Lucene search
K

222 matches found

CVE
CVE
added 5 days ago12 views

CVE-2026-15143

CVE-2026-15143 affects guardrails-detectors' file_type content detector. An attacker can supply an arbitrary XML Schema (XSD) string, processed without proper restrictions, enabling server-side requests to arbitrary URLs or local file reads and risking disclosure of sensitive information.

9.3CVSS6.1AI score0.00255EPSS
Exploits0References2
Chainguard
Chainguard
added 6 days ago8 views

GHSA-XCGV-8MV7-V8C7 vulnerabilities

Vulnerabilities for packages: commercial-spilo, rekor, ocm-cli-fips, vault-fips, grype, net-kourier-fips, dataplaneapi-fips, grafana, argo-workflows-fips, vault-secrets-operator-fips, chainloop-cli-fips, zarf, rekor-fips, prometheus-operator, fleet-server, nerdctl, consul-fips, cloud-provider-aws...

6.1AI score
Exploits0
OSV
OSV
added 2026/07/07 10:17 a.m.4 views

PYSEC-2026-771 Apache Airflow AWS Provider Generates Error Message Containing Sensitive Information

Generation of Error Message Containing Sensitive Information vulnerability in the Apache Airflow AWS Provider. This issue affects Apache Airflow AWS Provider versions before 7.2.1...

7.5CVSS5.9AI score0.01499EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-497 pyLoad: Server-Side Request Forgery via Download Link Submission Enables Cloud Metadata Exfiltration

Summary PyLoad's download engine accepts arbitrary URLs without validation, enabling Server-Side Request Forgery SSRF attacks. An authenticated attacker can exploit this to access internal network services and exfiltrate cloud provider metadata. On DigitalOcean droplets, this exposes sensitive...

9.3CVSS6AI score0.00397EPSS
Exploits1References6
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.7 views

GHSA-45GG-VH54-H5M9 vulnerabilities

Vulnerabilities for packages: zarf, argo-workflows-fips, prometheus-operator, flux-source-controller, nerdctl, cloud-provider-aws, omnictl-multiarch, zitadel, trivy-operator-fips, knative-kafka-broker, opentofu-fips, rancher-agent, gitea-fips, kubescape-server-fips, tekton-pipelines, harbor, isti...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.16 views

GHSA-Q4H4-GMJ2-QVW2 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-route53-fips, crossplane-provider-azure-servicebus, ollama-fips, crossplane-provider-aws-cloudfront-fips, argo-events-fips, consul-fips, cloud-provider-aws, crossplane-provider-azure-search, crossplane-provider-aws-cloudsearch-fips,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.8 views

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: kubescape, argo-cd, helm, kubernetes-dashboard, chezmoi, guac, rancher-agent, act, fscrypt, cert-manager, splunk-otel-collector, vault-benchmark, crossplane-provider-azure-sql, cilium-cli, docker-machine-driver-harvester, flux-source-controller,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.10 views

GHSA-X527-X647-Q7GG vulnerabilities

Vulnerabilities for packages: kubescape, argo-cd, k9s, helm, kubernetes-dashboard, knative-serving, prometheus, rancher, gitea, trivy-operator, nerdctl, rancher-agent, kine, fscrypt, cilium, prometheus-operator, spire-server, chisel, telegraf, cert-manager, aactl, skaffold, argocd-image-updater,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.9 views

GHSA-F5WC-C3C7-36MC vulnerabilities

Vulnerabilities for packages: kubescape, argo-cd, helm, kubernetes-dashboard, chezmoi, guac, rancher-agent, act, fscrypt, cert-manager, cilium-cli, docker-machine-driver-harvester, flux-source-controller, pulumi-kubernetes-operator, kots, k3s, kubernetes, flux-image-automation-controller, loki,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.6 views

GHSA-JPPX-RXG9-JMRX vulnerabilities

Vulnerabilities for packages: argo-cd, helm, kubernetes-dashboard, knative-serving, prometheus, rancher, nerdctl, rancher-agent, kine, fscrypt, cilium, prometheus-operator, spire-server, telegraf, cert-manager, aactl, external-dns, flux, minio, teleport, snyk-cli, cilium-cli,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:16 a.m.9 views

CVE-2026-41178 vulnerabilities

Vulnerabilities for packages: rekor, cephcsi-fips, crossplane-provider-azure-servicebus, gcp-compute-persistent-disk-csi-driver, tempo-fips, opensearch-datasource, tetragon, kapp-controller, kubernetes-csi-driver-nfs, crossplane-provider-aws-cloudfront-fips, k8ssandra-client, stunnerd,...

5.3CVSS6.1AI score0.00237EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:16 a.m.11 views

GHSA-5WRP-CWCJ-Q835 vulnerabilities

Vulnerabilities for packages: rekor, cephcsi-fips, crossplane-provider-azure-servicebus, gcp-compute-persistent-disk-csi-driver, tempo-fips, opensearch-datasource, tetragon, kapp-controller, kubernetes-csi-driver-nfs, crossplane-provider-aws-cloudfront-fips, k8ssandra-client, stunnerd,...

6.1AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 5:57 p.m.44 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, faspex on Demand, Server on Demand, Application Platform on

Question Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand. CVE-2016-2107, CVE-2016-2106, CVE-2016-2176 "Business Unit":"code":"BU059","label":"IBM Software w/o...

8.2CVSS7.5AI score0.89058EPSS
Exploits6Affected Software1
Snyk
Snyk
added 2026/06/06 9:0 p.m.13 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

9.8CVSS5.6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.13 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

9.8CVSS5.6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/02 9:0 p.m.10 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

9.8CVSS5.6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/02 9:0 p.m.10 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that hides inside binary executable files triggered by a postinstall script. IronWorm is a sophisticated, Rust-based infostealer that functions as a self-replicating supply-chain attack. Its primary characteristi...

9.8CVSS5.8AI score
Exploits0References2
CBLMariner
CBLMariner
added 2026/05/30 3:37 a.m.13 views

CVE-2026-42502 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6

CVE-2026-42502 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6. A patched version of the package is available...

6.1CVSS5.8AI score0.00178EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/05/30 3:37 a.m.12 views

CVE-2026-42506 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6

CVE-2026-42506 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6. A patched version of the package is available...

6.1CVSS5.8AI score0.00188EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/05/30 3:37 a.m.10 views

CVE-2026-25680 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6

CVE-2026-25680 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6. A patched version of the package is available...

6.5CVSS5.8AI score0.00248EPSS
Exploits0
Rows per page
Query Builder