CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

27 matches found

EUVD•added 2026/04/24 3:19 p.m.•3 views

EUVD-2026-25280

Contour has Lua code injection via Cookie Path Rewrite Policy...

8.1CVSS5.3AI score0.00071EPSS

Exploits0References7

RedhatCVE•added 2026/03/26 2:57 p.m.•1 views

CVE-2026-26308

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, the Envoy RBAC Role-Based Access Control filter contains a logic vulnerability in how it validates HTTP headers when multiple values are present for the same header name. Instead of validating eac...

8.2CVSS5.8AI score0.00003EPSS

Exploits1References1

OSV•added 2025/10/21 8:26 p.m.•2 views

GHSA-H773-7GF7-9M2X NeuVector is shipping cryptographic material into its binary

Impact NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data. In the patched version, NeuVector leverages the Kubernetes secre...

6.5CVSS6.8AI score0.00046EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-2497

Malicious code in bioql PyPI...

9.9CVSS9.1AI score0.00919EPSS

Exploits1References10

RedhatCVE•added 2025/05/23 6:9 a.m.•1 views

CVE-2023-25163

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v2.6.0-rc1 have an output sanitization bug which leaks repository access credentials in error messages. These error messages are visible to the user, and they are logged. The error...

6.5CVSS6.9AI score0.00121EPSS

Exploits0References1

OSV•added 2024/03/15 4:33 p.m.•18 views

GHSA-G623-JCGG-MHMM Users with `create` but not `override` privileges can perform local sync

Impact "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it allows the user to bypass any merge protections in git. An improper...

6.4CVSS6.5AI score0.00024EPSS

Exploits0References5

OSV•added 2024/03/15 7:17 a.m.•18 views

BIT-ARGO-CD-2023-50726 Users with `create` but not `override` privileges can perform local sync in argo-cd

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it...

6.4CVSS6.6AI score0.00024EPSS

Exploits0References4

RedhatCVE•added 2024/03/14 5:7 a.m.•22 views

CVE-2023-50726

A flaw was found in the Argo CD package. An improper validation bug allows users to sync local manifests on app creation, who have create privileges but not override privileges. All other restrictions, including AppProject restrictions, are still enforced. The only restriction that is not enforce...

6.4CVSS6.3AI score0.00024EPSS

Exploits0References6

NVD•added 2024/03/13 9:15 p.m.•12 views

CVE-2023-50726

6.4CVSS6.7AI score0.00024EPSS

Exploits0References3

Prion•added 2024/03/13 9:15 p.m.•18 views

Input validation

5.5CVSS7AI score0.00024EPSS

Exploits0References3

Vulnrichment•added 2024/03/13 8:50 p.m.•13 views

CVE-2023-50726 Users with `create` but not `override` privileges can perform local sync in argo-cd

6.4CVSS6.4AI score0.00024EPSS

Exploits0References3

Cvelist•added 2024/03/13 8:50 p.m.•25 views

CVE-2023-50726 Users with `create` but not `override` privileges can perform local sync in argo-cd

6.4CVSS6.6AI score0.00024EPSS

Exploits0References3

Positive Technologies•added 2024/03/13 12:0 a.m.•2 views

PT-2024-2562 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions 1.2.0-rc1 through 2.10.2 Argo CD versions 1.2.0-rc1 through 2.9.7 Argo CD versions 1.2.0-rc1 through 2.8.11 Description: The issue is related to improper validation in Argo CD, a declarative, GitOps continuous delivery tool f...

6.4CVSS7.3AI score0.00024EPSS

Exploits0References14

OSV•added 2024/03/06 10:50 a.m.•20 views

BIT-ARGO-CD-2023-40029

Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored inkubectl.kubernetes.io/last-applied-configuration annotation. pull request 7139 introduced the ability ...

9.9CVSS9.2AI score0.00919EPSS

Exploits1References3

Github Security Blog•added 2023/09/11 12:59 p.m.•32 views

Argo CD cluster secret might leak in cluster details page

Impact Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored inkubectl.kubernetes.io/last-applied-configuration annotation. https://github.com/argoproj/argo-cd/pull/7139 introduced the ability to manage cluster labels and...

9.9CVSS6.6AI score0.00919EPSS

Exploits1References10Affected Software1

NVD•added 2023/09/07 11:15 p.m.•18 views

CVE-2023-40029

9.9CVSS9.4AI score0.00919EPSS

Exploits1References3

Prion•added 2023/09/07 11:15 p.m.•17 views

Design/Logic Flaw

5.5CVSS9.1AI score0.00919EPSS

Exploits1References3Affected Software1

Vulnrichment•added 2023/09/07 10:11 p.m.•18 views

CVE-2023-40029 Cluster secret might leak in cluster details page in Argo CD