7 matches found
CVE-2026-42600
MinIO is a high-performance object storage system. From RELEASE.2022-07-24T01-54-52Z to before RELEASE.2026-04-14T21-32-45Z, A path traversal vulnerability in MinIO's ReadMultiple internode storage-REST endpoint allows a caller holding the cluster root JWT to read files from outside the configure...
CVE-2026-42600
Summary of the vulnerability (CVE-2026-42600) : MinIO’s ReadMultiple internode storage-REST endpoint is vulnerable to path traversal when processing a msgpack-encoded ReadMultipleReq body. An attacker holding the cluster root JWT can craft a request to POST /minio/storage/{drivePath}/v63/rmpl wit...
MinIO 路径遍历漏洞
MinIO is an open-source object storage server developed by the American company MinIO. This product supports the creation of infrastructures for machine learning, analysis, and application data workloads. Versions of MinIO from RELEASE.2022-07-24T01-54-52Z to RELEASE.2026-04-14T21-32-45Z had a pa...
SUSE CVE-2025-13888
A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources CRs that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged...
GO-2025-4242 OpenShift GitOps authenticated attackers can obtain cluster root access through forged ArgoCD custom resources in github.com/redhat-developer/gitops-operator
OpenShift GitOps authenticated attackers can obtain cluster root access through forged ArgoCD custom resources in github.com/redhat-developer/gitops-operator...
CVE-2025-13888 Openshift-gitops-operator: openshift gitops: namespace admin cluster takeover via privileged jobs
A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources CRs that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged...
MAL-2025-186790 Malicious code in epsilon-class-cluster-root-xml (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 803cee7f39b9a2ab6058d1cd3ae867eab62842ca33d4e97cb5e92576816dc45e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...