Lucene search
K

396 matches found

EUVD
EUVD
added 2 days ago12 views

EUVD-2026-36101

Fission builder pods auto-mount the fission-builder ServiceAccount token in the user-supplied builder container...

4.9CVSS5.8AI score0.00255EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago11 views

EUVD-2026-36098

Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover...

9.9CVSS5.8AI score0.003EPSS
Exploits0References7
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-36094

Fission: Cross-namespace Environment reference in Package allows build-time command execution and SA token exfiltration...

7.7CVSS5.9AI score0.00231EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.8 views

Malicious code in serverless-convention (npm)

The serverless-convention npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...

6.2AI score
Exploits0References3
OSV
OSV
added 2026/06/24 11:4 p.m.4 views

MAL-2026-6434 Malicious code in serverless-convention (npm)

The serverless-convention npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.8 views

Malicious code in serverless-leo (npm)

The serverless-leo npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/06/24 11:4 p.m.4 views

MAL-2026-6435 Malicious code in serverless-leo (npm)

The serverless-leo npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

5.9AI score
Exploits0References3
NVD
NVD
added 2026/06/10 6:17 p.m.10 views

CVE-2026-50545

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Environment.spec.runtime.podSpec / spec.builder.podSpec passthrough lacked validation, and MergePodSpec propagated dangerous...

9.9CVSS0.003EPSS
Exploits0References4
NVD
NVD
added 2026/06/10 6:17 p.m.15 views

CVE-2026-46614

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, the Fission router registers an internal-style route — /fission-function/ and /fission-function// — for every Function object,...

9.8CVSS0.00353EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/10 5:34 p.m.11 views

EUVD-2026-36074

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Fission added PodSpec safety validation for tenant-facing Environment and Function CRDs ValidatePodSpecSafety /...

8.5CVSS5.5AI score0.00274EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/10 5:31 p.m.9 views

EUVD-2026-36072

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, SanitizeFilePath in pkg/utils/utils.go validated that a path stayed under a safe directory by calling strings.HasPrefixpath,...

3.6CVSS5.4AI score0.00114EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.14 views

PT-2026-48508

Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.24.0 Description Fission is an open-source, Kubernetes-native serverless framework used for deploying functions and applications on Kubernetes. The Container Executor path allows a tenant to directly supply...

9.9CVSS5.8AI score0.00274EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.15 views

PT-2026-48505

Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.24.0 Description An issue exists in the Fission serverless framework where the admission webhook fails to validate the namespace for the PackageRef.Namespace reference type. While Secret and ConfigMap reference type...

7.7CVSS5.5AI score0.00265EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.11 views

PT-2026-48503

Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.24.0 Description Fission is an open-source, Kubernetes-native serverless framework used for deploying functions and applications on Kubernetes. The buildermgr controller processes Package Custom Resource Definitions...

7.7CVSS6AI score0.00231EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.12 views

PT-2026-48504

Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.24.0 Description Fission is an open-source, Kubernetes-native serverless framework used for deploying functions and applications on Kubernetes. A flaw exists where a low-privilege developer with permissions to creat...

7.7CVSS5.8AI score0.00231EPSS
Exploits0References9
Wiz blog
Wiz blog
added 2026/05/19 1:17 p.m.25 views

Introducing Runtime Threat Detection for Google Cloud Run

Wiz Runtime Sensor support for Google Cloud Run Containers is now generally available, giving teams real-time threat detection and response for their serverless container workloads...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/04/14 11:47 a.m.4 views

Malicious Package

Overview okfe-serverless-conf is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/14 11:47 a.m.5 views

Malicious code in okfe-serverless-conf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f74a72b0853bd9a530292e0f2f74d820ea396dd35650bb3537cf4b2d8705e0dc The package okfe-serverless-conf was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/04/14 11:47 a.m.4 views

MAL-2026-2646 Malicious code in okfe-serverless-conf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f74a72b0853bd9a530292e0f2f74d820ea396dd35650bb3537cf4b2d8705e0dc The package okfe-serverless-conf was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
EUVD
EUVD
added 2026/03/26 6:41 p.m.6 views

EUVD-2026-14982

Astro: Unauthenticated Path Override via x-astro-path / xastropath...

9.1CVSS5.8AI score0.00331EPSS
Exploits1References7
Rows per page
Query Builder