367 matches found
CVE-2026-41178 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure-relay, azurefile-csi-fips, datadog-agent, kubescape-server-fips, traefik-fips, art, authentik, authentik-fips, argo-workflows-fips, tw, zarf, docker-fips, flux-image-automation-controller-fips, grafana-pyroscope-fips, dapr-fips,...
GHSA-5WRP-CWCJ-Q835 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure-relay, azurefile-csi-fips, datadog-agent, kubescape-server-fips, traefik-fips, art, authentik, authentik-fips, argo-workflows-fips, tw, zarf, docker-fips, flux-image-automation-controller-fips, grafana-pyroscope-fips, dapr-fips,...
CVE-2026-33814 affecting package cert-manager for versions less than 1.12.15-9
CVE-2026-33814 affecting package cert-manager for versions less than 1.12.15-9. A patched version of the package is available...
GHSA-H524-452V-82P9 vulnerabilities
Vulnerabilities for packages: telegraf, apisix-ingress-controller, cluster-proportional-autoscaler, mountpoint-s3-csi-driver, kots, dgraph, tigera-operator, kube-state-metrics, promxy, cluster-autoscaler, terraform-provider-grafana, keda, cluster-api, crossplane-provider-aws-memorydb,...
CVE-2026-42504 vulnerabilities
Vulnerabilities for packages: telegraf, apisix-ingress-controller, cluster-proportional-autoscaler, mountpoint-s3-csi-driver, kots, dgraph, tigera-operator, kube-state-metrics, promxy, cluster-autoscaler, terraform-provider-grafana, keda, cluster-api, crossplane-provider-aws-memorydb,...
CVE-2026-27145 vulnerabilities
Vulnerabilities for packages: telegraf, apisix-ingress-controller, cluster-proportional-autoscaler, mountpoint-s3-csi-driver, atlantis, kaniko, dgraph, kots, paranoia, tigera-operator, kube-state-metrics, promxy, cluster-autoscaler, terraform-provider-grafana, migrate, controller-gen, ctop,...
CVE-2026-42507 vulnerabilities
Vulnerabilities for packages: telegraf, apisix-ingress-controller, cluster-proportional-autoscaler, mountpoint-s3-csi-driver, atlantis, kaniko, dgraph, kots, paranoia, tigera-operator, kube-state-metrics, promxy, cluster-autoscaler, terraform-provider-grafana, migrate, controller-gen, ctop,...
GHSA-H3GM-Q7M7-MP28 vulnerabilities
Vulnerabilities for packages: telegraf, apisix-ingress-controller, cluster-proportional-autoscaler, mountpoint-s3-csi-driver, atlantis, kaniko, dgraph, kots, paranoia, tigera-operator, kube-state-metrics, promxy, cluster-autoscaler, terraform-provider-grafana, migrate, controller-gen, ctop,...
GHSA-4279-Q6MJ-392R vulnerabilities
Vulnerabilities for packages: telegraf, apisix-ingress-controller, cluster-proportional-autoscaler, mountpoint-s3-csi-driver, atlantis, kaniko, dgraph, kots, paranoia, tigera-operator, kube-state-metrics, promxy, cluster-autoscaler, terraform-provider-grafana, migrate, controller-gen, ctop,...
CVE-2026-42504 vulnerabilities
Vulnerabilities for packages: metrics-agent-fips, crossplane-provider-aws-sqs-fips, knative-operator-fips, crossplane-provider-aws-servicediscovery, whereabouts-fips, spire-server, argo-events, crossplane-provider-aws-scheduler-fips, crossplane-provider-azure-servicefabric, agentbeat-fips,...
GHSA-H524-452V-82P9 vulnerabilities
Vulnerabilities for packages: metrics-agent-fips, crossplane-provider-aws-sqs-fips, knative-operator-fips, crossplane-provider-aws-servicediscovery, whereabouts-fips, spire-server, argo-events, crossplane-provider-aws-scheduler-fips, crossplane-provider-azure-servicefabric, agentbeat-fips,...
GHSA-H3GM-Q7M7-MP28 vulnerabilities
Vulnerabilities for packages: skopeo, metrics-agent-fips, crossplane-provider-aws-sqs-fips, golangci-lint, drone-fips, knative-operator-fips, crossplane-provider-aws-servicediscovery, whereabouts-fips, terraform-provider-acme, spire-server, argo-events, aws-lambda-runtime-interface-emulator-fips,...
CVE-2026-27145 vulnerabilities
Vulnerabilities for packages: skopeo, metrics-agent-fips, crossplane-provider-aws-sqs-fips, golangci-lint, drone-fips, knative-operator-fips, crossplane-provider-aws-servicediscovery, whereabouts-fips, terraform-provider-acme, spire-server, argo-events, aws-lambda-runtime-interface-emulator-fips,...
CVE-2026-42507 vulnerabilities
Vulnerabilities for packages: skopeo, metrics-agent-fips, crossplane-provider-aws-sqs-fips, golangci-lint, drone-fips, knative-operator-fips, crossplane-provider-aws-servicediscovery, whereabouts-fips, terraform-provider-acme, spire-server, argo-events, aws-lambda-runtime-interface-emulator-fips,...
GHSA-4279-Q6MJ-392R vulnerabilities
Vulnerabilities for packages: skopeo, metrics-agent-fips, crossplane-provider-aws-sqs-fips, golangci-lint, drone-fips, knative-operator-fips, crossplane-provider-aws-servicediscovery, whereabouts-fips, terraform-provider-acme, spire-server, argo-events, aws-lambda-runtime-interface-emulator-fips,...
CVE-2026-10840
A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the...
EUVD-2026-34248
A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the...
CVE-2026-10840
A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the...
CVE-2026-10840 Openshift-pipelines-operator-rh: openshift-pipelines-operator: tekton-scheduler-rolebinding grants system:authenticated write access to kueue and cert-manager resources
A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the...
CVE-2026-10840
CVE-2026-10840 concerns the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role. When Kueue or cert-manager CRDs are present, any authenticated...