CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

720 matches found

CVE-2026-10609

A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrat...

6.8CVSS5.9AI score

Exploits0References3

EUVD•added 5 days ago•9 views

EUVD-2026-36641

Grafana Operator: Privilege escalation from namespace admin to cluster admin via GrafanaDashboard jsonnetLib fileName...

6.4CVSS5.8AI score0.0032EPSS

Exploits0References3

AstraLinux•added 5 days ago•5 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mac80211: Only QoS data frames are tracked for admission control. For admission control, it clearly only applies to QoS data frames. Otherwise, we wouldn’t even be able to access the QoS field in the header. Syzbot reported an...

5.5CVSS5.6AI score0.00222EPSS

Exploits0References2

RedHat Linux•added last week•12 views

Important: Red Hat Security Advisory: Custom Metrics Autoscaler Operator for Red Hat OpenShift 2.19.0-1 Update

Custom Metrics Autoscaler Operator for Red Hat OpenShift updates. The following updates for the Custom Metric Autoscaler operator for Red Hat OpenShift are now available: custom-metrics-autoscaler-adapter-container custom-metrics-autoscaler-admission-webhooks-container...

10CVSS7.1AI score0.00765EPSS

Exploits4References13

EUVD•added 2026/06/14 12:30 a.m.•9 views

EUVD-2026-36655

A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Admin/createStudents.php. Performing a manipulation of the argument admissionNumber results in sql injection. Remote exploitation of the attack is...

5.8CVSS5.2AI score0.00214EPSS

Exploits0References7

NVD•added 2026/06/13 11:16 p.m.•11 views

CVE-2026-12175

5.8CVSS0.00214EPSS

Exploits0References6

Vulnrichment•added 2026/06/13 10:45 p.m.•7 views

CVE-2026-12175 CodeAstro Student Attendance Management System createStudents.php sql injection

5.8CVSS5.1AI score0.00214EPSS

Exploits0References6

Cvelist•added 2026/06/13 10:45 p.m.•22 views

CVE-2026-12175 CodeAstro Student Attendance Management System createStudents.php sql injection

5.8CVSS0.00214EPSS

Exploits0References6

CVE•added 2026/06/13 4:17 a.m.•33 views

CVE-2026-11769

Grafana Operator CVE-2026-11769 affects all versions

6.4CVSS5.5AI score0.0032EPSS

Exploits0References1

Positive Technologies•added 2026/06/13 12:0 a.m.•12 views

PT-2026-49100

Name of the Vulnerable Software and Affected Versions CodeAstro Student Attendance Management System version 1.0 Description An issue exists in the file '/attendance-php/Admin/createStudents.php' where manipulating the admissionNumber argument allows for SQL injection, which is a technique used t...

5.8CVSS5.3AI score0.00214EPSS

Exploits0References12

NVD•added 2026/06/10 6:17 p.m.•14 views

CVE-2026-50570

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Fission added PodSpec safety validation for tenant-facing Environment and Function CRDs ValidatePodSpecSafety /...

8.5CVSS0.00274EPSS

Exploits0References3

NVD•added 2026/06/10 6:17 p.m.•10 views

CVE-2026-49824

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Fission Function admission webhook pkg/webhook/function.go validated that spec.secrets.namespace and spec.configmaps.namespace...

8.5CVSS0.00223EPSS

Exploits0References3

EUVD•added 2026/06/10 5:34 p.m.•9 views

EUVD-2026-36074

8.5CVSS5.5AI score0.00274EPSS

Exploits0References3

CVE•added 2026/06/10 5:34 p.m.•12 views

CVE-2026-50570

Fission prior to v1.25.0 allowed tenant-created Function/Environment CRDs to request securityContext.capabilities.add: ["SYS_TIME"] despite a fixed denylist (SYS_ADMIN, NET_ADMIN, SYS_PTRACE, SYS_MODULE, DAC_READ_SEARCH, DAC_OVERRIDE). The validation/merge-layer sanitization did not block CAP_SYS...

8.5CVSS5.5AI score0.00274EPSS

Exploits0References3

EUVD•added 2026/06/10 5:25 p.m.•9 views

EUVD-2026-36097

8.5CVSS5.4AI score0.00223EPSS

Exploits0References3

CVE•added 2026/06/10 5:25 p.m.•9 views

CVE-2026-49824

Fission (Kubernetes-native serverless framework) prior to v1.24.0 allowed a cross-namespace environment reference via the Function admission webhook because spec.environment.namespace was not validated, unlike spec.secrets[].namespace and spec.configmaps[].namespace. The issue affects the Functio...

8.5CVSS5.4AI score0.00223EPSS

Exploits0References3

Cvelist•added 2026/06/10 5:25 p.m.•24 views

CVE-2026-49824 Fission: Cross-namespace Environment reference via unvalidated EnvironmentRef in Function admission webhook

8.5CVSS0.00223EPSS

Exploits0References3

Vulnrichment•added 2026/06/10 5:23 p.m.•6 views

CVE-2026-49823 Fission: Cross-namespace Package read via unvalidated PackageRef in Function admission webhook

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a Fission Function spec carries three reference types — Secret, ConfigMap, and Package. The first two were namespace-validated by...

7.7CVSS5.4AI score0.00265EPSS

Exploits0References3

Cvelist•added 2026/06/10 5:23 p.m.•25 views

CVE-2026-49823 Fission: Cross-namespace Package read via unvalidated PackageRef in Function admission webhook

7.7CVSS0.00265EPSS

Exploits0References3

EUVD•added 2026/06/10 5:23 p.m.•7 views

EUVD-2026-36096

7.7CVSS5.4AI score0.00265EPSS

Exploits0References3

Rows per page