CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

26 matches found

SUSE CVE•added 2026/02/07 12:23 a.m.•3 views

SUSE CVE-2026-25538

Devtron is an open source tool integration platform for Kubernetes. In version 2.0.0 and prior, a vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user including low-privileged CI/CD Developers to obtain the global API Token signing key by accessing the...

8.8CVSS5.5AI score0.00022EPSS

Exploits1References3

RedhatCVE•added 2026/02/06 1:25 a.m.•2 views

CVE-2026-25538

8.8CVSS5.4AI score0.00022EPSS

Exploits1References1

OSV•added 2026/02/05 3:20 a.m.•1 views

GO-2026-4416 Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage in github.com/devtron-labs/devtron

Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage in github.com/devtron-labs/devtron...

8.8CVSS5.4AI score0.00022EPSS

Exploits1References2

NVD•added 2026/02/04 10:15 p.m.•2 views

CVE-2026-25538

8.8CVSS0.00022EPSS

Exploits1References2

ATTACKERKB•added 2026/02/04 9:37 p.m.•2 views

CVE-2026-25538

8.7CVSS5.5AI score0.00022EPSS

Exploits1References3Affected Software1

EUVD•added 2026/02/04 9:37 p.m.•2 views

EUVD-2026-5332

8.7CVSS5.5AI score0.00022EPSS

Exploits1References2

Cvelist•added 2026/02/04 9:37 p.m.•24 views

CVE-2026-25538 Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage

8.7CVSS0.00022EPSS

Exploits1References2

CVE•added 2026/02/04 9:37 p.m.•7 views

CVE-2026-25538

Devtron CVE-2026-25538 affects the open-source Devtron Kubernetes integration platform (versions up to 2.0.0). A vulnerability in the Attributes API interface allows any authenticated user to access /orchestrator/attributes?key=apiTokenSecret, exposing the global API Token signing key. With the k...

8.8CVSS5.5AI score0.00022EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2026/02/04 9:37 p.m.•1 views

CVE-2026-25538 Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage

8.7CVSS5.5AI score0.00022EPSS

Exploits1References2

OSV•added 2026/02/04 9:37 p.m.•1 views

CVE-2026-25538 Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage

8.7CVSS5.5AI score0.00022EPSS

Exploits1References4

OSV•added 2026/02/04 7:46 p.m.•2 views

GHSA-8WPC-J9Q9-J5M2 Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage

Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage Summary This vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user including low-privileged CI/CD Developers to obtain the global API Token signing key by accessing the...

8.7CVSS5.9AI score0.00022EPSS

Exploits1References4

Github Security Blog•added 2026/02/04 7:46 p.m.•4 views

Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage

8.8CVSS5.9AI score0.00022EPSS

Exploits1References4Affected Software1

CNNVD•added 2026/02/04 12:0 a.m.•3 views

Devtron 安全漏洞

Devtron is an open-source Kubernetes cloud-native tool integration platform developed by Devtron. Versions of Devtron 2.0.0 and earlier contained security vulnerabilities. These vulnerabilities were caused by improper access control in the Attributes API interface, which could lead to the...

8.8CVSS6.6AI score0.00022EPSS

Exploits1References2

Positive Technologies•added 2026/02/04 12:0 a.m.•2 views

PT-2026-6317

Name of the Vulnerable Software and Affected Versions Devtron versions prior to 2.0.0 Description Devtron is a tool integration platform for Kubernetes. A flaw exists in the Attributes API interface that allows authenticated users to obtain the global API Token signing key by accessing the...

8.7CVSS5.6AI score0.00022EPSS

Exploits1References9

RedhatCVE•added 2025/02/05 3:38 a.m.•2 views

CVE-2024-45794

devtron is an open source tool integration platform for Kubernetes. In affected versions an authenticated user with minimum permission could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API /orchestrator/user. This issue has been addressed in...

8.8CVSS9AI score0.00417EPSS

Exploits1References1

SUSE CVE•added 2024/11/10 3:53 a.m.•3 views

SUSE CVE-2024-45794

8.8CVSS7.8AI score0.00417EPSS

Exploits1References4

OSV•added 2024/11/08 5:25 p.m.•11 views

GO-2024-3260 Devtron has SQL Injection in CreateUser API in github.com/devtron-labs/devtron

Devtron has SQL Injection in CreateUser API in github.com/devtron-labs/devtron...

8.8CVSS8.6AI score0.00417EPSS

Exploits1References3

NVD•added 2024/11/07 6:15 p.m.•15 views

CVE-2024-45794

8.8CVSS0.00417EPSS

Exploits1References1

OSV•added 2024/11/07 5:42 p.m.•3 views

CVE-2024-45794 SQL Injection in CreateUser API in devtron

8.3CVSS7.8AI score0.00417EPSS

Exploits1References3

CVE•added 2024/11/07 5:42 p.m.•86 views

CVE-2024-45794

Devtron (open source tool integration platform for Kubernetes) has a SQL Injection vulnerability in the CreateUser API (/orchestrator/user). An authenticated user with minimum permissions could exploit this to execute malicious SQL queries. The issue is addressed in version 0.7.2; upgrading is ad...

8.8CVSS8.6AI score0.00417EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by