Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Veracode
Veracodeadded 2026/03/18 7:27 a.m.3 views

Arbitrary File Read

github.com/kedacore/keda is vulnerable to Arbitrary File Read. The vulnerability is due to insufficient path validation when loading the Service Account Token from spec.hashiCorpVault.credential.serviceAccount, which allows an attacker with permission to create or modify a TriggerAuthentication...

8.2CVSS7.4AI score0.0019EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVEadded 2026/01/06 12:24 a.m.1 views

SUSE CVE-2025-68476

KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The...

8.2CVSS7AI score0.0019EPSS
Exploits0References2
OSV
OSVadded 2025/12/22 10:16 p.m.1 views

AZL-72868 CVE-2025-68476 affecting package keda for versions less than 2.14.1-9

KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The...

8.2CVSS7.2AI score0.0019EPSS
Exploits0References1
NVD
NVDadded 2025/12/22 10:16 p.m.5 views

CVE-2025-68476

KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The...

8.2CVSS0.0019EPSS
Exploits0References2
CVE
CVEadded 2025/12/22 9:35 p.m.8 views

CVE-2025-68476

CVE-2025-68476 affects KEDA . Prior to versions 2.17.3 and 2.18.3 , there is an Arbitrary File Read via insufficient path validation when loading the Service Account Token in spec.hashiCorpVault.credential.serviceAccount . An attacker with permissions to create/modify a TriggerAuthentication reso...

8.2CVSS6.7AI score0.0019EPSS
Exploits0References2
OSV
OSVadded 2025/12/22 8:8 p.m.3 views

GHSA-C4P6-QG4M-9JMR KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential

Impact An Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The vulnerability stems from an incorrect or insufficient path validation when loading the Service Account...

8.2CVSS7.2AI score0.0019EPSS
Exploits0References4
Snyk
Snykadded 2025/12/22 8:8 p.m.1 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient validation of the serviceAccount path in the HashiCorp Vault authentication process. An attacker can access and exfiltrate arbitrary files from the node's filesystem by creating or modifying a...

8.2CVSS7.8AI score0.0019EPSS
Exploits0References3
CNNVD
CNNVDadded 2025/12/22 12:0 a.m.2 views

keda 安全漏洞

keda is a Kubernetes scaling software open source by KEDA. A security vulnerability exists in keda versions prior to 2.17.3 and prior to 2.18.3, which stems from insufficient path validation in TriggerAuthentication and could lead to arbitrary file reads...

8.2CVSS7.6AI score0.0019EPSS
Exploits0References3
Rows per page
Query Builder