CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

71 matches found

GHSA-XHF5-7WJV-PQXP vulnerabilities

Vulnerabilities for packages: tigera-operator-fips, kubescape-server-fips, trivy-operator, chartmuseum-fips, docker-cli-buildx-fips, helmfile, gatekeeper, chainctl, spegel-fips, chaos-mesh-fips, scorecard, kube-mgmt, chaos-mesh, tigera-operator, docker-compose, grype, xeol,...

5.8AI score

Exploits0

RedhatCVE•added 2026/06/16 10:43 a.m.•8 views

CVE-2026-47190

A flaw was found in the Cluster API Provider Metal3 IP Address Manager IPAM controller. The controller's ClusterRole granted excessive permissions, allowing full create, read, update, and delete CRUD access to core/v1 Secrets. If the controller pod were compromised, an attacker could leverage the...

6.4CVSS5.3AI score0.00421EPSS

Exploits0References7

NVD•added 2026/06/12 4:16 p.m.•10 views

CVE-2026-47190

IPAM is the IP address Manager for Cluster API Provider Metal3. Prior to versions 1.11.7, 1.12.4, and 1.13.0, the IPAM controller's ClusterRole granted full CRUD permissions create, delete, get, list, patch, update, watch on core/v1 Secrets. The controller never accesses Secrets during normal...

4.4CVSS0.00421EPSS

Exploits0References4

EUVD•added 2026/06/12 3:49 p.m.•6 views

EUVD-2026-36500

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15 fail to sanitize the Remote Cluster API response on PATCH operations, which allows authenticated users with the managesecureconnections permission to obtain remote cluster authentication tokens via a PATCH request to the...

6.5CVSS5.4AI score0.00255EPSS

Exploits0References1

EUVD•added 2026/06/12 2:49 p.m.•8 views

EUVD-2026-36463

4.4CVSS5.3AI score0.00421EPSS

Exploits0References4

Positive Technologies•added 2026/05/29 12:0 a.m.•10 views

PT-2026-45027

Name of the Vulnerable Software and Affected Versions IPAM versions prior to 1.11.7 IPAM versions prior to 1.12.4 IPAM versions prior to 1.13.0 Description The IPAM controller's ClusterRole grants excessive CRUD permissions create, delete, get, list, patch, update, watch on core/v1 Secrets, despi...

4.4CVSS5.3AI score0.00421EPSS

Exploits0References8

Wolfi•added 2026/05/22 7:48 p.m.•22 views

CVE-2026-46680 vulnerabilities

Vulnerabilities for packages: trivy, dagger, datadog-agent, kaniko, kots, chartmuseum, kubevela, tigera-operator, trivy-operator, wolfictl, tw, osv-scanner, neuvector-scanner, containerd, ctop, opa, teleport, docker, manifest-tool, zot, helm-operator, helm-set-status, xeol, rancher-helm,...

5.8AI score0.00019EPSS

Exploits1

Wolfi•added 2026/05/22 7:48 p.m.•22 views

GHSA-FQW6-GF59-QR4W vulnerabilities

5.8AI score

Exploits0

Chainguard•added 2026/05/22 7:17 p.m.•11 views

CVE-2026-46680 vulnerabilities

Vulnerabilities for packages: tigera-operator-fips, kubescape-server-fips, trivy-operator, chartmuseum-fips, docker-cli-buildx-fips, gatekeeper, gitlab-rails-ce, chainctl, spegel-fips, opa-envoy, opa-fips-envoy, chaos-mesh-fips, scorecard, kube-mgmt, chaos-mesh, tigera-operator, docker-compose,...

5.8AI score0.00019EPSS

Exploits1

Chainguard•added 2026/05/09 7:17 a.m.•11 views

CVE-2026-42499 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-elbv2-fips, skopeo, crossplane-provider-aws-ecr, crossplane-provider-aws-sqs-fips, crossplane-provider-aws-backup, ceph-csi-operator-fips, drone-fips, knative-operator-fips, crossplane-provider-aws-servicediscovery, cortex-fips, gatekeeper,...

7.5CVSS5.8AI score0.00577EPSS

Exploits0

Chainguard•added 2026/05/09 7:17 a.m.•13 views

CVE-2026-39820 vulnerabilities

7.5CVSS5.8AI score0.00369EPSS

Exploits0

Chainguard•added 2026/05/09 7:17 a.m.•9 views

GHSA-XQ5J-9R39-C3VF vulnerabilities

5.8AI score

Exploits0

Wolfi•added 2026/05/09 2:21 a.m.•14 views

CVE-2026-42501 vulnerabilities

Vulnerabilities for packages: metacontroller, telegraf, cargobump, cluster-proportional-autoscaler, mountpoint-s3-csi-driver, atlantis, kots, paranoia, tigera-operator, opentelemetry-collector, kaf, cluster-autoscaler, migrate, controller-gen, docker, manifest-tool, pdfcpu, terraform-provider-tls...

7.5CVSS5.8AI score0.00231EPSS

Exploits0

Wolfi•added 2026/05/09 2:21 a.m.•16 views

CVE-2026-39817 vulnerabilities

5.9CVSS5.8AI score0.0017EPSS

Exploits0

Wolfi•added 2026/05/09 2:21 a.m.•15 views

CVE-2026-42499 vulnerabilities

Vulnerabilities for packages: telegraf, atlantis, kots, kaf, cluster-autoscaler, keda, cluster-api, helm-operator, k3s, helm, scorecard, conftest, ko, cortex, libnvidia-container, k8ssandra-client, rancher, prometheus-operator, runc, gatus, rancher-agent, kpt, cloud-provider-azure, nfpm, nerdctl,...

7.5CVSS5.8AI score0.00577EPSS

Exploits0

Wolfi•added 2026/05/09 2:21 a.m.•15 views

GHSA-2283-WF8C-RW8R vulnerabilities

Vulnerabilities for packages: telegraf, atlantis, kots, kaf, cluster-autoscaler, migrate, terraform-provider-tls, keda, step-ca, cluster-api, helm-operator, certificate-transparency, redpanda, k3s, step-issuer, prometheus-pushgateway, helm, step, sops, scorecard, conftest, ko, cortex,...

5.8AI score

Exploits0

Wolfi•added 2026/05/09 2:21 a.m.•13 views

GHSA-XQ5J-9R39-C3VF vulnerabilities

5.8AI score

Exploits0

Wolfi•added 2026/05/09 2:21 a.m.•13 views

CVE-2026-39823 vulnerabilities

6.1CVSS5.8AI score0.00314EPSS

Exploits0

Wolfi•added 2026/05/09 2:21 a.m.•13 views

CVE-2026-39836 vulnerabilities

Vulnerabilities for packages: metacontroller, telegraf, cluster-proportional-autoscaler, mountpoint-s3-csi-driver, atlantis, kots, paranoia, tigera-operator, opentelemetry-collector, kaf, cluster-autoscaler, migrate, controller-gen, pdfcpu, manifest-tool, terraform-provider-tls, keda, step-ca,...

7.5CVSS5.8AI score0.00588EPSS

Exploits0

Wolfi•added 2026/05/09 2:21 a.m.•12 views

CVE-2026-39820 vulnerabilities

7.5CVSS5.8AI score0.00369EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by