1060 matches found
CVE-2026-28229 Argo Workflows has unauthorized access to Argo Workflows Template
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates and ClusterWorkflowTemplates. Any request with a Authorization: Bearer nothing...
CVE-2026-28229
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates and ClusterWorkflowTemplates. Any request with a Authorization: Bearer nothing...
CVE-2026-28229 Argo Workflows has unauthorized access to Argo Workflows Template
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates and ClusterWorkflowTemplates. Any request with a Authorization: Bearer nothing...
CVE-2026-28229 Argo Workflows has unauthorized access to Argo Workflows Template
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates and ClusterWorkflowTemplates. Any request with a Authorization: Bearer nothing...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the workflowtemplateserver and clusterworkflowtemplateserver components. An attacker can obtain sensitive information, such as embedded secrets and resource manifests, by sending unauthorized requests with a...
Unauthorized access to Argo Workflows Template
Summary Workflow templates endpoints allow any client to retrieve WorkflowTemplates and ClusterWorkflowTemplates. Any request with a Authorization: Bearer nothing token can leak sensitive template content, including embedded Secret manifests. Details...
EUVD-2026-11196
Unauthorized access to Argo Workflows Template...
Argo Workflows 安全漏洞
Argo Workflows is an open-source, container-native workflow engine for Kubernetes, part of the Argo project. Versions prior to Argo Workflows 4.0.2 and 3.7.11 contained security vulnerabilities. These vulnerabilities stemmed from the workflow template endpoints, which allowed any client to access...
Argo Workflows 安全漏洞
Argo Workflows is an open-source container-native workflow engine for Kubernetes, part of the Argo project. Versions prior to Argo Workflows 4.0.2 and 3.7.11 contained security vulnerabilities. These vulnerabilities stemmed from the ability for users to bypass all security settings in the...
PT-2026-24701
Name of the Vulnerable Software and Affected Versions Argo Workflows versions 2.9.0 through 4.0.1 Argo Workflows version 3.7.11 Description Argo Workflows is a container-native workflow engine for Kubernetes. A user who can submit Workflows can bypass security settings defined in a WorkflowTempla...
PT-2026-24700
Name of the Vulnerable Software and Affected Versions Argo Workflows versions prior to 4.0.2 and 3.7.11 Description Argo Workflows, an open source container-native workflow engine for Kubernetes, has an issue where Workflow templates endpoints allow any client to retrieve WorkflowTemplates and...
CVE-2026-25679 vulnerabilities
Vulnerabilities for packages: cfssl-fips, k9s-fips, longhorn-share-manager-fips, terraform-provider-time-fips, coredns-fips, helm, xeol-fips, kaniko, flux-notification-controller, nri-rabbitmq, mcp-grafana, prometheus, wave, nri-rabbitmq-fips, dex-k8s-authenticator, consul-fips, kube-mgmt-fips,...
GHSA-J4J7-VW47-RHFQ vulnerabilities
Vulnerabilities for packages: k9s-fips, longhorn-share-manager-fips, terraform-provider-time-fips, coredns-fips, helm, xeol-fips, flux-notification-controller, mcp-grafana, prometheus, dex-k8s-authenticator, consul-fips, terraform-provider-grafana, cerbos-fips, memcached-exporter-fips,...
GHSA-RV83-G57W-FR8J vulnerabilities
Vulnerabilities for packages: k9s-fips, longhorn-share-manager-fips, terraform-provider-time-fips, coredns-fips, helm, xeol-fips, kaniko, flux-notification-controller, nri-rabbitmq, mcp-grafana, prometheus, wave, nri-rabbitmq-fips, dex-k8s-authenticator, kratos, consul-fips, kube-mgmt-fips,...
CVE-2026-29063 vulnerabilities
Vulnerabilities for packages: vitess, rancher-api-ui, argo-workflows...
GHSA-WF6X-7X77-MVGW vulnerabilities
Vulnerabilities for packages: vitess, rancher-api-ui, argo-workflows...
CVE-2026-29063 vulnerabilities
Vulnerabilities for packages: argo-workflows, vitess, rancher-api-ui...
GHSA-WF6X-7X77-MVGW vulnerabilities
Vulnerabilities for packages: argo-workflows, vitess, rancher-api-ui...
Before You Hand over the Wheel: Evaluating LLMs for Security Incident Analysis
Security incident analysis SIA poses a major challenge for security operations centers, which must manage overwhelming alert volumes, large and diverse data sources, complex toolchains, and limited analyst expertise. These difficulties intensify because incidents evolve dynamically and require...
Malicious AI Assistant Extensions Harvest LLM Chat Histories
Microsoft Defender has been investigating reports of malicious Chromium‑based browser extensions that impersonate legitimate AI assistant tools to harvest LLM chat histories and browsing data. Reporting indicates these extensions have reached approximately 900,000 installs. Microsoft Defender...