30 matches found
CVE-2026-5944
An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP port 7373 that is accessible within the network scope of the deployment environment without authentication. An unauthenticated...
CVE-2026-5944
Cisco Intersight Device Connector for Nutanix Prism Central exposes an unauthenticated API passthrough on TCP 7373. An unauthenticated network attacker can query the endpoint to enumerate cluster metadata (VM information and cluster configuration). The API is primarily read-only, but some cluster...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization in multiple functions in the gRPC API layer, including MemberList and Compact. An attacker can gain unauthorized access to sensitive cluster operations and information, such as viewing cluster topology, disrupting...
Karmada Dashboard 安全漏洞
Karmada Dashboard is a web user interface from karmada-io open source. A security vulnerability exists in versions of Karmada Dashboard prior to 0.2.0 that stems from a back-end API endpoint that does not enforce authentication, which could lead to unauthenticated users accessing sensitive cluste...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the /api/v1/secret, and /api/v1/service endpoints. An attacker can retrieve sensitive cluster information by sending unauthenticated requests directly to exposed API paths. Workaround Thi...
SUSE CVE-2025-54470
This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server. In affected versions, NeuVector does not enforce TLS certificate verification when...
CVE-2025-62250
Improper Authentication in Liferay Portal 7.4.0 through 7.4.3.132, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to send malicious data to the Lifer...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via Service Call functionality. A user with sufficient privileges to create Kyverno policies can expose all data from a Kubernetes cluster using a malicious Kyverno policy that makes external service cal...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via Service Call functionality. A user with sufficient privileges to create Kyverno policies can expose all data from a Kubernetes cluster using a malicious Kyverno policy that makes external service cal...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via Service Call functionality. A user with sufficient privileges to create Kyverno policies can expose all data from a Kubernetes cluster using a malicious Kyverno policy that makes external service cal...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via Service Call functionality. A user with sufficient privileges to create Kyverno policies can expose all data from a Kubernetes cluster using a malicious Kyverno policy that makes external service cal...
SUSE CVE-2025-23047
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An insecure default Access-Control-Allow-Origin header value could lead to sensitive data exposure for users of Cilium versions 1.14.0 through 1.14.7, 1.15.0 through 1.15.11, and 1.16.0 through 1.16.4 who...
PT-2024-3859 · Cisco · Cisco Nexus Dashboard
Name of the Vulnerable Software and Affected Versions: Cisco Nexus Dashboard affected versions not specified Description: The issue is related to insufficient access controls on a specific API endpoint, allowing a remote attacker to gain unauthorized access to protected information by sending...
CVE-2023-45859
In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster...
Hazelcast Security Breach
Hazelcast Hazelcast IMDG is a set of scalable open source data distribution platform of the U.S. Hazelcast company . The platform supports a variety of distributed data structures, supports distributed caching and other features. Hazelcast has a security vulnerability that stems from the inabilit...
Missing permission checks on Hazelcast client protocol
Impact In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster. Patches Fix versions: 5.2.5, 5.3.5,...
hazelcast: Hazelcast connection caching
A flaw was found in Hazelcast and Hazelcast Jet. This flaw may allow an attacker unauthenticated access to manipulate data in the cluster...
Privilege Escalation
github.com/open-feature/open-feature-operator is vulnerable to Privilege Escalation. The vulnerability exists due to lack of restrictions configured on open-feature-operator-controller-manager which allows a malicious attacker to gain access and read cluster data including secrets...
hazelcast: Hazelcast connection caching
A flaw was found in Hazelcast and Hazelcast Jet. This flaw may allow an attacker unauthenticated access to manipulate data in the cluster...
hazelcast: Hazelcast connection caching
A flaw was found in Hazelcast and Hazelcast Jet. This flaw may allow an attacker unauthenticated access to manipulate data in the cluster...