Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Cvelist
Cvelistadded 2026/04/29 1:31 p.m.26 views

CVE-2026-42520

Jenkins Credentials Binding Plugin 719.v80e905ef14eb and earlier does not sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution if Jenkins...

0.02742EPSS
Exploits0References1
Veracode
Veracodeadded 2026/03/18 7:27 a.m.3 views

Arbitrary File Read

github.com/kedacore/keda is vulnerable to Arbitrary File Read. The vulnerability is due to insufficient path validation when loading the Service Account Token from spec.hashiCorpVault.credential.serviceAccount, which allows an attacker with permission to create or modify a TriggerAuthentication...

8.2CVSS7.4AI score0.0019EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2025/12/22 9:35 p.m.6 views

CVE-2025-68476 KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential

KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The...

8.2CVSS6.9AI score0.0019EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2025/12/22 9:35 p.m.2 views

CVE-2025-68476 KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential

KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The...

8.2CVSS6.7AI score0.0019EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/12/22 12:0 a.m.2 views

PT-2025-52724

Name of the Vulnerable Software and Affected Versions KEDA versions prior to 2.17.3 KEDA versions prior to 2.18.3 Description KEDA is a Kubernetes-based Event Driven Autoscaling component. A flaw exists in KEDA that could allow an attacker with permissions to create or modify a...

8.2CVSS6.3AI score0.0019EPSS
Exploits0References11
SUSE CVE
SUSE CVEadded 2023/10/17 12:59 a.m.1 views

SUSE CVE-2023-39332

Various node:fs functions allow specifying paths as either strings or Uint8Array objects. In Node.js environments, the Buffer class extends the Uint8Array class. Node.js prevents path traversal through strings see CVE-2023-30584 and Buffer objects see CVE-2023-32004, but not through non-Buffer...

7.5CVSS7.9AI score0.00521EPSS
Exploits0References3
CNNVD
CNNVDadded 2023/10/13 12:0 a.m.1 views

Node.js path traversal vulnerability

Node.js is an open source, cross-platform JavaScript runtime environment. A path traversal vulnerability exists in Node.js version 20.x, which stems from the node:fs function allowing paths to be specified as strings or Uint8Array objects...

9.8CVSS6.8AI score0.00521EPSS
Exploits0References6
GithubExploit
GithubExploitadded 2022/01/19 2:5 p.m.709 views

Exploit for Improper Input Validation in Kubernetes

About It's exploit for CVE-2021-25741 vulnerability. This vu...

8.8CVSS8.3AI score0.33042EPSS
Exploits1
Rows per page
Query Builder