163 matches found
CVE-2026-22822 vulnerabilities
Vulnerabilities for packages: external-secrets-operator...
GHSA-77V3-R3JW-J2V2 vulnerabilities
Vulnerabilities for packages: external-secrets-operator...
GHSA-77V3-R3JW-J2V2 vulnerabilities
Vulnerabilities for packages: external-secrets-operator...
CVE-2026-22822 vulnerabilities
Vulnerabilities for packages: external-secrets-operator...
CLEANSTART-2026-PP64690 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-1229, CVE-2026-25934, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x, ghsa-q9hv-hpm4-hj6x applied in versions: 0.20.4-r1, 0.20.4-r2, 0.20.4-r3
Multiple security vulnerabilities affect the external-secrets-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-SW07802 Security fixes for CVE-2025-61729 applied in versions: 1.1.0-r0
Security vulnerability affects the external-secrets package. This issue is resolved in later releases. See references for vulnerability details...
CLEANSTART-2026-MX45462 Security fixes for CVE-2025-61729 applied in versions: 1.1.0-r0
Security vulnerability affects the external-secrets package. This issue is resolved in later releases. See references for vulnerability details...
CVE-2026-34165 vulnerabilities
Vulnerabilities for packages: gitlab-rails-ce, cloudbeat, trivy-operator-fips, nemo, kyverno-fips, rancher-fleet, argo-cd-fips, gitaly-fips, guac, gitea-fips, chainctl-fips, scorecard, nuclei, k9s, grype-db, pulumi-language-yaml, kubescape-server-fips, wolfictl, cg, grype, src-fingerprint-fips,...
GHSA-GM2X-2G9H-CCM8 vulnerabilities
Vulnerabilities for packages: gitlab-rails-ce, cloudbeat, trivy-operator-fips, nemo, kyverno-fips, rancher-fleet, argo-cd-fips, gitaly-fips, guac, gitea-fips, chainctl-fips, scorecard, nuclei, k9s, grype-db, pulumi-language-yaml, kubescape-server-fips, wolfictl, cg, grype, src-fingerprint-fips,...
CVE-2026-33762 vulnerabilities
Vulnerabilities for packages: gitlab-rails-ce, cloudbeat, trivy-operator-fips, nemo, kyverno-fips, rancher-fleet, argo-cd-fips, gitaly-fips, guac, gitea-fips, chainctl-fips, scorecard, nuclei, k9s, grype-db, pulumi-language-yaml, kubescape-server-fips, wolfictl, cg, grype, src-fingerprint-fips,...
CVE-2026-34165 vulnerabilities
Vulnerabilities for packages: kubevela, skaffold, dagger, pulumi-language-dotnet, kaniko, snyk-cli, kargo, pulumi-language-yaml, argo-cd, scorecard, zot, trufflehog, grype, osv-scanner, bom, argocd-image-updater, pulumi, kyverno, nuclei, chezmoi, apko, gitaly, kubescape, nfpm, wolfictl,...
GHSA-GM2X-2G9H-CCM8 vulnerabilities
Vulnerabilities for packages: kubevela, skaffold, dagger, pulumi-language-dotnet, kaniko, snyk-cli, kargo, pulumi-language-yaml, argo-cd, scorecard, zot, trufflehog, grype, osv-scanner, bom, argocd-image-updater, pulumi, kyverno, nuclei, chezmoi, apko, gitaly, kubescape, nfpm, wolfictl,...
GHSA-JHF3-XXHW-2WPP vulnerabilities
Vulnerabilities for packages: kubevela, skaffold, dagger, pulumi-language-dotnet, kaniko, snyk-cli, kargo, pulumi-language-yaml, argo-cd, scorecard, zot, trufflehog, grype, osv-scanner, bom, argocd-image-updater, pulumi, kyverno, nuclei, chezmoi, apko, gitaly, kubescape, nfpm, wolfictl,...
CVE-2026-33762 vulnerabilities
Vulnerabilities for packages: kubevela, skaffold, dagger, pulumi-language-dotnet, kaniko, snyk-cli, kargo, pulumi-language-yaml, argo-cd, scorecard, zot, trufflehog, grype, osv-scanner, bom, argocd-image-updater, pulumi, kyverno, nuclei, chezmoi, apko, gitaly, kubescape, nfpm, wolfictl,...
EUVD-2026-15953
n8n Has External Secrets Authorization Bypass in Credential Saving...
n8n Has External Secrets Authorization Bypass in Credential Saving
Impact An authenticated user without permission to list external secrets could reference a secret by the external name in a credential and retrieve its plaintext value when saving the credential. This bypassed the externalSecret:list permission check and allowed access to secrets stored in...
GHSA-FXCW-H3QJ-8M8P n8n Has External Secrets Authorization Bypass in Credential Saving
Impact An authenticated user without permission to list external secrets could reference a secret by the external name in a credential and retrieve its plaintext value when saving the credential. This bypassed the externalSecret:list permission check and allowed access to secrets stored in...
CVE-2026-33722
n8n is an open source workflow automation platform. Prior to versions 2.6.4 and 1.123.23, an authenticated user without permission to list external secrets could reference a secret by the external name in a credential and retrieve its plaintext value when saving the credential. This bypassed the...
CVE-2026-33722 n8n Has External Secrets Authorization Bypass in Credential Saving
n8n is an open source workflow automation platform. Prior to versions 2.6.4 and 1.123.23, an authenticated user without permission to list external secrets could reference a secret by the external name in a credential and retrieve its plaintext value when saving the credential. This bypassed the...
CVE-2026-33722
CVE-2026-33722 (n8n) : An authenticated-but-low-privilege user could bypass the external secret list permission by referencing a secret by its external name in a credential, gaining plaintext access to secrets in connected vaults. The issue requires an instance with an external secrets vault conf...