22 p.m.3 views

SUSE CVE-2025-59358

The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service...

7.5CVSS7.2AI score0.00987EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2025/09/19 11:22 p.m.2 views

SUSE CVE-2025-59359

The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster...

9.8CVSS8.5AI score0.02926EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2025/09/19 11:22 p.m.3 views

SUSE CVE-2025-59360

The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster...

9.8CVSS8.5AI score0.02814EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2025/09/19 11:22 p.m.3 views

SUSE CVE-2025-59361

The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster...

9.8CVSS8.5AI score0.03269EPSS
Exploits1References2
Rows per page
Query Builder