Lucene search
K

7657 matches found

CVE
CVE
added yesterday8 views

CVE-2026-9824

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to check the managesharedchannels permission in the /share-channel autocomplete handler, which allows an authenticated user without that permission to enumerate configured remote cluster connection metadata via slash...

4.3CVSS6.1AI score
Exploits0References1Affected Software1
NVD
NVD
added yesterday4 views

CVE-2026-10103

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to verify post ownership in the shared channel inbound sync handler, which allows an authenticated remote cluster to modify or delete posts authored by local users or other remotes via crafted sync messages referencing...

4.3CVSS0.00145EPSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-10103

Mattermost versions affected: 11.7.x (up to 11.7.2), 11.6.x (up to 11.6.4), and 10.11.x (up to 10.11.19) have a flaw in the shared channel inbound sync handler that fails to verify post ownership. This allows an authenticated remote cluster to modify or delete posts authored by local users or oth...

4.3CVSS6.2AI score0.00145EPSS
Exploits0References1Affected Software1
Nuclei
Nuclei
added yesterday68 views

KubePi JwtSigKey - Admin Authentication Bypass

KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Furthermor...

9.8CVSS7AI score0.69667EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday57 views

Cluster Control CMON API - Directory Traversal

Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9780 allows a remote attacker to include and display file content in an HTTP request via the CMON API. id: CVE-2024-41628 info: name: Cluster Control CMON API...

7.5CVSS7.1AI score0.06464EPSS
Exploits1References4
Nuclei
Nuclei
added 3 days ago121 views

MinIO Cluster Deployment - Information Disclosure

MinIO is susceptible to information disclosure. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including MINIOSECRETKEY and MINIOROOTPASSWORD. An attacker can potentially obtain sensitive...

7.5CVSS7.1AI score0.83957EPSS
Exploits13References5
CVE
CVE
added 4 days ago18 views

CVE-2026-61459

Affected software: MCP Server Kubernetes before 3.9.0. Vulnerability: Argument injection in structured tools (kubectl_get, kubectl_describe, kubectl_delete) that bypasses the assertNoDangerousFlags check by using leading dashes for resourceType/name. This allows injection of the --server flag to ...

9.8CVSS6.1AI score0.00421EPSS
Exploits0References5
Fedora
Fedora
added 4 days ago10 views

[SECURITY] Fedora 44 Update: k9s-0.51.0-2.fc44

Kubernetes CLI To Manage Your Clusters In Style!...

5.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-57272

Name of the Vulnerable Software and Affected Versions MCP Server Kubernetes versions prior to 3.9.0 Description An argument injection flaw exists in structured tools, specifically within the kubectl get, kubectl describe, and kubectl delete functions. By providing the resourceType and name...

9.8CVSS6.1AI score0.00421EPSS
Exploits0References10
Chainguard
Chainguard
added 5 days ago6 views

GHSA-FF52-PH69-CF7X vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-networkmanager, policy-bot, crossplane-provider-azure-signalrservice, fairwinds-gemini-fips, generic-device-plugin-fips, timoni, crossplane-provider-aws-waf-fips, aws-application-networking-k8s, cluster-api, dataplaneapi-fips, gpu-operator,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 5 days ago5 views

GHSA-FF52-PH69-CF7X vulnerabilities

Vulnerabilities for packages: gcp-compute-persistent-disk-csi-driver, croc, crossplane-provider-aws-s3, crossplane-provider-aws-eks, src, k8ssandra-operator, openbao-k8s, authservice, neuvector-dbgen, docker-compose, telegraf, cluster-autoscaler, manifest-tool, kube-arangodb,...

6.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 5 days ago6 views

Kubelet: CRI-O: kube-apiserver: Kubelet, CRI-O, kube-apiserver: Denial of Service via SPDY streaming code

A flaw was found in the SPDY streaming code used by Kubelet, CRI-O, and kube-apiserver. An attacker with specific cluster roles, such as those allowing access to pod port forwarding, execution, or attachment, or node proxying, could exploit this vulnerability. This could lead to a Denial of Servi...

8.7CVSS6AI score0.00656EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 6 days ago6 views

Important: Red Hat Security Advisory: tomcat security, bug fix, and enhancement update

An update for tomcat is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.5CVSS7.2AI score0.21691EPSS
Exploits6References4
RedHat Linux
RedHat Linux
added 6 days ago5 views

Important: Red Hat Security Advisory: multicluster engine for Kubernetes v2.9.5 security update

The multicluster engine for Kubernetes 2.9 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. The multicluster engine for Kubernetes v2.9 images The multicluster engine for Kubernetes provides the foundational components that are...

9.6CVSS6.8AI score0.01041EPSS
Exploits6References11
RedHat Linux
RedHat Linux
added 6 days ago8 views

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management for Kubernetes v2.14.3 security update

Red Hat Advanced Cluster Management for Kubernetes 2.14 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. Red Hat Advanced Cluster Management for Kubernetes 2.14 images Red Hat Advanced Cluster Management for Kubernetes provides...

10CVSS7AI score0.025EPSS
Exploits27References42
RedHat Linux
RedHat Linux
added 6 days ago10 views

Important: Red Hat Security Advisory: Submariner v0.20 security fixes and container updates

Submariner v0.20 General Availability release images, which provide enhancements, security fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

10CVSS7.1AI score0.01945EPSS
Exploits4References12
NVD
NVD
added 6 days ago7 views

CVE-2026-15063

A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing th...

6.3CVSS0.00184EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-15063 Trustyai-service-operator: trustyai service operator: gorch port bypass when auth is enabled

A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing th...

6.3CVSS0.00184EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 6 days ago14 views

Important: Red Hat Security Advisory: Red Hat Edge Manager Version 1.0.3 Security Update

Red Hat Edge Manager Version 1.0.3 Security Update Red Hat Edge Manager RHEM provides simple, scalable, and security-focused management of edge devices and applications. It supports image-mode RHEL and container workloads that run on Podman/Docker or Kubernetes. RHEM is now available as a...

10CVSS6.9AI score0.01735EPSS
Exploits7References28
RedHat Linux
RedHat Linux
added 6 days ago12 views

Important: Red Hat Security Advisory: RHACS 4.10.5 security and bug fix update

Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...

9.4CVSS6.8AI score0.00813EPSS
Exploits0References17
Rows per page
Query Builder