Lucene search
K

87 matches found

SUSE CVE
SUSE CVE
added 2026/06/27 1:52 a.m.7 views

SUSE CVE-2026-54448

Trivy is a security scanner. Prior to 0.71.0, when Trivy scans a Helm chart archive .tgz, its custom tar unpacker reads each entry with io.ReadAlltr and no size limit. An attacker who can place a malicious .tgz file in the scanned path can craft a small compressed archive that decompresses to...

6.5CVSS5.8AI score0.0025EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 4:27 p.m.18 views

CVE-2026-54448 Trivy: Helm chart tar bomb causes OOM via unbounded io.ReadAll in parser

Trivy is a security scanner. Prior to 0.71.0, when Trivy scans a Helm chart archive .tgz, its custom tar unpacker reads each entry with io.ReadAlltr and no size limit. An attacker who can place a malicious .tgz file in the scanned path can craft a small compressed archive that decompresses to...

6.9CVSS0.0025EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52498

Name of the Vulnerable Software and Affected Versions Trivy versions prior to 0.71.0 Description A security scanner issue occurs when processing Helm chart archives .tgz. The custom tar unpacker uses the io.ReadAlltr function without a size limit. An attacker can provide a specially crafted...

6.9CVSS5.8AI score0.0025EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.14 views

CVE-2026-45131

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow pull-request.yaml executes attacker-controlled code from fork pull requests in a privileged context, exposing repository secrets including Docker Hub credentials and tokens...

10CVSS5.4AI score0.00275EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 5:17 p.m.16 views

CVE-2026-45132

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow generate-schema.yaml exposes sensitive credentials Personal Access Token and SSH signing key to fork-controlled code due to unsafe checkout and credential handling practices. Th...

10CVSS0.0026EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/01 4:13 p.m.30 views

CVE-2026-45131 CloudPirates Open Source Helm Charts: GitHub Actions pull_request_target workflow allows secret exfiltration via fork pull requests

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow pull-request.yaml executes attacker-controlled code from fork pull requests in a privileged context, exposing repository secrets including Docker Hub credentials and tokens...

10CVSS0.00275EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/01 4:13 p.m.12 views

EUVD-2026-33666

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow pull-request.yaml executes attacker-controlled code from fork pull requests in a privileged context, exposing repository secrets including Docker Hub credentials and tokens...

10CVSS5.8AI score0.00275EPSS
Exploits0References2
CVE
CVE
added 2026/06/01 4:13 p.m.23 views

CVE-2026-45132

CVE-2026-45132 concerns CloudPirates Open Source Helm Charts. Prior to commit fcf9302, a GitHub Actions workflow (generate-schema.yaml) exposed sensitive credentials—Personal Access Token and an SSH signing key —to fork-controlled code due to unsafe checkout and credential handling practices. The...

10CVSS5.8AI score0.0026EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/01 4:13 p.m.11 views

CVE-2026-45132 CloudPirates Open Source Helm Charts: GitHub Actions workflow leaks PAT and SSH signing key via unsafe credential handling

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow generate-schema.yaml exposes sensitive credentials Personal Access Token and SSH signing key to fork-controlled code due to unsafe checkout and credential handling practices. Th...

10CVSS5.8AI score0.0026EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/01 4:13 p.m.12 views

EUVD-2026-33665

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow generate-schema.yaml exposes sensitive credentials Personal Access Token and SSH signing key to fork-controlled code due to unsafe checkout and credential handling practices. Th...

10CVSS5.8AI score0.0026EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/01 4:13 p.m.32 views

CVE-2026-45132 CloudPirates Open Source Helm Charts: GitHub Actions workflow leaks PAT and SSH signing key via unsafe credential handling

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow generate-schema.yaml exposes sensitive credentials Personal Access Token and SSH signing key to fork-controlled code due to unsafe checkout and credential handling practices. Th...

10CVSS0.0026EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.21 views

PT-2026-45468

Name of the Vulnerable Software and Affected Versions CloudPirates Open Source Helm Charts versions prior to commit fcf9302 Description A GitHub Actions workflow named 'generate-schema.yaml' exposes sensitive credentials, specifically a Personal Access Token and an SSH signing key, to code...

10CVSS5.3AI score0.0026EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

CloudPirates Open Source Helm Charts 代码注入漏洞

CloudPirates Open Source Helm Charts is a collection of Helm Charts for cloud-native applications, developed by CloudPirates.io. Previous versions of CloudPirates Open Source Helm Charts had a code injection vulnerability. This vulnerability stems from executing code controlled by the attacker in...

10CVSS5.4AI score0.00275EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.9 views

CloudPirates Open Source Helm Charts 代码注入漏洞

CloudPirates Open Source Helm Charts is a collection of Helm Charts for cloud-native applications, developed by CloudPirates.io. Previous versions of CloudPirates Open Source Helm Charts had a code injection vulnerability. This vulnerability stemmed from GitHub Actions workflows exposing sensitiv...

10CVSS5.4AI score0.0026EPSS
Exploits0References2
NVD
NVD
added 2026/03/04 10:16 p.m.7 views

CVE-2026-25750

Langchain Helm Charts are Helm charts for deploying Langchain applications on Kubernetes. Prior to langchain-ai/helm version 0.12.71, a URL parameter injection vulnerability existed in LangSmith Studio that could allow unauthorized access to user accounts through stolen authentication tokens. The...

8.5CVSS0.00292EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/04 9:58 p.m.3 views

CVE-2026-25750 LangSmith Studio has URL Parameter Injection Vulnerability that Enables Token Theft via Malicious baseUrl

Langchain Helm Charts are Helm charts for deploying Langchain applications on Kubernetes. Prior to langchain-ai/helm version 0.12.71, a URL parameter injection vulnerability existed in LangSmith Studio that could allow unauthorized access to user accounts through stolen authentication tokens. The...

8.5CVSS6AI score0.00292EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.5 views

PT-2026-23069

Name of the Vulnerable Software and Affected Versions Langchain Helm Charts versions prior to 0.12.71 Description Langchain Helm Charts, used for deploying Langchain applications on Kubernetes, had a flaw where a specially crafted link could lead to the theft of authentication tokens. This allowe...

8.5CVSS5.7AI score0.00292EPSS
Exploits0References12
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.9 views

Langchain Helm Charts 注入漏洞

Langchain Helm Charts is a Kubernetes Helm chart library developed by LangChain for deploying Langchain applications. Versions of Langchain Helm Charts prior to 0.12.71 contained a injection vulnerability. This vulnerability stemmed from URL parameter injections in LangSmith Studio, which could...

8.5CVSS6AI score0.00292EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/02/28 12:0 a.m.7 views

openSUSE 16 Security Update : openQA, os-autoinst, openQA-devel-container (openSUSE-SU-2026:20261-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20261-1 advisory. Changes in openQA: - Update to version 5.1771422749.560a3b26: fixmcp: set navbar check expression to read-only feat: support inverted result filters in...

9.2CVSS6.1AI score0.00481EPSS
Exploits0References3
Snyk
Snyk
added 2025/10/29 1:39 a.m.4 views

Malicious Package

Overview helm-charts-monorepo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
Rows per page
Query Builder