CVE-2025-11065 vulnerabilities

Vulnerabilities for packages: docker-compose-fips, gitlab-cng, beats-fips, boring-registry-fips, crossplane-fips, jitsucom-bulker, elastic-agent-fips, gitlab-cng-fips, ratify-fips, zitadel, k9s-fips, gitlab-runner-fips, bank-vaults, kyverno-notation-aws-fips, datadog-agent, grafana-mimir-fips,...

CVE-2023-49674

A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...

CVE-2023-49673

A cross-site request forgery CSRF vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password...

CVE-2025-66001

NeuVector supports login authentication through OpenID Connect. However, the TLS verification which verifies the remote server's authenticity and integrity for OpenID Connect is not enforced by default. As a result this may expose the system to man-in-the-middle MITM attacks...

CVE-2025-66001 NeuVector OpenID Connect is vulnerable to man-in-the-middle (MITM)

NeuVector supports login authentication through OpenID Connect. However, the TLS verification which verifies the remote server's authenticity and integrity for OpenID Connect is not enforced by default. As a result this may expose the system to man-in-the-middle MITM attacks...

EUVD-2025-203112

NeuVector supports login authentication through OpenID Connect. However, the TLS verification which verifies the remote server's authenticity and integrity for OpenID Connect is not enforced by default. As a result this may expose the system to man-in-the-middle MITM attacks...

CVE-2025-66001

NeuVector’s CVE-2025-66001 involves OpenID Connect authentication where TLS verification is not enforced by default, enabling potential MITM attacks. Affected context includes NeuVector’s OpenID Connect integration and related connection types (registry, auth servers, webhooks) where TLS verifica...

OS Command Injection

github.com/neuvector/neuvector is vulnerable to OS Command Injection. The vulnerability is due to unsanitized use of the environment variables CLUSTERRPCPORT and CLUSTERLANPORT in shell commands executed via popen, which allows an attacker to inject and execute arbitrary commands within the...

Use Of Hard-coded Cryptographic Key

github.com/neuvector/neuvector is vulnerable to use of hard-coded cryptographic key. The vulnerability is due to a cryptographic key being hard-coded and embedded in the source code at compilation time, which allows an attacker with access to the code or binaries to recover the key and decrypt...

NeuVector 信任管理问题漏洞

NeuVector is an end-to-end container security platform from US-based NeuVector. The platform includes features such as image vulnerability management, access control and container process/filesystem protection. NeuVector suffers from a trust management issue vulnerability that stems from...

PT-2026-1851

Name of the Vulnerable Software and Affected Versions NeuVector affected versions not specified Description NeuVector supports login authentication through OpenID Connect. The TLS verification, which confirms the remote server’s authenticity and integrity, is not enforced by default for OpenID...

GO-2025-4235 NeuVector OpenID Connect is vulnerable to man-in-the-middle (MITM) in github.com/neuvector/neuvector

NeuVector OpenID Connect is vulnerable to man-in-the-middle MITM in github.com/neuvector/neuvector...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to the lack of enforced TLS verification in the login authentication. An attacker can intercept sensitive information or manipulate authentication data by performing a man-in-the-middle attack. Note:...

GHSA-4JJ9-CGQC-X9H5 NeuVector OpenID Connect is vulnerable to man-in-the-middle (MITM)

Impact NeuVector supports login authentication through OpenID Connect. However, the TLS verification which verifies the remote server's authenticity and integrity for OpenID Connect is not enforced by default. As a result this may expose the system to man-in-the-middle MITM attacks. Starting from...

CVE-2025-54471

NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data...

CVE-2025-54469

A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTERRPCPORT and CLUSTERLANPORT to generate a command to be executed via popen, without first sanitising their values. The entry process of the enforcer container is the monitor process. When the enforcer...

GO-2025-4044 NeuVector telemetry sender is vulnerable to MITM and DoS in github.com/neuvector/neuvector

NeuVector telemetry sender is vulnerable to MITM and DoS in github.com/neuvector/neuvector...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the enforcer that uses environment variables without sanitation. An attacker can execute arbitrary commands or cause a buffer overflow by supplying crafted input to the affected component. Remediation Upgrade...

GO-2025-4042 NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow in github.com/neuvector/neuvector

NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow in github.com/neuvector/neuvector. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

GO-2025-4043 NeuVector is shipping cryptographic material into its binary in github.com/neuvector/neuvector

NeuVector is shipping cryptographic material into its binary in github.com/neuvector/neuvector. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerabilit...