CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

100 matches found

OSV•added 2026/04/15 12:38 a.m.•0 views

CLEANSTART-2026-EC57959 protojson

Multiple security vulnerabilities affect the cluster-proportional-autoscaler package. The protojson. See references for individual vulnerability details...

9.8CVSS6.7AI score0.00533EPSS

Exploits0References5

Wolfi•added 2026/04/11 2:51 a.m.•7 views

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: gitlab-pages, temporal-ui-server, kube-logging-operator-custom-runner, gcp-compute-persistent-disk-csi-driver, cloud-sql-proxy, falco-no-driver, boring-registry, govulncheck, step-kms-plugin, podman, falco-exporter, croc, gitaly, manifest-tool, cadvisor, runc, gh,...

7.5CVSS7.1AI score0.00022EPSS

Exploits0

Chainguard•added 2026/04/11 2:18 a.m.•8 views

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: cilium-envoy-fips, flux-helm-controller, crossplane-function-environment-configs-fips, kubevirt-cdi-uploadserver-fips, gitlab-kas-fips, kargo, neuvector-dbgen, node-problem-detector-fips, nats-top, trivy-fips, certificate-transparency-fips, kubernetes-csi-driver-nfs,...

7.5CVSS7.1AI score0.00019EPSS

Exploits0

OSV•added 2026/04/01 9:43 a.m.•1 views

CLEANSTART-2026-MQ21261 Security fixes for CVE-2025-47911, CVE-2025-58190, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27141, CVE-2026-27142 applied in versions: 1.5.1-r0, 1.5.1-r1, 1.5.1-r2, 1.5.1-r3

Multiple security vulnerabilities affect the vertical-pod-autoscaler package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS6.9AI score0.00045EPSS

Exploits5References29

Wolfi•added 2026/03/03 7:48 a.m.•3 views

GHSA-8FJ7-8H3W-XWFM vulnerabilities

Vulnerabilities for packages: gitlab-pages, splunk-otel-collector, melange, crossplane-provider-aws-ec2, cloud-sql-proxy, crossplane-provider-aws-cloudfront, ksops, crossplane-provider-aws-cloudformation, opa-envoy, crossplane-provider-aws-cloudwatchlogs, opentelemetry-collector, ollama,...

5.4AI score

Exploits0

Wolfi•added 2026/03/03 7:48 a.m.•2 views

CVE-2026-27141 vulnerabilities

7.5CVSS7.5AI score0.00023EPSS

Exploits0

Chainguard•added 2026/03/03 7:17 a.m.•4 views

GHSA-8FJ7-8H3W-XWFM vulnerabilities

Vulnerabilities for packages: apache-beam-python-3.11-sdk, nova-fips, flux-fips, gitlab-cng-fips, crossplane-provider-aws-ssm-fips, mattermost, crossplane-provider-aws-lambda, grafana-alloy, pulumi-language-dotnet, src, crossplane-provider-aws-s3-fips, emissary, goose-fips,...

5.4AI score

Exploits0

Chainguard•added 2026/03/03 7:17 a.m.•6 views

CVE-2026-27141 vulnerabilities

7.5CVSS7.5AI score0.00023EPSS

Exploits0

Chainguard•added 2026/02/28 7:17 p.m.•3 views

GHSA-9H8M-3FM2-QJRQ vulnerabilities

Vulnerabilities for packages: witness, kong-ingress-controller, trivy-fips, cluster-api-gcp-controller, terraform, crossplane-provider-gcp, grype-fips, docker-fips, apm-server, aws-ebs-csi-driver-fips, tekton-chains, fluent-operator, seaweedfs, dkron, steampipe,...

5.4AI score

Exploits0

Wolfi•added 2026/02/10 1:48 p.m.•7 views

GHSA-H355-32PF-P2XM vulnerabilities

Vulnerabilities for packages: gitlab-pages, crossplane-provider-aws-ec2, kube-logging-operator-custom-runner, gcp-compute-persistent-disk-csi-driver, cloud-sql-proxy, falco-no-driver, boring-registry, govulncheck, k8sgpt, step-kms-plugin, prometheus-alertmanager,...

5.4AI score

Exploits0

Wolfi•added 2026/02/10 1:48 p.m.•20 views

CVE-2025-68121 vulnerabilities

10CVSS6.8AI score0.00018EPSS

Exploits1

Wolfi•added 2026/02/10 1:48 p.m.•10 views

CVE-2025-61732 vulnerabilities

Vulnerabilities for packages: gitlab-pages, licenseclassifier, crossplane-provider-aws-ec2, kube-logging-operator-custom-runner, gcp-compute-persistent-disk-csi-driver, fluent-operator, cloud-sql-proxy, falco-no-driver, boring-registry, govulncheck, k8sgpt, step-kms-plugin, prometheus-alertmanage...

8.6CVSS7.2AI score0.00003EPSS

Exploits0

Chainguard•added 2026/02/10 1:17 p.m.•8 views

CVE-2025-61732 vulnerabilities

Vulnerabilities for packages: cilium-envoy-fips, flux-helm-controller, crossplane-function-environment-configs-fips, logstash, gitlab-kas-fips, kargo, kong-ingress-controller, neuvector-dbgen, nats-top, node-problem-detector-fips, certificate-transparency-fips, kubernetes-csi-driver-nfs,...

8.6CVSS7.2AI score0.00003EPSS

Exploits0

Chainguard•added 2026/02/10 1:17 p.m.•6 views

CVE-2025-68121 vulnerabilities

10CVSS6.8AI score0.00018EPSS

Exploits1

Chainguard•added 2026/02/10 1:17 p.m.•3 views

GHSA-8JVR-VH7G-F8GX vulnerabilities

5.4AI score

Exploits0

RedHat Linux•added 2026/02/09 7:25 p.m.•2 views

Important: Red Hat Security Advisory: Custom Metrics Autoscaler Operator for Red Hat OpenShift 2.18.1-2 Update

Custom Metrics Autoscaler Operator for Red Hat OpenShift updates. The following updates for the Custom Metric Autoscaler operator for Red Hat OpenShift are now available: custom-metrics-autoscaler-adapter-container custom-metrics-autoscaler-admission-webhooks-container...

8.2CVSS7.1AI score0.0019EPSS

Exploits0References3

OSV•added 2026/01/30 4:12 p.m.•2 views

CLEANSTART-2026-UM63521 Within HostnameError

Multiple security vulnerabilities affect the vertical-pod-autoscaler-fips package. Within HostnameError. See references for individual vulnerability details...

9.8CVSS5.5AI score0.00019EPSS

Exploits2References5

Vulnrichment•added 2025/12/22 9:35 p.m.•4 views

CVE-2025-68476 KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential

KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The...

8.2CVSS6.7AI score0.0019EPSS

Exploits0References2

CVE•added 2025/12/22 9:35 p.m.•8 views

CVE-2025-68476

CVE-2025-68476 affects KEDA . Prior to versions 2.17.3 and 2.18.3 , there is an Arbitrary File Read via insufficient path validation when loading the Service Account Token in spec.hashiCorpVault.credential.serviceAccount . An attacker with permissions to create/modify a TriggerAuthentication reso...

8.2CVSS6.7AI score0.0019EPSS

Exploits0References2

OSV•added 2025/12/22 8:8 p.m.•4 views

GHSA-C4P6-QG4M-9JMR KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential

Impact An Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The vulnerability stems from an incorrect or insufficient path validation when loading the Service Account...

8.2CVSS7.2AI score0.0019EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by