97 matches found
EUVD-2026-39652
Dell Dell Container Storage Modules, versions csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A high privileged attacker with remote access...
CVE-2026-40711
Dell Dell Container Storage Modules, versions csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A high privileged attacker with remote access...
CVE-2026-40711
Dell Dell Container Storage Modules, versions csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A high privileged attacker with remote access...
Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale Container Storage Interface (CSI) are now fixed in Storage Scale Container Native 5.2.3.8 / CSI 2.14.7 and Storage Scale Container Native 6.0.1.0 / CSI 3.1.0 or higher
Summary The following vulnerabilities, which can affect IBM Storage Scale Container Storage Interface CSI CVE-2026-9167 are now fixed in Storage Scale Container Native 5.2.3.8 / CSI 2.14.7 or higher and Storage Scale Container Native 6.0.1.0 / CSI 3.1.0 or higher. Vulnerability Details...
PT-2026-44502
Warning: Critical vulnerability in Dell Container Storage Modules CVE-2026-40710 CVSS:10.0 exposes hardcoded credentials in public repos, allowing remote attackers to compromise sessions, exfiltrate data, and move laterally. https://t.co/aVABoqwNel Patch Patch Patch...
RHCOS 4 : OpenShift Container Platform 4.16.20 (RHSA-2024:8686)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8686 advisory. - buildah: Buildah allows arbitrary directory mount CVE-2024-9675 - Podman: Buildah: CRI-O: symlink traversal vulnerability in the...
CVE-2026-6437
A flaw was found in the AWS EFS CSI Driver. Remote authenticated users with PersistentVolume creation permissions can exploit an improper neutralization of argument delimiters by injecting commas into volume handling arguments. This allows for the injection of arbitrary mount options, which could...
Amazon EFS CSI Driver has mount option injection via unsanitized volumeHandle and mounttargetip fields
Summary The Amazon EFS CSI Driver is a Container Storage Interface driver that allows Kubernetes clusters to use Amazon Elastic File System. An issue exists where, under certain circumstances, unsanitized values in the volumeHandle and mounttargetip fields are passed directly to the mount command...
PT-2026-33485
Name of the Vulnerable Software and Affected Versions AWS EFS CSI Driver versions prior to v3.0.1 Description Improper neutralization of argument delimiters in the volume handling component allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount...
CVE-2026-3864
A vulnerability was discovered in the Kubernetes CSI Driver for NFS where the subDir parameter in volume identifiers was insufficiently validated. Attackers with the ability to create PersistentVolumes referencing the NFS CSI driver could craft volume identifiers containing path traversal sequenc...
EUVD-2026-13831
A vulnerability was discovered in the Kubernetes CSI Driver for NFS where the subDir parameter in volume identifiers was insufficiently validated. Attackers with the ability to create PersistentVolumes referencing the NFS CSI driver could craft volume identifiers containing path traversal sequenc...
CVE-2026-3864
CVE-2026-3864 affects the Kubernetes CSI Driver for NFS (csi-driver-nfs). The vulnerability arises from insufficient validation of the subDir parameter in volume identifiers, enabling path traversal (../) when creating PersistentVolumes and during volume deletion/cleanup. An attacker with PV crea...
MiracleLinux 9 : podman-5.2.2-9.el9 (AXSA:2024-9333:11)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9333:11 advisory. go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion CVE-2024-34155...
EUVD-2024-3170
Malicious code in bioql PyPI...
EUVD-2022-37330
Malicious code in bioql PyPI...
EUVD-2024-3181
Malicious code in bioql PyPI...
EUVD-2022-37381
Malicious code in bioql PyPI...
EUVD-2022-37382
Malicious code in bioql PyPI...
EUVD-2022-37329
Malicious code in bioql PyPI...
CVE-2025-5187 vulnerabilities
Vulnerabilities for packages: argo-rollouts, rancher-webhook, kubernetes-csi-driver-hostpath, kubernetes-dns-node-cache, mesosphere-vsphere-csi, nodetaint, rancher-system-agent, yunikorn-k8shim, vcluster, k8ssandra-client, emissary, rancher-agent, kubernetes, ip-masq-agent,...