66 matches found
PT-2026-45027
Impact IPAM is the IP address Manager for Cluster API Provider Metal3. The IPAM controller's ClusterRole granted full CRUD permissions create, delete, get, list, patch, update, watch on core/v1 Secrets. The controller never accesses Secrets during normal operation. If the controller pod were...
CVE-2026-46680 vulnerabilities
Vulnerabilities for packages: kargo, buildkitd, kubescape-operator, rancher-agent, trivy-operator, tw, cluster-api-helm-controller, zarf, helm-operator, neuvector-scanner, opa-envoy, trivy, grype, rancher-helm, skaffold, docker, kots, xeol, osv-scanner, helm-mapkubeapis, spegel, rancher, k8sgpt,...
GHSA-FQW6-GF59-QR4W vulnerabilities
Vulnerabilities for packages: kargo, buildkitd, kubescape-operator, rancher-agent, trivy-operator, tw, cluster-api-helm-controller, zarf, helm-operator, neuvector-scanner, opa-envoy, trivy, grype, rancher-helm, skaffold, docker, kots, xeol, osv-scanner, helm-mapkubeapis, spegel, rancher, k8sgpt,...
CVE-2026-46680 vulnerabilities
Vulnerabilities for packages: rancher-helm, packer-fips, buildkitd, eks-node-monitoring-agent-fips, wolfictl, ctop, kaniko-fips, helm-exporter, helm-fips, helm-mapkubeapis, kubescape, trivy-operator, grype-fips, eks-node-monitoring-agent, grype-db, helm, envoy-gateway, spegel, xeol, steampipe,...
CVE-2026-42499 vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-bedrockagent, rke2-runtime-fips, k8s-agents-operator, virt-operator-fips, openbao-fips, crossplane-provider-aws-dynamodb-fips, crossplane-provider-aws-route53resolver-fips, docker-cli-fips, kubernetes-csi-external-resizer-fips, podman-fips,...
GHSA-XQ5J-9R39-C3VF vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-bedrockagent, rke2-runtime-fips, k8s-agents-operator, virt-operator-fips, openbao-fips, crossplane-provider-aws-dynamodb-fips, crossplane-provider-aws-route53resolver-fips, docker-cli-fips, kubernetes-csi-external-resizer-fips, podman-fips,...
CVE-2026-39820 vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-bedrockagent, rke2-runtime-fips, k8s-agents-operator, virt-operator-fips, openbao-fips, crossplane-provider-aws-dynamodb-fips, crossplane-provider-aws-route53resolver-fips, docker-cli-fips, kubernetes-csi-external-resizer-fips, podman-fips,...
GHSA-P9H5-JM8X-MJM5 vulnerabilities
Vulnerabilities for packages: crossplane, ko, rancher-agent, nfpm, libnvidia-container, splunk-otel-collector, cluster-autoscaler, kots, prometheus-adapter, slsa-verifier, rancher-webhook, grafana, external-secrets-operator, kube-fluentd-operator, aws-flb-cloudwatch, falco-no-driver, nats,...
GHSA-2283-WF8C-RW8R vulnerabilities
Vulnerabilities for packages: crossplane, ko, step-ca, rancher-agent, libnvidia-container, lazydocker, cloudnative-pg, karma, splunk-otel-collector, cluster-autoscaler, kots, prometheus-adapter, xeol, slsa-verifier, rancher-webhook, grafana, external-secrets-operator, secrets-store-csi-driver,...
GHSA-QC64-M6C2-V4X7 vulnerabilities
Vulnerabilities for packages: cert-exporter, crossplane, ko, step-ca, rancher-agent, nfpm, libnvidia-container, incert, cloudnative-pg, lazydocker, metacontroller, karma, splunk-otel-collector, cluster-autoscaler, kots, prometheus-adapter, rancher-system-upgrade-controller, xeol, slsa-verifier,...
CVE-2026-39817 vulnerabilities
Vulnerabilities for packages: cert-exporter, crossplane, ko, step-ca, rancher-agent, nfpm, libnvidia-container, incert, cloudnative-pg, lazydocker, metacontroller, karma, splunk-otel-collector, cluster-autoscaler, kots, prometheus-adapter, rancher-system-upgrade-controller, xeol, slsa-verifier,...
CVE-2026-42501 vulnerabilities
Vulnerabilities for packages: cert-exporter, crossplane, ko, step-ca, rancher-agent, nfpm, libnvidia-container, incert, cloudnative-pg, lazydocker, metacontroller, karma, splunk-otel-collector, cluster-autoscaler, kots, prometheus-adapter, rancher-system-upgrade-controller, xeol, slsa-verifier,...
CVE-2026-39823 vulnerabilities
Vulnerabilities for packages: crossplane, ko, step-ca, rancher-agent, libnvidia-container, lazydocker, cloudnative-pg, karma, splunk-otel-collector, cluster-autoscaler, kots, prometheus-adapter, xeol, slsa-verifier, rancher-webhook, grafana, external-secrets-operator, secrets-store-csi-driver,...
CVE-2026-39820 vulnerabilities
Vulnerabilities for packages: crossplane, ko, rancher-agent, nfpm, libnvidia-container, splunk-otel-collector, cluster-autoscaler, kots, prometheus-adapter, slsa-verifier, rancher-webhook, grafana, external-secrets-operator, kube-fluentd-operator, aws-flb-cloudwatch, falco-no-driver, nats,...
GHSA-XQ5J-9R39-C3VF vulnerabilities
Vulnerabilities for packages: crossplane, ko, rancher-agent, nfpm, libnvidia-container, splunk-otel-collector, cluster-autoscaler, kots, prometheus-adapter, slsa-verifier, rancher-webhook, grafana, external-secrets-operator, kube-fluentd-operator, aws-flb-cloudwatch, falco-no-driver, nats,...
GHSA-QF3Q-3H68-MMH2 vulnerabilities
Vulnerabilities for packages: cert-exporter, crossplane, ko, step-ca, rancher-agent, nfpm, libnvidia-container, incert, cloudnative-pg, lazydocker, metacontroller, karma, splunk-otel-collector, cluster-autoscaler, kots, prometheus-adapter, rancher-system-upgrade-controller, xeol, slsa-verifier,...
CVE-2026-39836 vulnerabilities
Vulnerabilities for packages: cert-exporter, crossplane, ko, step-ca, rancher-agent, nfpm, libnvidia-container, incert, cloudnative-pg, lazydocker, metacontroller, karma, splunk-otel-collector, cluster-autoscaler, kots, prometheus-adapter, rancher-system-upgrade-controller, xeol, slsa-verifier,...
CVE-2026-42499 vulnerabilities
Vulnerabilities for packages: crossplane, ko, rancher-agent, nfpm, libnvidia-container, splunk-otel-collector, cluster-autoscaler, kots, prometheus-adapter, slsa-verifier, rancher-webhook, grafana, external-secrets-operator, kube-fluentd-operator, aws-flb-cloudwatch, falco-no-driver, nats,...
CVE-2026-40050
CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability CVE-2026-40050 in LogScale. This vulnerability only requires mitigation by customers that host specific versions of LogScale and does not affect Next-Gen SIEM customers. The vulnerability...
CrowdStrike LogScale 安全漏洞
CrowdStrike LogScale is a high-performance log management and analysis platform developed by the CrowdStrike company in the United States. There is a security vulnerability in CrowdStrike LogScale, which stems from an unvalidated path traversal issue in certain cluster API endpoints. This...