Kubernetes Dashboard <1.10.1 - Authentication Bypass

Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster. id: CVE-2018-18264 info: name: Kubernetes Dashboard 1.10.1 - Authentication Bypass author: edoardottt severity: high description: | Kubernetes...

CVE-2026-41050

Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their GitRepo...

EUVD-2026-20993

Hashgraph Guardian through version 3.5.0 contains an unsandboxed JavaScript execution vulnerability in the Custom Logic policy block worker that allows authenticated Standard Registry users to execute arbitrary code by passing user-supplied JavaScript expressions directly to the Node.js Function...

ingress-nginx's `rules.http.paths.path` Ingress field can be used to inject configuration into nginx

A security issue was discovered in ingress-nginx. Tthe rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that in...

CVE-2026-24512 ingress-nginx auth-method nginx configuration injection

A security issue was discovered in ingress-nginx where the rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note tha...

EUVD-2021-12628

Malware in sbrugna...

EUVD-2023-1244

Malicious code in bioql PyPI...

CVE-2025-47274

ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol MCP servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart...

CVE-2025-3506

The CVE-2025-3506 issue affects Checkmk deployments where files to be deployed with agents are accessible without authentication, affecting Checkmk versions 2.1.0, 2.2.0, 2.3.0 and all builds prior to 2.4.0b6. The root cause described across sources is unauthenticated access to agent-deployment f...

CVE-2025-24977

CVE-2025-24977 (OpenCTI) affects OpenCTI prior to version 6.4.11. The vulnerability arises because a user with the privilege to manage customizations can misuse web-hooks to execute commands on the underlying infrastructure and access internal server-side secrets, effectively allowing a root shel...

CVE-2025-32435

Hydra is a Continuous Integration service for Nix based projects. Evaluation of untrusted non-flake nix code could potentially access secrets that are accessible by the hydra user/group. This should not affect the signing keys, that are owned by the hydra-queue-runner and hydra-www users...

CVE-2025-32435

CVE-2025-32435 affects Hydra, a CI service for Nix-based projects. The issue arises from evaluating untrusted non-flake nix code, which could allow access to secrets owned by hydra user/group. The description notes that signing keys owned by hydra-queue-runner and hydra-www are not affected. Publ...

CVE-2025-32435 Hydra no restricted eval after nix-eval-jobs migration

Hydra is a Continuous Integration service for Nix based projects. Evaluation of untrusted non-flake nix code could potentially access secrets that are accessible by the hydra user/group. This should not affect the signing keys, that are owned by the hydra-queue-runner and hydra-www users...

Remote Code Execution

k8s.io/ingress-nginx is vulnerable to Remote Code Execution. The vulnerability is due to improper request handling in the ingress-nginx controller due to the controller processing untrusted network traffic that can be manipulated to execute arbitrary code and access Secrets...

Improper Isolation or Compartmentalization

Overview Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization in the Validating Admission Controller feature. An attacker with access to the pod network can execute code, which allows them to access stored secrets. By default, the controller can access al...

CVE-2024-7959

The /openai/models endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery SSRF. An attacker can change the OpenAI URL to any URL without checks, causing the endpoint to send a request to the specified URL and return the output. This vulnerability allows the...

targetcli: weak permissions for /etc/target and backup files

An access flaw was found in targetcli, where the /etc/target and underneath backup directory/files were world-readable. This flaw allows a local attacker to access potentially sensitive information such as authentication credentials from the /etc/target/saveconfig.json and backup files. The highe...

CVE-2004-0320

Unknown vulnerability in nCipher Hardware Security Modules HSM 1.67.x through 1.99.x allows local users to access secrets stored in the module's run-time memory via certain sequences of commands...