224 matches found
CVE-2025-61731 vulnerabilities
Vulnerabilities for packages: kbld, gitlab-runner, crossplane-provider-gitlab, db-operator, kbld-fips, kuberay-operator-fips, knative-serving-fips, sbomqs, crossplane-provider-aws-rds, longhorn-engine, monstache, wave, git-lfs-fips, chisel-fips, mattmoor-chainit, wave-fips,...
CVE-2025-61726 vulnerabilities
Vulnerabilities for packages: kbld, gitlab-runner, crossplane-provider-gitlab, db-operator, kbld-fips, kuberay-operator-fips, knative-serving-fips, sbomqs, crossplane-provider-aws-rds, etcd, longhorn-engine, monstache, wave, git-lfs-fips, chisel-fips, wave-fips, kyverno-policy-reporter-ui,...
CVE-2025-68119 vulnerabilities
Vulnerabilities for packages: kbld, gitlab-runner, crossplane-provider-gitlab, db-operator, kbld-fips, kuberay-operator-fips, knative-serving-fips, sbomqs, crossplane-provider-aws-rds, longhorn-engine, monstache, wave, git-lfs-fips, chisel-fips, mattmoor-chainit, wave-fips,...
GHSA-CM6P-QC7V-M3JW vulnerabilities
Vulnerabilities for packages: kbld, gitlab-runner, crossplane-provider-gitlab, db-operator, kbld-fips, kuberay-operator-fips, knative-serving-fips, sbomqs, crossplane-provider-aws-rds, longhorn-engine, monstache, wave, git-lfs-fips, chisel-fips, mattmoor-chainit, wave-fips,...
AZL-75491 CVE-2025-11065 affecting package kube-vip-cloud-provider for versions less than 0.0.2-26
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...
GHSA-JHJH-HCM6-MRCC vulnerabilities
Vulnerabilities for packages: linux-aws, linux-gcp, linux-azure...
CVE-2025-67743 Local Deep Research is Vulnerable to Server-Side Request Forgery (SSRF) in Download Service
Local Deep Research is an AI-powered research assistant for deep, iterative research. In versions from 1.3.0 to before 1.3.9, the download service downloadservice.py makes HTTP requests using raw requests.get without utilizing the application's SSRF protection saferequests.py. This can allow...
CVE-2025-65637 affecting package kube-vip-cloud-provider for versions less than 0.0.2-24
CVE-2025-65637 affecting package kube-vip-cloud-provider for versions less than 0.0.2-24. A patched version of the package is available...
CVE-2025-61729 vulnerabilities
Vulnerabilities for packages: dask-gateway, flux-image-reflector-controller, argocd-image-updater, kafkaexporter, scorecard, kafka-proxy, kpt, k8sgateway, github-mcp-server, op-geth, runc, rabbitmq-default-user-credential-updater, sops, polaris, nri-redis, nats-server, hubble, go-jsonnet,...
Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks
New research has uncovered that publishers of over 100 Visual Studio Code VS Code extensions leaked access tokens that could be exploited by bad actors to update the extensions, posing a critical software supply chain risk. "A leaked VS Code Marketplace or Open VSX PAT personal access token allow...
EUVD-2021-27371
Malware in sbrugna...
EUVD-2021-2368
Malware in sbrugna...
EUVD-2023-58468
Malicious code in bioql PyPI...
EUVD-2024-3170
Malicious code in bioql PyPI...
EUVD-2024-37708
Malicious code in bioql PyPI...
EUVD-2023-24178
Malicious code in bioql PyPI...
GHSA-227X-7MH8-3CF6 Gardener provider extensions vulnerable to code injection when Terraform is used for infrastructure provisioning
Impact A security vulnerability was discovered in Gardener when Terraformer is used for infrastructure provisioning. This vulnerability could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster where the shoot cluster is managed. This CVE...
GHSA-R3JV-XFGX-GJ24 cors-anywhere vulnerable to server-side request forgery
Rob -- W / cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets SSRF. Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services...
CVE-2025-59823 Gardener providers vulnerable to code injection when Terraformer is used for infrastructure provisioning
Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in Gardener Extensions for AWS providers prior to version 1.64.0, Azure providers prior to version 1.55.0, OpenStack providers prior to version 1.49.0, and GCP...
CVE-2025-47906 vulnerabilities
Vulnerabilities for packages: gitlab-runner, nemo, octo-sts, prometheus-bind-exporter, azurefile-csi-fips, checksec, mattmoor-chainit, addon-resizer, nvidia-nsight-compute-12.9, php-fpmexporter, prometheus-beat-exporter-fips, sftpgo-plugin-pubsub, cluster-api, configmap-reload-fips,...