29 matches found
CVE-2026-44882 Portainer: Kubernetes middleware continues after token validation failure, bypassing endpoint authorization
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33., Portainer proxies requests to Kubernetes clusters through a middleware layer...
PT-2026-41142
Name of the Vulnerable Software and Affected Versions portainer-ce versions 2.33.0 through 2.33.7 portainer-ce-agent versions 2.33.0 through 2.33.7 Description An authorization bypass exists in the middleware layer kubeClientMiddleware within the api/http/handler/kubernetes/handler.go file. The...
Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.19.3 security update
Important: Red Hat OpenShift GitOps v1.19.3 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-9158 OpenShift Gitops Operator v1.19.2 has hardcoded pod-security labels which conflict OCP = 4.16 GITOPS-9587 multiple CVEs in ose-kube-rbac-pro...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass in the proxy module due to blindly trusting ExternalIPs/LoadBalancer IPs. An attacker can redirect cluster-wide network traffic or disrupt DNS services by assigning arbitrary external IPs or loadBalancer IPs withou...
GitLab 15.10 < 18.3.6 / 18.4 < 18.4.4 / 18.5 < 18.5.2 (CVE-2025-11224)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to execute stor...
BIT-GITLAB-2025-11224 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to execute stored cross-site scripting through improper input validation in the Kubernetes proxy functionality...
CVE-2025-11224
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to execute stored cross-site scripting through improper input validation in the Kubernetes proxy functionality...
CVE-2025-11224
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to execute stored cross-site scripting through improper input validation in the Kubernetes proxy functionality...
UBUNTU-CVE-2025-11224
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to execute stored cross-site scripting through improper input validation in the Kubernetes proxy functionality...
CVE-2025-11224
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to execute stored cross-site scripting through improper input validation in the Kubernetes proxy functionality...
CVE-2025-11224
GitLab CE/EE prior to 18.3.6 (for 15.10 series), prior to 18.4.4, and prior to 18.5.2 were affected by a vulnerability in the Kubernetes proxy input validation that could allow an authenticated user to execute stored cross-site scripting. The issue is caused by improper input validation in the Ku...
CVE-2025-11224 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to execute stored cross-site scripting through improper input validation in the Kubernetes proxy functionality...
CVE-2025-11224
Removed by vendor...
CVE-2025-11224 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to execute stored cross-site scripting through improper input validation in the Kubernetes proxy functionality...
CVE-2025-11224 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to execute stored cross-site scripting through improper input validation in the Kubernetes proxy functionality...
GitLab CE/EE 跨站脚本漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A cross-site scripting vulnerability exists in GitLab CE/EE versions prior to 18.3.6,...
Linux Distros Unpatched Vulnerability : CVE-2025-11224
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allow...
Gitlab -- vulnerabilities
Gitlab reports: Cross-site scripting issue in k8s proxy impacts GitLab CE/EE Incorrect Authorization issue in workflows impacts GitLab EE Information Disclosure issue in GraphQL subscriptions impacts GitLab CE/EE Information Disclosure issue in access control impacts GitLab CE/EE Prompt Injection...
Security Bulletin: IBM Financial Transaction Manager is impacted by a DNS cache poisoning vulnerability in RedHat Proxy for Kubernetes RBAC authorization
Summary IBM Financial Transaction Manager for RedHat OpenShift has addressed the following vulnerability. Vulnerability Details CVEID:CVE-2025-40778 DESCRIPTION: Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into t...
EUVD-2024-34001
Malicious code in bioql PyPI...