147 matches found
Important: Red Hat Security Advisory: Custom Metrics Autoscaler Operator for Red Hat OpenShift 2.19.0-1 Update
Custom Metrics Autoscaler Operator for Red Hat OpenShift updates. The following updates for the Custom Metric Autoscaler operator for Red Hat OpenShift are now available: custom-metrics-autoscaler-adapter-container custom-metrics-autoscaler-admission-webhooks-container...
CVE-2026-42506 affecting package keda for versions less than 2.14.1-13
CVE-2026-42506 affecting package keda for versions less than 2.14.1-13. A patched version of the package is available...
CVE-2026-27136 affecting package keda for versions less than 2.14.1-13
CVE-2026-27136 affecting package keda for versions less than 2.14.1-13. A patched version of the package is available...
CVE-2026-39821 affecting package keda for versions less than 2.14.1-13
CVE-2026-39821 affecting package keda for versions less than 2.14.1-13. A patched version of the package is available...
CVE-2026-35469 affecting package keda for versions less than 2.14.1-12
CVE-2026-35469 affecting package keda for versions less than 2.14.1-12. A patched version of the package is available...
CLEANSTART-2026-QS87161 Security fixes for CVE-2026-24051, CVE-2026-26958, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33186, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-33815, CVE-2026-33816, CVE-2026-34986, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-39882, CVE-2026-40179, CVE-2026-41889, CVE-2026-42151, CVE-2026-42154, CVE-2026-42499, CVE-2026-42501, CVE-2026-44903, ghsa-8rm2-7qqf-34qm, ghsa-9h8m-3fm2-qjrq, ghsa-9jj7-4m8r-rfcm, ghsa-fw7p-63qq-7hpr, ghsa-fw8g-cg8f-9j28, ghsa-j88v-2chj-qfwx, ghsa-p77j-4mvh-x3m3, ghsa-vffh-x6r8-xx99, ghsa-w8rr-5gcm-pp58, ghsa-wg65-39gg-5wfj, ghsa-xmrv-pmrh-hhx2 applied in versions: 2.19.0-r0, 2.19.0-r1, 2.19.0-r2, 2.19.0-r3
Multiple security vulnerabilities affect the keda package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-AP95632 Security fixes for CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33186, CVE-2026-33811, CVE-2026-33814, CVE-2026-33815, CVE-2026-33816, CVE-2026-34986, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-39882, CVE-2026-39883, CVE-2026-40179, CVE-2026-41889, CVE-2026-42151, CVE-2026-42154, CVE-2026-42499, CVE-2026-42501, CVE-2026-44903, ghsa-78h2-9frx-2jm8, ghsa-8rm2-7qqf-34qm, ghsa-9jj7-4m8r-rfcm, ghsa-fw8g-cg8f-9j28, ghsa-hfvc-g4fc-pqhx, ghsa-j88v-2chj-qfwx, ghsa-p77j-4mvh-x3m3, ghsa-vffh-x6r8-xx99, ghsa-w8rr-5gcm-pp58, ghsa-wg65-39gg-5wfj, ghsa-xmrv-pmrh-hhx2 applied in versions: 2.18.3-r3
Multiple security vulnerabilities affect the keda-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2026-41889 vulnerabilities
Vulnerabilities for packages: caddy, commercial-chainloop-backend, sftpgo-plugin-eventsearch, step-issuer, kube-bench, ory-kratos, dapr, ferretdb, grafana, azure-service-operator-fips, goose, kube-bench-fips, envoy-gateway-fips, opentelemetry-collector-contrib, seaweedfs-rocksdb, openfga,...
CVE-2026-41889 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines, temporal-server, telegraf, cerbos, dapr, gitaly, seaweedfs, step, bento, opentelemetry-collector-contrib, temporal, ferretdb, steampipe, src, jitsucom-bulker, step-ca, rke2-cloud-provider, openfga, grafana-alloy, caddy, sqlexporter, gitlab-kas,...
GHSA-J88V-2CHJ-QFWX vulnerabilities
Vulnerabilities for packages: caddy, commercial-chainloop-backend, sftpgo-plugin-eventsearch, step-issuer, kube-bench, ory-kratos, dapr, ferretdb, grafana, azure-service-operator-fips, goose, kube-bench-fips, envoy-gateway-fips, opentelemetry-collector-contrib, seaweedfs-rocksdb, openfga,...
CLEANSTART-2026-OW78143 Security fixes for CVE-2025-68156, CVE-2026-24051, CVE-2026-26958, CVE-2026-33186, ghsa-9h8m-3fm2-qjrq, ghsa-cfpf-hrx2-8rv6, ghsa-fw7p-63qq-7hpr, ghsa-p77j-4mvh-x3m3 applied in versions: 2.18.3-r0, 2.18.3-r1
Multiple security vulnerabilities affect the keda package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-JF28061 Security fixes for CVE-2026-24051, CVE-2026-26958, CVE-2026-33186, ghsa-9h8m-3fm2-qjrq, ghsa-fw7p-63qq-7hpr, ghsa-p77j-4mvh-x3m3 applied in versions: 2.19.0-r0, 2.19.0-r1
Multiple security vulnerabilities affect the keda package. These issues are resolved in later releases. See references for individual vulnerability details...
Arbitrary File Read
github.com/kedacore/keda is vulnerable to Arbitrary File Read. The vulnerability is due to insufficient path validation when loading the Service Account Token from spec.hashiCorpVault.credential.serviceAccount, which allows an attacker with permission to create or modify a TriggerAuthentication...
CVE-2025-47911 affecting package keda for versions less than 2.14.1-11
CVE-2025-47911 affecting package keda for versions less than 2.14.1-11. A patched version of the package is available...
CVE-2025-11065 affecting package keda for versions less than 2.14.1-11
CVE-2025-11065 affecting package keda for versions less than 2.14.1-11. A patched version of the package is available...
CVE-2025-58190 affecting package keda for versions less than 2.14.1-11
CVE-2025-58190 affecting package keda for versions less than 2.14.1-11. A patched version of the package is available...
CVE-2026-2303 affecting package keda for versions less than 2.14.1-11
CVE-2026-2303 affecting package keda for versions less than 2.14.1-11. A patched version of the package is available...
CVE-2025-11065 affecting package keda for versions less than 2.4.0-32
CVE-2025-11065 affecting package keda for versions less than 2.4.0-32. A patched version of the package is available...
CVE-2025-30204 affecting package keda for versions less than 2.4.0-32
CVE-2025-30204 affecting package keda for versions less than 2.4.0-32. A patched version of the package is available...
CVE-2025-47911 affecting package keda for versions less than 2.4.0-32
CVE-2025-47911 affecting package keda for versions less than 2.4.0-32. A patched version of the package is available...