277 matches found
CVE-2026-55882
Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.19.5 through 0.37.3, the Tilt HUD server mounts Go net/http/pprof handlers under /debug with no access control. When the HUD or apiserver listener is network-exposed, an unauthenticated caller can read process memor...
CVE-2026-10532 vulnerabilities
Vulnerabilities for packages: airbyte-server-fips, s3proxy-fips, nextflow, nacos, zookeeper, keycloak-config-cli, nacos-docker, kafbat-ui-fips, cassandra, dependency-track-apiserver, s3proxy, apache-nifi-registry, apache-nifi, sonar-scanner-cli, management-api-for-apache-cassandra-4.0, thingsboar...
Kubelet: CRI-O: kube-apiserver: Kubelet, CRI-O, kube-apiserver: Denial of Service via SPDY streaming code
A flaw was found in the SPDY streaming code used by Kubelet, CRI-O, and kube-apiserver. An attacker with specific cluster roles, such as those allowing access to pod port forwarding, execution, or attachment, or node proxying, could exploit this vulnerability. This could lead to a Denial of Servi...
Kubelet: CRI-O: kube-apiserver: Kubelet, CRI-O, kube-apiserver: Denial of Service via SPDY streaming code
A flaw was found in the SPDY streaming code used by Kubelet, CRI-O, and kube-apiserver. An attacker with specific cluster roles, such as those allowing access to pod port forwarding, execution, or attachment, or node proxying, could exploit this vulnerability. This could lead to a Denial of Servi...
GHSA-C73Q-8XXR-RGQM Tilt: Missing authentication on the network-exposed Tilt HUD server
Summary The Tilt HUD HTTP server exposes state-changing and sensitive-read endpoints with no authentication. When the HUD is bound to a non-loopback address, a network attacker can trigger the developer's pre-defined Tiltfile resources, tamper with Tiltfile arguments, read full engine state...
Tilt: Unauthenticated pprof debug endpoints on the Tilt HUD server
Summary The Tilt HUD server mounts Go's net/http/pprof handlers under /debug with no access control. When the HUD is network-exposed, an attacker can read process memory — including session and apiserver tokens — and hold the process under profiling. Details A blank import of net/http/pprof...
PT-2026-50980
Name of the Vulnerable Software and Affected Versions Tilt versions 0.20.8 through 0.37.3 Description The HUD HTTP server lacks authentication for state-changing and sensitive-read endpoints. When the HUD is bound to a non-loopback address, a network attacker can trigger pre-defined Tiltfile...
PT-2026-50978
Name of the Vulnerable Software and Affected Versions Tilt versions 0.19.5 through 0.37.3 Description The Tilt HUD server mounts Go's net/http/pprof handlers under the '/debug' endpoint without access control. When the HUD is network-exposed, an unauthenticated caller can read process memory via...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.15.65 security and extras update
Red Hat OpenShift Container Platform release 4.15.65 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a security impact of...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.42 security and extras update
Red Hat OpenShift Container Platform release 4.18.42 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a security impact of...
CVE-2026-42198 vulnerabilities
Vulnerabilities for packages: keycloak-fips, debezium, kayenta, keycloak, camunda, nacos, dependency-track, apicurio-registry, nacos-docker, kayenta-fips, dependency-track-apiserver, flyway-fips, apache-hop, thingsboard, flyway, apache-hop-fips, hono, geoserver, guacamole-client, camunda-zeebe,...
RHCOS 4 : OpenShift Container Platform 4.2.29 openshift (RHSA-2020:1527)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1527 advisory. - kubernetes: Use of unbounded 'client' label in apiserverrequesttotal allows for memory exhaustion CVE-2020-8552 Note that Nessus has not...
CVE-2026-7784
A vulnerability has been found in RTGS2017 NagaAgent up to 5.1.0. This issue affects some unknown processing of the file apiserver/routes/extensions.py of the component Skills Endpoint. Such manipulation of the argument Name leads to path traversal. It is possible to launch the attack remotely. T...
PT-2026-36933
Name of the Vulnerable Software and Affected Versions RTGS2017 NagaAgent versions prior to 5.1.1 Description Improper processing of the file 'apiserver/routes/extensions.py' within the Skills Endpoint component allows for a remote path traversal attack. This occurs through the manipulation of the...
CVE-2026-40542 vulnerabilities
Vulnerabilities for packages: apache-nifi, opensearch, jbang, dependency-track-apiserver, pinot, opensearch-fips, trino, pinot-fips, dependency-track...
GHSA-V468-QCJX-R72W vulnerabilities
Vulnerabilities for packages: apache-nifi, opensearch, jbang, dependency-track-apiserver, pinot, opensearch-fips, trino, pinot-fips, dependency-track...
CVE-2026-32283 vulnerabilities
Vulnerabilities for packages: actions-runner-controller-fips, crossplane-provider-sql-fips, kind, crossplane-provider-aws-backup, atlantis-fips, docker-machine-driver-linode, caddy, cluster-api-provider-vsphere, eksctl, dask-gateway, extism, nginx-prometheus-exporter, harbor-registry-fips,...
SUSE CVE-2025-14443
A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential denial-of-service DoS through Server-Side Request Forgery SSRF due to missing IP address and network-range validation when processi...
GO-2026-4578 openshift-apiserver: SSRF via Missing IP/Network-Range Validation in User-Supplied Image References in github.com/openshift/openshift-apiserver
openshift-apiserver: SSRF via Missing IP/Network-Range Validation in User-Supplied Image References in github.com/openshift/openshift-apiserver...
GHSA-WJPW-4J6X-6RWH vulnerabilities
Vulnerabilities for packages: spark, confluent-kafka, kafka-fips, confluent-kafka-jre-bcfips, pinot, zookeeper, pinot-fips, dependency-track, strimzi-kafka-operator, neo4j, dependency-track-apiserver, spark-kubernetes-operator, solr, celeborn, cloudwatch-exporter, apache-hop, wso2is,...