Lucene search
K

9 matches found

Chainguard
Chainguard
added 3 days ago5 views

GHSA-9VCR-P3RJ-Q5Q6 vulnerabilities

Vulnerabilities for packages: zarf, kubescape-server-fips, kyverno-notation-aws, kubescape-server, tekton-chains, kubescape, teleport-operator-fips, cloudbeat, docker-fips, tkn, tekton-chains-fips, trivy-operator-fips, image-factory-fips, trivy, aactl, gitsign, spire-server-fips, trivy-operator,...

6.1AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/06/05 3:25 p.m.15 views

Omni: Operator can traverse image-factory API paths via unsanitized `talos_version` in CreateSchematic

Summary managementServer.CreateSchematic internal/backend/grpc/schematics.go passes the caller-controlled TalosVersion field directly to imageFactoryClient.OverlaysVersions, which embeds it verbatim into a fmt.Sprintf"/version/%s/overlays/official", talosVersion path template. url.URL.JoinPath...

5.7AI score0.00043EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/05 3:25 p.m.8 views

GHSA-C66C-VQ6W-FVH5 Omni: Operator can traverse image-factory API paths via unsanitized `talos_version` in CreateSchematic

Summary managementServer.CreateSchematic internal/backend/grpc/schematics.go passes the caller-controlled TalosVersion field directly to imageFactoryClient.OverlaysVersions, which embeds it verbatim into a fmt.Sprintf"/version/%s/overlays/official", talosVersion path template. url.URL.JoinPath...

2.7CVSS5.7AI score0.00043EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.14 views

PT-2026-46988

Name of the Vulnerable Software and Affected Versions Omni affected versions not specified Description An authenticated Operator can perform a same-host path traversal by exploiting the managementServer.CreateSchematic internal/backend/grpc/schematics.go function. The issue occurs because the...

2.7CVSS5.9AI score0.00043EPSS
Exploits0References6
Chainguard
Chainguard
added 2026/02/26 7:17 p.m.10 views

CVE-2026-1229 vulnerabilities

Vulnerabilities for packages: cerbos, ratify, argocd-image-updater, crossplane-provider-keycloak, kots, kubescape, helm, crossplane-provider-aws-sns, crossplane-provider-aws-rds, helm-push, crossplane-provider-azure-authorization, omni-fips, trivy-operator-fips, wolfictl, hydra-fips, q,...

9.8CVSS6.7AI score0.00397EPSS
Exploits0
Chainguard
Chainguard
added 2026/01/28 1:17 a.m.5 views

GHSA-JQC5-W2XX-5VQ4 vulnerabilities

Vulnerabilities for packages: zarf, kyverno-notation-aws, cosign-fips, tekton-chains, kubescape, flux-source-controller-fips, teleport-operator-fips, skaffold-fips, tkn, goreleaser, vexctl, tekton-chains-fips, spire-server, trivy-operator-fips, buildkitd, image-factory-fips, trivy, gitsign,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/01/28 1:17 a.m.10 views

CVE-2026-24686 vulnerabilities

Vulnerabilities for packages: zarf, kyverno-notation-aws, cosign-fips, tekton-chains, kubescape, flux-source-controller-fips, teleport-operator-fips, skaffold-fips, tkn, goreleaser, vexctl, tekton-chains-fips, spire-server, trivy-operator-fips, buildkitd, image-factory-fips, trivy, gitsign,...

4.7CVSS6.1AI score0.00211EPSS
Exploits1
Packet Storm
Packet Storm
added 2011/02/11 12:0 a.m.35 views

Horde Local File Inclusion

Exploit Title: Horde HordeImage::factory driver Argument Local File Inclusion Google Dork: intitle:horde Date: 10-02-2011 Author: skysbsb Software Link: http://www.horde.org/download/ Version: Horde 3.3.2 Tested on: linux CVE : CVE-2009-0932 The original disclosure was done by Gunnar Wrobel from...

6.4CVSS7.6AI score0.41263EPSS
Exploits8
exploitpack
exploitpack
added 2011/02/11 12:0 a.m.26 views

Horde - Horde_Image::factory driver Argument Local File Inclusion

Horde - HordeImage::factory driver Argument Local File Inclusion Exploit Title: Horde HordeImage::factory driver Argument Local File Inclusion Google Dork: intitle:horde Date: 10-02-2011 Author: skysbsb Software Link: http://www.horde.org/download/ Version: Horde 3.3.2 Tested on: linux CVE :...

6.4CVSS0.1AI score0.41263EPSS
Exploits8
Rows per page
Query Builder