CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Snyk•added 2026/05/26 10:48 p.m.•1 views

Improper Authentication

8.2CVSS5.8AI score0.00011EPSS

CVE•added 2026/05/14 7:0 p.m.•7 views

CVE-2026-26062

CVE-2026-26062 affects Fleet before version 4.81.0, where the gRPC Launcher PublishLogs endpoint could terminate the Fleet server when handling certain inputs. An authenticated attacker with access to an enrolled Launcher node key could trigger an immediate DoS by sending a single gRPC request, i...

8.7CVSS5.8AI score0.00088EPSS

Exploits0References2Affected Software1

EUVD•added 2026/05/14 7:0 p.m.•6 views

EUVD-2026-30375

Fleet is open source device management software. Prior to version 4.81.0, Fleet contained a denial-of-service DoS issue in the gRPC Launcher PublishLogs endpoint. In affected versions, certain unexpected input values were not handled gracefully, which could cause the Fleet server process to...

8.7CVSS5.8AI score0.00088EPSS

OSV•added 2026/05/14 1:17 p.m.•2 views

GHSA-X67P-9M2R-FXQV Fleet server may terminate unexpectedly when handling certain gRPC requests

Summary Fleet contained a denial-of-service DoS issue in the gRPC Launcher PublishLogs endpoint. In affected versions, certain unexpected input values were not handled gracefully, which could cause the Fleet server process to terminate while processing an authenticated request from an enrolled...

8.7CVSS5.9AI score0.00088EPSS

Exploits0References4

Positive Technologies•added 2026/05/14 12:0 a.m.•5 views

PT-2026-40970

8.7CVSS5.9AI score0.00088EPSS

Exploits0References4

Chainguard•added 2026/04/25 7:17 p.m.•3 views

GHSA-MH2Q-Q3FH-2475 vulnerabilities

Vulnerabilities for packages: emissary, cluster-api-ipam-provider-in-cluster, crossplane-provider-aws-cognitoidp-fips, crossplane-provider-aws-ssm, crossplane-provider-azure-signalrservice, cluster-api-provider-vsphere, yunikorn-k8shim, crossplane-provider-aws-athena-fips,...

5.8AI score

Chainguard•added 2026/04/25 7:17 p.m.•1 views

CVE-2026-29181 vulnerabilities

7.5CVSS5.8AI score0.00077EPSS

Exploits1

Positive Technologies•added 2026/04/13 12:0 a.m.•1 views

PT-2026-32407

Incorrect Authorization CWE-863 in Kibana can lead to cross-space information disclosure via Privilege Abuse CAPEC-122. A user with Fleet agent management privileges in one Kibana space can retrieve Fleet Server policy details from other spaces through an internal enrollment endpoint. The endpoin...

4.3CVSS5.8AI score0.00025EPSS

Chainguard•added 2026/04/11 2:18 a.m.•7 views

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: emissary, cluster-api-ipam-provider-in-cluster, minc-fips, pgwatch, jobset-fips, kubernetes-ingress-defaultbackend-fips, crossplane-provider-aws-cognitoidp-fips, crossplane-provider-aws-ssm, apache-exporter, nri-mongodb, cluster-api-provider-vsphere, yunikorn-k8shim,...

7.5CVSS7.1AI score0.00019EPSS

Snyk•added 2026/04/09 4:14 p.m.•4 views

Incorrect Authorization

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Incorrect Authorization via the enrollment endpoint. An attacker can access Fleet Server policy details from unauthorized spaces b...

5.3CVSS5.7AI score0.00025EPSS

EUVD•added 2026/04/08 6:34 p.m.•1 views

EUVD-2026-20523

4.3CVSS5.9AI score0.00025EPSS

NVD•added 2026/04/08 5:21 p.m.•1 views

CVE-2026-33460

4.3CVSS0.00025EPSS

Exploits0References1

Cvelist•added 2026/04/08 4:43 p.m.•17 views

CVE-2026-33460 Incorrect Authorization in Kibana Fleet Leading to Information Disclosure

4.3CVSS0.00025EPSS

Exploits0References1

OSV•added 2026/03/30 7:22 p.m.•2 views

GHSA-W254-4HP5-7CVV Fleet vulnerable to Denial of Service via unhandled gRPC log type in launcher endpoint

Summary A Denial of Service vulnerability in Fleet's gRPC Launcher endpoint allows an authenticated host to crash the entire Fleet server process by sending an unexpected log type value. The server terminates immediately, disrupting all connected hosts, MDM enrollments, and API consumers. Impact ...

8.7CVSS5.9AI score0.00063EPSS

ATTACKERKB•added 2026/03/27 7:13 p.m.•1 views

CVE-2026-34388

Fleet is open source device management software. Prior to 4.81.0, a denial-of-service vulnerability in Fleet's gRPC Launcher endpoint allows an authenticated host to crash the entire Fleet server process by sending an unexpected log type value. The server terminates immediately, disrupting all...

8.7CVSS5.9AI score0.00063EPSS

Exploits0References2Affected Software1

Github Security Blog•added 2026/03/27 6:17 p.m.•6 views

Fleet's unbounded request body read allows remote Denial of Service

Summary Fleet contained multiple unauthenticated HTTP endpoints that read request bodies without enforcing a size limit. An unauthenticated attacker could exploit this behavior by sending large or repeated HTTP payloads, causing excessive memory allocation and resulting in a denial-of-service DoS...

8.7CVSS5.9AI score0.00023EPSS

Exploits0References3Affected Software1

Chainguard•added 2026/03/03 7:17 a.m.•2 views

GHSA-8FJ7-8H3W-XWFM vulnerabilities

Vulnerabilities for packages: tempo-fips, emissary, grafana-alloy, tigera-operator-fips, pluto-fips, apm-server, crossplane-provider-aws-servicediscovery-fips, zarf, kube-logging-operator, linkerd2, amazon-ssm-agent, crossplane-provider-aws-cognitoidp-fips, crossplane-provider-aws-ssm,...

5.8AI score

Chainguard•added 2026/03/03 7:17 a.m.•6 views

CVE-2026-27141 vulnerabilities

7.5CVSS7.3AI score0.00023EPSS

Snyk•added 2026/01/20 8:55 p.m.•1 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the JWT verification process. An attacker can gain unauthorized enrollment of rogue devices by submitting a forged JWT with arbitrary identity claims, as the system fails to verify th...

9.8CVSS5.8AI score0.00059EPSS