Lucene search
+L

9298 matches found

Nuclei
Nuclei
added 15 hours ago255 views

MinIO Operator Console Authentication Bypass

MinIO Console is a graphical user interface for the for MinIO Operator. MinIO itself is a multi-cloud object storage project. Affected versions are subject to an authentication bypass issue in the Operator Console when an external IDP is enabled. id: CVE-2021-41266 info: name: MinIO Operator...

9.8CVSS8.3AI score0.46706EPSS
Exploits1References5
Nuclei
Nuclei
added 15 hours ago96 views

KubePi <= v1.6.4 LoginLogsSearch - Unauthorized Access

KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds. id: CVE-2023-22478 info: name: KubePi = v1.6.4 LoginLogsSearch - Unauthorized Access autho...

7.5CVSS7.1AI score0.03573EPSS
Exploits0References5
Nuclei
Nuclei
added 15 hours ago22 views

Kubernetes API Server - YAML Parsing DoS (Billion Laughs)

The Kubernetes API server is vulnerable to a denial of service attack via YAML/JSON parsing. An attacker can send a specially crafted YAML/JSON payload that causes exponential memory consumption Billion Laughs attack, leading to API server crash. id: CVE-2019-11253 info: name: Kubernetes API Serv...

7.5CVSS6.3AI score0.25939EPSS
Exploits2References3
Nuclei
Nuclei
added 15 hours ago30 views

Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-url` Annotation

A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the auth-url Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...

8.8CVSS7.2AI score0.31809EPSS
Exploits8References3
Nuclei
Nuclei
added yesterday77 views

KubeView <=0.1.31 - Information Disclosure

KubeView through 0.1.31 is susceptible to information disclosure. An attacker can obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication and retrieves certificate files that can be used for authentication as kube-admin. An attacker can thereby possib...

9.8CVSS8.5AI score0.51696EPSS
Exploits1References5
OSV
OSV
added 2 days ago5 views

GHSA-CWXQ-RC9X-2JVV Skipper: Unbounded Request Body Read in Admission Webhook Causes Memory Exhaustion DoS

Summary The Kubernetes admission webhook handler reads the entire request body using io.ReadAllr.Body without any size limit. Any client that can reach the webhook port within the cluster can send a multi-GB payload, causing the skipper process to exhaust memory and be OOM-killed. This disrupts a...

4.3CVSS5.5AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2 days ago10 views

Skipper: Unbounded Request Body Read in Admission Webhook Causes Memory Exhaustion DoS

Summary The Kubernetes admission webhook handler reads the entire request body using io.ReadAllr.Body without any size limit. Any client that can reach the webhook port within the cluster can send a multi-GB payload, causing the skipper process to exhaust memory and be OOM-killed. This disrupts a...

5.5AI score
Exploits0References3Affected Software1
Nuclei
Nuclei
added 2 days ago620 views

Debug Endpoint pprof - Exposure Detection

The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8,...

8.2CVSS6.7AI score0.61139EPSS
Exploits0References5
Nuclei
Nuclei
added 2 days ago46 views

Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-tls-match-cn` Annotation

A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of...

8.8CVSS7.2AI score0.34677EPSS
Exploits7References3
Nuclei
Nuclei
added 2 days ago82 views

KubeOperator Foreground `kubeconfig` - File Download

KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used t...

9.8CVSS8.1AI score0.66768EPSS
Exploits0References5
Nuclei
Nuclei
added 2 days ago414 views

Ingress-Nginx Controller - Remote Code Execution

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. Note...

9.8CVSS7.8AI score0.99098EPSS
Exploits20References5
NVD
NVD
added 3 days ago7 views

CVE-2026-44181

Jupyter Enterprise Gateway launches remote Jupyter Notebook kernels across distributed clusters like Apache Spark, Kubernetes, and Docker Swarm. In versions 2.0.0rc2 and above, prior to 3.3.0, the environment variables KERNELXXX used during the rendering of the Kubernetes manifest are vulnerable ...

10CVSS0.0046EPSS
Exploits0References2
NVD
NVD
added 3 days ago9 views

CVE-2026-44182

Jupyter Enterprise Gateway launches remote Jupyter Notebook kernels across distributed clusters like Apache Spark, Kubernetes, and Docker Swarm. In versions prior to 3.3.0, the server interpolates untrusted environment variables e.g., KERNELXXX into Kubernetes manifests without YAML-aware escapin...

10CVSS0.00347EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-44182 Jupyter Enterprise Gateway Has Kubernetes Manifest Injection via Jinja2 Template Rendering

Jupyter Enterprise Gateway launches remote Jupyter Notebook kernels across distributed clusters like Apache Spark, Kubernetes, and Docker Swarm. In versions prior to 3.3.0, the server interpolates untrusted environment variables e.g., KERNELXXX into Kubernetes manifests without YAML-aware escapin...

10CVSS0.00347EPSS
Exploits0References2
CVE
CVE
added 3 days ago30 views

CVE-2026-44182

CVE-2026-44182 affects Jupyter Enterprise Gateway before v3.3.0, where untrusted environment variables (KERNEL_XXX) are interpolated into Kubernetes manifests via a Jinja2 template without YAML-aware escaping. This YAML-injection can overwrite keys like securityContext, inject multi-document YAML...

10CVSS6.2AI score0.00347EPSS
Exploits0References2
OSV
OSV
added 3 days ago3 views

CVE-2026-44182 Jupyter Enterprise Gateway Has Kubernetes Manifest Injection via Jinja2 Template Rendering

Jupyter Enterprise Gateway launches remote Jupyter Notebook kernels across distributed clusters like Apache Spark, Kubernetes, and Docker Swarm. In versions prior to 3.3.0, the server interpolates untrusted environment variables e.g., KERNELXXX into Kubernetes manifests without YAML-aware escapin...

10CVSS5.7AI score0.00347EPSS
Exploits0References4
CVE
CVE
added 3 days ago60 views

CVE-2026-44181

This CVE (CVE-2026-44181) affects Jupyter Enterprise Gateway (versions 2.0.0rc2–

10CVSS6.2AI score0.0046EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-44181 Jupyter Enterprise Gateway: Jinja2 Template Server Side Template Injection results in Remote Code Execution

Jupyter Enterprise Gateway launches remote Jupyter Notebook kernels across distributed clusters like Apache Spark, Kubernetes, and Docker Swarm. In versions 2.0.0rc2 and above, prior to 3.3.0, the environment variables KERNELXXX used during the rendering of the Kubernetes manifest are vulnerable ...

10CVSS0.0046EPSS
Exploits0References2
OSV
OSV
added 3 days ago9 views

CVE-2026-44181 Jupyter Enterprise Gateway: Jinja2 Template Server Side Template Injection results in Remote Code Execution

Jupyter Enterprise Gateway launches remote Jupyter Notebook kernels across distributed clusters like Apache Spark, Kubernetes, and Docker Swarm. In versions 2.0.0rc2 and above, prior to 3.3.0, the environment variables KERNELXXX used during the rendering of the Kubernetes manifest are vulnerable ...

10CVSS5.9AI score0.0046EPSS
Exploits0References4
NVD
NVD
added 3 days ago8 views

CVE-2026-62994

CoreDNS is a DNS server written in Go. From 1.9.4 until 1.14.5, a network DNS client allowed to request AXFR for a CoreDNS zone can trigger a panic when CoreDNS is configured with k8sexternal headless-service zone transfers and Kubernetes contains a headless service endpoint with no declared port...

3.7CVSS0.00275EPSS
Exploits0References4
Rows per page
Query Builder