CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

569 matches found

Chainguard•added last week•4 views

GHSA-WFQV-66VQ-46RM vulnerabilities

Vulnerabilities for packages: kyverno-notation-aws, kyverno-notation-aws-fips...

5.8AI score

Exploits0

Chainguard•added last week•5 views

CVE-2026-24122 vulnerabilities

Vulnerabilities for packages: kyverno-notation-aws, kyverno-notation-aws-fips...

3.7CVSS5.8AI score0.00197EPSS

Exploits2

Wolfi•added last week•5 views

CVE-2026-24122 vulnerabilities

Vulnerabilities for packages: kyverno-notation-aws...

3.7CVSS5.2AI score0.00197EPSS

Exploits2

Wolfi•added last week•4 views

GHSA-WFQV-66VQ-46RM vulnerabilities

Vulnerabilities for packages: kyverno-notation-aws...

5.2AI score

Exploits0

OSV•added 2026/06/11 12:37 a.m.•5 views

CLEANSTART-2026-KV53168 Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU

Security vulnerability affects the kyverno-policy-reporter-kyverno-plugin package. Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...

9.8CVSS5.5AI score0.00384EPSS

Exploits0References3

RedhatCVE•added 2026/06/05 7:25 p.m.•8 views

CVE-2026-44245

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 2.5.2, Vue 3's v-html directive is the framework-documented mechanism for injecting raw HTML, and it intentionally disables the auto-escaping that interpolation provides. The PropertyCard.vue component uses...

6.1CVSS5.6AI score0.00183EPSS

Exploits1References1

RedhatCVE•added 2026/06/05 7:21 p.m.•7 views

CVE-2026-41323

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has n...

9.1CVSS5.4AI score0.0056EPSS

Exploits1References1

RedhatCVE•added 2026/06/05 7:21 p.m.•6 views

CVE-2026-41068

Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's apiCall context by validating the URLPath field. However, the ConfigMap context loader has the identical vulnerability — the...

7.7CVSS5.5AI score0.00266EPSS

Exploits1References1

RedhatCVE•added 2026/06/05 7:20 p.m.•7 views

CVE-2026-41485

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.17.2 and 1.16.4, an unchecked type assertion in the forEach mutation handler allows any user with permission to create a Policy or ClusterPolicy to crash the cluster-wide background controller int...

7.7CVSS5.5AI score0.00369EPSS

Exploits1References1

Chainguard•added 2026/06/04 7:17 p.m.•7 views

GHSA-VVGJ-X9JQ-8CJ9 vulnerabilities

Vulnerabilities for packages: rke2-runtime, coredns, rke2-runtime-fips, kube-metrics-adapter-fips, opentelemetry-operator-fips, k3s, kyverno-policy-reporter-plugins-trivy, teleport, k8sgateway-fips, syncthing-fips, traefik, traefik-fips, kube-metrics-adapter, kyverno-policy-reporter-fips,...

5.8AI score

Exploits0

Chainguard•added 2026/06/04 7:17 p.m.•9 views

CVE-2026-40898 vulnerabilities

7.5CVSS5.8AI score0.00488EPSS

Exploits0

Wolfi•added 2026/06/02 1:48 a.m.•9 views

GHSA-WRH2-89VG-4J9G vulnerabilities

Vulnerabilities for packages: kine, snyk-cli, crossplane-provider-azure-storage, gitea, traefik, opentelemetry-collector, istio, minio, telegraf, crossplane-provider-aws-elasticache, grafana-pyroscope, argo-cd, nerdctl, zot, hubble, k3s, vitess, kubernetes, cilium, hydra, gptscript,...

5.8AI score

Exploits0

Wolfi•added 2026/06/02 1:48 a.m.•11 views

GHSA-W9P8-PVXH-RXPJ vulnerabilities

5.8AI score

Exploits0

Wolfi•added 2026/06/02 1:48 a.m.•11 views

GHSA-M9X8-M34X-FJ9Q vulnerabilities

5.8AI score

Exploits0

Wolfi•added 2026/06/02 1:48 a.m.•13 views

GHSA-CG87-VWWH-XVGJ vulnerabilities