CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnerabilities for packages: caddy, tkn, kots, falco, ko, flux-source-controller, oauth2-proxy, skopeo, grpc-health-probe, policy-controller, weaviate, skaffold, ipfs, kube-rbac-proxy, nerdctl, timestamp-authority, zarf, falcoctl, sops, cosign, flux-kustomize-controller, bank-vaults, apko, rekor...

4.3CVSS6.3AI score0.04859EPSS

Exploits0

Chainguard•added 2024/03/06 12:31 a.m.•119 views

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: prometheus-nats-exporter, crossplane-provider-gcp, amass, k9s, nri-discovery-kubernetes, nats, gh, hugo-extended, pulumi, kube-bench, kwok, k8sgpt, boring-registry, crossplane-provider-family-aws, kube-logging-operator, kuberay-operator, cert-exporter, k3d,...

5.4AI score

Exploits0

Chainguard•added 2024/03/05 11:15 p.m.•73 views

CVE-2024-24786 vulnerabilities

7.5CVSS6.4AI score0.00533EPSS

Exploits0

Wolfi•added 2023/11/21 10:17 p.m.•546 views

GHSA-2C7C-3MJ9-8FQH vulnerabilities

Vulnerabilities for packages: tkn, kots, falco, flux-source-controller, oauth2-proxy, sops, cosign, flux-kustomize-controller, rekor, argo-workflows, gitsign, vexctl, cloudflared, slsa-verifier, fulcio, kubescape, spire-server, aactl, dex, tekton-chains, external-secrets-operator, terragrunt...

5.4AI score

Exploits0

The Hacker News•added 2023/08/08 12:22 p.m.•35 views

Hackers Abusing Cloudflare Tunnels for Covert Communications

New research has revealed that threat actors are abusing Cloudflare Tunnels to establish covert communication channels from compromised hosts and retain persistent access. "Cloudflared is functionally very similar to ngrok," Nic Finn, a senior threat intelligence analyst at GuidePoint Security,...

6.2AI score

Exploits0

CNNVD•added 2023/05/12 12:0 a.m.•4 views

cloudflared 输入验证错误漏洞

Cloudflare cloudflared is a cloud server security management platform from American company Cloudflare. The platform provides firewall analysis, cache control, role-based access, and more. A security vulnerability exists in versions prior to cloudflared v1.20230419.0, which stems from an...

8.1CVSS7.7AI score0.00578EPSS

Exploits0References3

Veracode•added 2023/03/25 2:8 a.m.•27 views

Privilege Escalation

github.com/cloudflare/cloudflared is vulnerable to Privilege Escalation. A local attacker with no administrative permissions may use symbolic links to manipulate the MSI installer's repair functionality to delete important system files or replace them with malicious files, potentially leading to...

7.8CVSS7.2AI score0.00215EPSS

Exploits0References5Affected Software1

OSV•added 2023/03/21 10:32 p.m.•20 views

GHSA-7MJV-X3JF-545X cloudflared's Installer has Local Privilege Escalation Vulnerability

Impact A vulnerability has been discovered in cloudflared's installer = 2023.3.0 for Windows 32-bits devices that allows a local attacker with no administrative permissions to escalate their privileges on the affected device. This vulnerability exists because the MSI installer used by cloudflared...

7.5CVSS7.5AI score0.00215EPSS

Exploits0References5

Github Security Blog•added 2023/03/21 10:32 p.m.•35 views

cloudflared's Installer has Local Privilege Escalation Vulnerability

7.8CVSS7.2AI score0.00215EPSS

Exploits0References5Affected Software1

NVD•added 2023/03/21 12:15 p.m.•11 views

CVE-2023-1314

A vulnerability has been discovered in cloudflared's installer = 2023.3.0 for Windows 32-bits devices that allows a local attacker with no administrative permissions to escalate their privileges on the affected device. This vulnerability exists because the MSI installer used by cloudflared relied...

7.8CVSS7.5AI score0.00215EPSS

Exploits0References2

OSV•added 2023/03/21 12:15 p.m.•15 views

CVE-2023-1314

7.8CVSS7.9AI score

Exploits0References2

Prion•added 2023/03/21 12:15 p.m.•28 views

Design/Logic Flaw

4.3CVSS7.7AI score0.00215EPSS

Exploits0References2Affected Software1

CVE•added 2023/03/21 11:1 a.m.•47 views

CVE-2023-1314

Cloudflared’s Windows 32-bit installer (≤ 2023.3.0) is affected by a Local Privilege Escalation. The MSI installer relied on a world-writable directory, enabling a local non-admin user to exploit symbolic links and trick the installer’s repair function into deleting or overwriting files, potentia...

7.8CVSS7.5AI score0.00215EPSS

Exploits0References2Affected Software1