CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

162 matches found

Positive Technologies•added 2 days ago•6 views

PT-2026-46125

Summary The environment variables KERNEL XXX used during the rendering of the Kubernetes manifest are vulnerable to Server Side Template Injection SSTI. By including Jinja2 template expressions it is possible to execution Python code and OS Commands in the Enterprise Gateway service. The code can...

10CVSS6.4AI score

Exploits0References3

Hive Pro Threat Advisories•added 2026/05/29 10:20 a.m.•14 views

Kubernetes Security Scanning: A DevSecOps Guide

A clean container image is not proof of a secure Kubernetes workload. New CVEs, unsafe configurations, and excessive permissions can turn an approved deployment into an active exposure. Contact Hive Pro to review your Kubernetes container security priorities. Kubernetes security scanning is the...

5.8AI score

Exploits0

OSV•added 2026/05/21 9:40 p.m.•4 views

GHSA-FQW6-GF59-QR4W containerd user ID handling bypass allows runAsNonRoot evasion

Impact A bug was found in containerd where containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username. If a crafted image provides an /etc/passwd file mapping this large numeric string to root, the container ultimately runs as...

7.3CVSS5.7AI score

Exploits1References2

Snyk•added 2026/05/21 9:40 p.m.•6 views

Access of Resource Using Incompatible Type ('Type Confusion')

Overview Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via improper handling of numeric User directives in container configuration. An attacker can gain elevated privileges by supplying a crafted image with an /etc/passwd file that...

7.1CVSS5.7AI score

Exploits1References2

Packet Storm News•added 2026/03/27 12:0 a.m.•0 views

SPARK: Secure Predictive Autoscaling for Robust Kubernetes

Achieving high availability and robust security in Kubernetes requires more than reactive scaling and standard perimeter firewalls. Traditional autoscalers, such as HPA, often fail to react quickly to traffic spikes and cannot distinguish between legitimate flash crowds and DDoS attacks. We prese...

5.9AI score

Exploits0

CNNVD•added 2026/03/20 12:0 a.m.•2 views

Kubernetes（K8s）安全漏洞

Kubernetes K8s is an open-source system developed under the Kubernetes project, used for automated deployment, scaling, and management of containerized applications. There is a security vulnerability in Kubernetes K8s, which stems from insufficient validation of the subDir parameter in volume...

6.5CVSS6.6AI score0.00113EPSS

Exploits0References3

Snyk•added 2026/03/18 4:41 a.m.•2 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the proxy module due to blindly trusting ExternalIPs/LoadBalancer IPs. An attacker can redirect cluster-wide network traffic or disrupt DNS services by assigning arbitrary external IPs or loadBalancer IPs withou...

7.1CVSS6AI score0.00063EPSS

Exploits1References2

OSV•added 2026/02/17 6:47 p.m.•2 views

SUSE-SU-2026:0572-1 Security update for kubernetes

This update for kubernetes rebuilds it against the current GO security release...

5.4AI score

Exploits0References1

Github Security Blog•added 2026/02/12 10:6 p.m.•3 views

Unauthenticated Admission Webhook Endpoints in Yoke ATC

Unauthenticated Admission Webhook Endpoints in Yoke ATC This vulnerability exists in the Air Traffic Controller ATC component of Yoke, a Kubernetes deployment tool. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send...

7.5CVSS6.4AI score0.00118EPSS

Exploits1References4Affected Software1

OSV•added 2026/01/30 4:29 p.m.•0 views

CLEANSTART-2026-IB84500 security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion

Multiple security vulnerabilities affect the kubernetes-fips package. A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. See references for individual vulnerability details...

9.8CVSS5.6AI score0.00007EPSS

Exploits0References6

RedhatCVE•added 2026/01/09 8:33 a.m.•4 views

CVE-2024-39690

Capsule is a multi-tenancy and policy-based framework for Kubernetes. In Capsule v0.7.0 and earlier, the tenant-owner can patch any arbitrary namespace that has not been taken over by a tenant i.e., namespaces without the ownerReference field, thereby gaining control of that namespace. Version...

8.8CVSS6.6AI score0.00206EPSS

Exploits1References1

IBM Security Bulletins•added 2025/11/20 2:27 p.m.•5 views

Security Bulletin: Astronomer with IBM is vulnerable to authorization bypass due to the Kubernetes NodeRestriction functionality (CVE-2025-4563)

Summary Kubernetes is used by Astronomer with IBM as part of overall processing and deployment. Vulnerability Details CVEID:CVE-2025-4563 DESCRIPTION: A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When t...

2.7CVSS7.6AI score0.00112EPSS

Exploits0Affected Software1

EUVD•added 2025/11/06 12:23 a.m.•3 views

EUVD-2025-37859

MARIN3R is a lightweight, CRD based envoy control plane for kubernetes. In versions 0.13.3 and below, there is a cross-namespace secret access vulnerability in the project's DiscoveryServiceCertificate which allows users to bypass RBAC and access secrets in unauthorized namespaces. This issue is...

8.7CVSS5.9AI score0.00048EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-13482

Malware in sbrugna...

7.2CVSS6.9AI score0.00329EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2016-6341

Malware in sbrugna...

6.8CVSS6.4AI score0.00181EPSS

Exploits0References4