151 matches found
Azure Linux 3.0 Security Update: keda (CVE-2025-29923)
The version of keda installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-29923 advisory. - go-redis is the official Redis client library for the Go programming language. Prior to 9.5.5, 9.6.3, and 9.7....
CVE-2025-68476 affecting package keda for versions less than 2.14.1-9
CVE-2025-68476 affecting package keda for versions less than 2.14.1-9. A patched version of the package is available...
GO-2025-4257 KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential in github.com/kedacore/keda
KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential in github.com/kedacore/keda...
CVE-2025-68156 affecting package keda for versions less than 2.14.1-8
CVE-2025-68156 affecting package keda for versions less than 2.14.1-8. A patched version of the package is available...
CVE-2025-68476
KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The...
AZL-72868 CVE-2025-68476 affecting package keda for versions less than 2.14.1-9
KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The...
EUVD-2025-204753
KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The...
KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential
Impact An Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The vulnerability stems from an incorrect or insufficient path validation when loading the Service Account...
PT-2025-52724
Name of the Vulnerable Software and Affected Versions KEDA versions prior to 2.17.3 KEDA versions prior to 2.18.3 Description KEDA is a Kubernetes-based Event Driven Autoscaling component. A flaw exists in KEDA that could allow an attacker with permissions to create or modify a...
AZL-72736 CVE-2025-68156 affecting package keda for versions less than 2.14.1-9
Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including flatten, min, max, mean, and median, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation...
Moderate: Red Hat Security Advisory: Custom Metrics Autoscaler Operator for Red Hat OpenShift 2.17.2-1 Update
Custom Metrics Autoscaler Operator for Red Hat OpenShift updates. The following updates for the Custom Metric Autoscaler operator for Red Hat OpenShift are now available: custom-metrics-autoscaler-adapter-container custom-metrics-autoscaler-admission-webhooks-container...
CVE-2025-22872 affecting package keda for versions less than 2.14.1-7
CVE-2025-22872 affecting package keda for versions less than 2.14.1-7. A patched version of the package is available...
CVE-2024-51744 affecting package keda for versions less than 2.14.1-6
CVE-2024-51744 affecting package keda for versions less than 2.14.1-6. A patched version of the package is available...
CVE-2025-22870 affecting package keda for versions less than 2.14.1-6
CVE-2025-22870 affecting package keda for versions less than 2.14.1-6. A patched version of the package is available...
Important: Red Hat Security Advisory: Custom Metrics Autoscaler Operator for Red Hat OpenShift 2.15.1-6 Update
Custom Metrics Autoscaler Operator for Red Hat OpenShift updates. The following updates for the Custom Metric Autoscaler operator for Red Hat OpenShift are now available: custom-metrics-autoscaler-adapter-container custom-metrics-autoscaler-admission-webhooks-container...
AZL-60450 CVE-2025-22872 affecting package keda for versions less than 2.14.1-7
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...
Azure Linux 3.0 Security Update: coredns / ig / keda (CVE-2025-29786)
The version of coredns / ig / keda installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-29786 advisory. - Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if th...
CBL Mariner 2.0 Security Update: coredns / ig / keda (CVE-2025-29786)
The version of coredns / ig / keda installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-29786 advisory. - Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if th...
Important: Red Hat Security Advisory: Custom Metrics Autoscaler Operator for Red Hat OpenShift 2.15.1-4 Update
Custom Metrics Autoscaler Operator for Red Hat OpenShift updates. The following updates for the Custom Metric Autoscaler operator for Red Hat OpenShift are now available: custom-metrics-autoscaler-adapter-container custom-metrics-autoscaler-admission-webhooks-container...
CVE-2025-22870 affecting package keda for versions less than 2.4.0-29
CVE-2025-22870 affecting package keda for versions less than 2.4.0-29. A patched version of the package is available...