CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

30 matches found

NVD•added 2026/05/28 5:16 p.m.•10 views

CVE-2026-44543

Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by...

8.7CVSS0.00361EPSS

Exploits0References1

Cvelist•added 2026/05/28 4:41 p.m.•29 views

CVE-2026-44543 Local Path Provisioner: HelperPod Template Injection

8.7CVSS0.00361EPSS

Exploits0References1

RedHat Linux•added 2026/05/19 1:27 p.m.•9 views

podman: Podman kube play command may overwrite host files

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...

8.1CVSS7.2AI score0.01008EPSS

Exploits0References6

Github Security Blog•added 2026/05/11 4:15 p.m.•6 views

Local Path Provisioner Vulnerable to HelperPod Template Injection

Impact A malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by rancher/local-path-provisioner. The helperPod.yaml template is loaded by the provisioner and used to create HelperPods during PVC...

8.7CVSS6AI score0.00361EPSS

Exploits0References3Affected Software1

OSV•added 2026/05/11 4:15 p.m.•1 views

GHSA-7FXV-8WR2-MFC4 Local Path Provisioner Vulnerable to HelperPod Template Injection

8.7CVSS6AI score0.00361EPSS

Exploits0References3

Snyk•added 2026/05/11 4:15 p.m.•2 views

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment during the processing of the helperPod.yaml template. An attacker can gain unauthorized access to sensitive host files, read ServiceAccount tokens from other pods, access other tenants' volume data, or...

8.7CVSS5.4AI score0.00361EPSS

Exploits0References3

Positive Technologies•added 2026/05/11 12:0 a.m.•5 views

PT-2026-39897

Name of the Vulnerable Software and Affected Versions local-path-provisioner versions prior to 0.0.36 Description A malicious user with permissions to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template. This template is used to crea...

8.7CVSS5.8AI score0.00361EPSS

Exploits0References5

OSV•added 2026/04/28 8:42 a.m.•0 views

BIT-KYVERNO-2026-41068 Kyverno: Cross-Namespace Read Bypasses RBAC Isolation (CVE-2026-22039 Incomplete Fix)

Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's apiCall context by validating the URLPath field. However, the ConfigMap context loader has the identical vulnerability — the...

7.7CVSS5.4AI score0.00266EPSS

Exploits1References3

Cvelist•added 2026/04/24 3:14 a.m.•24 views

CVE-2026-41068 Kyverno: Cross-Namespace Read Bypasses RBAC Isolation (CVE-2026-22039 Incomplete Fix)

7.7CVSS0.00266EPSS

Exploits1References2

Positive Technologies•added 2026/04/24 12:0 a.m.•3 views

PT-2026-34843

9.9CVSS5.8AI score0.00516EPSS

Exploits2References5

Snyk•added 2026/04/16 9:35 p.m.•4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the ConfigMap context loader due to missing validation of the namespace value. An attacker can access sensitive data from ConfigMaps in unauthorized namespaces by creating a policy that references another...

7.7CVSS5.7AI score0.00266EPSS

Exploits1References2

Broadcom•added 2026/03/03 12:0 a.m.•17 views

Podman Vulnerable to Arbitrary File Write via Symbolic Link Traversal in 'play.go' File

Podman contains a symbolic link traversal vulnerability when the kube play command is used with a 'ConfigMap' or secret volume mount. A remote attacker could exploit this by creating a malicious symbolic link on the volume in order to overwrite the contents of arbitrary files, however the attacke...

8.1CVSS6.1AI score0.01008EPSS

Exploits0

RedhatCVE•added 2026/01/21 3:27 p.m.•4 views

CVE-2025-36058

IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers may disclose sensitve configuration informatio...

5.5CVSS5.3AI score0.0011EPSS

Exploits0References1

OSV•added 2026/01/20 4:16 p.m.•3 views

CVE-2025-36058

5.5CVSS7.3AI score

Exploits0References1

NVD•added 2026/01/20 4:16 p.m.•4 views

CVE-2025-36058

5.5CVSS0.0011EPSS

Exploits0References1

CVE•added 2026/01/20 3:9 p.m.•23 views

CVE-2025-36058

CVE-2025-36058 affects IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers. The issue could disclose sensitve configuration information stored in a config map. Red Hat/IBM advisories and IBM Security Bulletins identify the affected versions as: IBM Cloud Pak for ...

5.5CVSS8.4AI score0.0011EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/01/20 3:9 p.m.•15 views

CVE-2025-36058 Multiple security vulnerabilities are addressed in IBM Business Automation Workflow Containers fixes December 2025

5.5CVSS0.0011EPSS

Exploits0References1