86 matches found
GHSA-VVGJ-X9JQ-8CJ9 vulnerabilities
Vulnerabilities for packages: kargo, kubo, kyverno-policy-reporter-ui, teleport, prometheus-blackbox-exporter, q, frp, kube-metrics-adapter, k8sgateway, kyverno-policy-reporter, coredns, spegel, traefik, ipfs-cluster, kubernetes-dns-node-cache, k3s, dkron, opentelemetry-operator...
CVE-2026-40898 vulnerabilities
Vulnerabilities for packages: kargo, kubo, kyverno-policy-reporter-ui, teleport, prometheus-blackbox-exporter, q, frp, kube-metrics-adapter, k8sgateway, kyverno-policy-reporter, coredns, spegel, traefik, ipfs-cluster, kubernetes-dns-node-cache, k3s, dkron, opentelemetry-operator...
CVE-2026-42350
Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo query parameter. This issue has been patched in versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2...
GHSA-389R-GV7P-R3RP vulnerabilities
Vulnerabilities for packages: kyverno, nfpm, trivy, dagger, tfsec, kaniko, kots, kubevela, trivy-operator, wolfictl, osv-scanner, grafana-alloy, gitaly, argocd-image-updater, flux-image-automation-controller, teleport, zot, gitlab-runner, goreleaser, argo-events, guac, cerbos, xeol, gomplate,...
CVE-2026-45022 vulnerabilities
Vulnerabilities for packages: melange, kubescape-server-fips, trivy-operator, flux-source-controller, redpanda-console, amazon-ssm-agent, nemo, coder-fips, gitaly-fips, gitlab-rails-ce, chainctl, argo-events, nuclei, src-fingerprint-fips, scorecard, pulumi-language-dotnet, kyverno, grype, xeol,...
CVE-2026-42350
Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo query parameter. This issue has been patched in versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2...
CVE-2026-42350 Kargo: Open Redirect in UI OIDC Login Flow via redirectTo Query Parameter
Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo query parameter. This issue has been patched in versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2...
CVE-2026-42350
Kargo Open Redirect in UI OIDC Login Flow (CVE-2026-42350). Affected versions: prior to 1.7.10, 1.8.13, 1.9.8, and 1.10.2. Root cause: open redirect via the redirectTo query parameter in the UI OIDC login flow. Impact: describes an open redirect vulnerability with potential to redirect users to e...
CVE-2026-42350
Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo query parameter. This issue has been patched in versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2...
EUVD-2026-28857
Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo query parameter. This issue has been patched in versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2...
CVE-2026-42350 Kargo: Open Redirect in UI OIDC Login Flow via redirectTo Query Parameter
Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo query parameter. This issue has been patched in versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2...
PT-2026-39215
Name of the Vulnerable Software and Affected Versions Kargo versions prior to 1.7.10 Kargo versions prior to 1.8.13 Kargo versions prior to 1.9.8 Kargo versions prior to 1.10.2 Description Kargo, which manages and automates the promotion of software artifacts, contains an open redirect in the UI...
kargo 输入验证错误漏洞
Kargo is an open-source continuous delivery tool developed by Akuity. Versions of Kargo prior to 1.7.10, 1.8.13, 1.9.8, and 1.10.2 contained a vulnerability related to input validation errors. This vulnerability stemmed from the open redirection present in the UI OIDC login process via the...
GHSA-GM2X-2G9H-CCM8 vulnerabilities
Vulnerabilities for packages: melange, kubescape-server-fips, trivy-operator, flux-source-controller, amazon-ssm-agent, nemo, flux-image-automation-controller-fips, gitaly-fips, gitlab-rails-ce, chainctl, argo-events, nuclei, src-fingerprint-fips, scorecard, pulumi-language-dotnet, kyverno, grype...
CVE-2026-34165 vulnerabilities
Vulnerabilities for packages: melange, kubescape-server-fips, trivy-operator, flux-source-controller, amazon-ssm-agent, nemo, flux-image-automation-controller-fips, gitaly-fips, gitlab-rails-ce, chainctl, argo-events, nuclei, src-fingerprint-fips, scorecard, pulumi-language-dotnet, kyverno, grype...
CVE-2026-33762 vulnerabilities
Vulnerabilities for packages: melange, kubescape-server-fips, trivy-operator, flux-source-controller, amazon-ssm-agent, nemo, flux-image-automation-controller-fips, gitaly-fips, gitlab-rails-ce, chainctl, argo-events, nuclei, src-fingerprint-fips, scorecard, pulumi-language-dotnet, kyverno, grype...
CVE-2026-33762 vulnerabilities
Vulnerabilities for packages: kyverno, nfpm, trivy, dagger, tfsec, kaniko, kots, kubevela, trivy-operator, wolfictl, osv-scanner, grafana-alloy, gitaly, argocd-image-updater, flux-image-automation-controller, teleport, zot, gitlab-runner, argo-events, guac, cerbos, xeol, gomplate, melange, chezmo...
CVE-2026-34165 vulnerabilities
Vulnerabilities for packages: kyverno, nfpm, trivy, dagger, tfsec, kaniko, kots, kubevela, trivy-operator, wolfictl, osv-scanner, grafana-alloy, gitaly, argocd-image-updater, flux-image-automation-controller, teleport, zot, gitlab-runner, argo-events, guac, cerbos, xeol, gomplate, melange, chezmo...
GHSA-GM2X-2G9H-CCM8 vulnerabilities
Vulnerabilities for packages: kyverno, nfpm, trivy, dagger, tfsec, kaniko, kots, kubevela, trivy-operator, wolfictl, osv-scanner, grafana-alloy, gitaly, argocd-image-updater, flux-image-automation-controller, teleport, zot, gitlab-runner, argo-events, guac, cerbos, xeol, gomplate, melange, chezmo...
GHSA-JHF3-XXHW-2WPP vulnerabilities
Vulnerabilities for packages: kyverno, nfpm, trivy, dagger, tfsec, kaniko, kots, kubevela, trivy-operator, wolfictl, osv-scanner, grafana-alloy, gitaly, argocd-image-updater, flux-image-automation-controller, teleport, zot, gitlab-runner, argo-events, guac, cerbos, xeol, gomplate, melange, chezmo...