Lucene search
+L

224 matches found

Chainguard
Chainguard
added 2026/01/31 1:17 p.m.11 views

CVE-2025-61731 vulnerabilities

Vulnerabilities for packages: kbld, gitlab-runner, crossplane-provider-gitlab, db-operator, kbld-fips, kuberay-operator-fips, knative-serving-fips, sbomqs, crossplane-provider-aws-rds, longhorn-engine, monstache, wave, git-lfs-fips, chisel-fips, mattmoor-chainit, wave-fips,...

8.6CVSS7.2AI score0.00532EPSS
Exploits0
Chainguard
Chainguard
added 2026/01/31 1:17 p.m.18 views

CVE-2025-61726 vulnerabilities

Vulnerabilities for packages: kbld, gitlab-runner, crossplane-provider-gitlab, db-operator, kbld-fips, kuberay-operator-fips, knative-serving-fips, sbomqs, crossplane-provider-aws-rds, etcd, longhorn-engine, monstache, wave, git-lfs-fips, chisel-fips, wave-fips, kyverno-policy-reporter-ui,...

7.5CVSS7AI score0.01945EPSS
Exploits0
Chainguard
Chainguard
added 2026/01/31 1:17 p.m.8 views

CVE-2025-68119 vulnerabilities

Vulnerabilities for packages: kbld, gitlab-runner, crossplane-provider-gitlab, db-operator, kbld-fips, kuberay-operator-fips, knative-serving-fips, sbomqs, crossplane-provider-aws-rds, longhorn-engine, monstache, wave, git-lfs-fips, chisel-fips, mattmoor-chainit, wave-fips,...

7CVSS6.9AI score0.00335EPSS
Exploits0
Chainguard
Chainguard
added 2026/01/31 1:17 p.m.6 views

GHSA-CM6P-QC7V-M3JW vulnerabilities

Vulnerabilities for packages: kbld, gitlab-runner, crossplane-provider-gitlab, db-operator, kbld-fips, kuberay-operator-fips, knative-serving-fips, sbomqs, crossplane-provider-aws-rds, longhorn-engine, monstache, wave, git-lfs-fips, chisel-fips, mattmoor-chainit, wave-fips,...

5.3AI score
Exploits0
OSV
OSV
added 2026/01/26 8:16 p.m.8 views

AZL-75491 CVE-2025-11065 affecting package kube-vip-cloud-provider for versions less than 0.0.2-26

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

5.3CVSS6.6AI score0.00357EPSS
Exploits0References1
Chainguard
Chainguard
added 2026/01/07 1:30 a.m.6 views

GHSA-JHJH-HCM6-MRCC vulnerabilities

Vulnerabilities for packages: linux-aws, linux-gcp, linux-azure...

5.9AI score
Exploits0
Cvelist
Cvelist
added 2025/12/23 12:1 a.m.31 views

CVE-2025-67743 Local Deep Research is Vulnerable to Server-Side Request Forgery (SSRF) in Download Service

Local Deep Research is an AI-powered research assistant for deep, iterative research. In versions from 1.3.0 to before 1.3.9, the download service downloadservice.py makes HTTP requests using raw requests.get without utilizing the application's SSRF protection saferequests.py. This can allow...

6.3CVSS0.00274EPSS
Exploits1References2
CBLMariner
CBLMariner
added 2025/12/19 2:46 p.m.7 views

CVE-2025-65637 affecting package kube-vip-cloud-provider for versions less than 0.0.2-24

CVE-2025-65637 affecting package kube-vip-cloud-provider for versions less than 0.0.2-24. A patched version of the package is available...

7.5CVSS6.9AI score0.00585EPSS
Exploits1
Wolfi
Wolfi
added 2025/12/04 7:47 p.m.25 views

CVE-2025-61729 vulnerabilities

Vulnerabilities for packages: dask-gateway, flux-image-reflector-controller, argocd-image-updater, kafkaexporter, scorecard, kafka-proxy, kpt, k8sgateway, github-mcp-server, op-geth, runc, rabbitmq-default-user-credential-updater, sops, polaris, nri-redis, nats-server, hubble, go-jsonnet,...

7.5CVSS7.4AI score0.00459EPSS
Exploits2
The Hacker News
The Hacker News
added 2025/10/15 2:16 p.m.16 views

Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks

New research has uncovered that publishers of over 100 Visual Studio Code VS Code extensions leaked access tokens that could be exploited by bad actors to update the extensions, posing a critical software supply chain risk. "A leaked VS Code Marketplace or Open VSX PAT personal access token allow...

7.4AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-27371

Malware in sbrugna...

7.5CVSS7.5AI score0.01055EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.25 views

EUVD-2021-2368

Malware in sbrugna...

5.3CVSS5.3AI score0.00831EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2023-58468

Malicious code in bioql PyPI...

7.7CVSS6.6AI score0.00582EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-3170

Malicious code in bioql PyPI...

9.1CVSS7.9AI score0.00438EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-37708

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.0032EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-24178

Malicious code in bioql PyPI...

5.6CVSS6.9AI score0.01377EPSS
Exploits3References5
OSV
OSV
added 2025/09/25 4:39 p.m.5 views

GHSA-227X-7MH8-3CF6 Gardener provider extensions vulnerable to code injection when Terraform is used for infrastructure provisioning

Impact A security vulnerability was discovered in Gardener when Terraformer is used for infrastructure provisioning. This vulnerability could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster where the shoot cluster is managed. This CVE...

9.9CVSS9AI score0.00477EPSS
Exploits0References12
OSV
OSV
added 2025/09/25 3:30 p.m.4 views

GHSA-R3JV-XFGX-GJ24 cors-anywhere vulnerable to server-side request forgery

Rob -- W / cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets SSRF. Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services...

9.5CVSS6.6AI score0.01005EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/09/25 2:17 p.m.2 views

CVE-2025-59823 Gardener providers vulnerable to code injection when Terraformer is used for infrastructure provisioning

Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in Gardener Extensions for AWS providers prior to version 1.64.0, Azure providers prior to version 1.55.0, OpenStack providers prior to version 1.49.0, and GCP...

9.9CVSS9AI score0.00477EPSS
Exploits0References5
Chainguard
Chainguard
added 2025/09/20 1:30 p.m.7 views

CVE-2025-47906 vulnerabilities

Vulnerabilities for packages: gitlab-runner, nemo, octo-sts, prometheus-bind-exporter, azurefile-csi-fips, checksec, mattmoor-chainit, addon-resizer, nvidia-nsight-compute-12.9, php-fpmexporter, prometheus-beat-exporter-fips, sftpgo-plugin-pubsub, cluster-api, configmap-reload-fips,...

6.5CVSS6AI score0.00489EPSS
Exploits1
Rows per page
Query Builder