PT-2026-44502

Warning: Critical vulnerability in Dell Container Storage Modules CVE-2026-40710 CVSS:10.0 exposes hardcoded credentials in public repos, allowing remote attackers to compromise sessions, exfiltrate data, and move laterally. https://t.co/aVABoqwNel Patch Patch Patch...

RHCOS 4 : OpenShift Container Platform 4.16.20 (RHSA-2024:8686)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8686 advisory. - buildah: Buildah allows arbitrary directory mount CVE-2024-9675 - Podman: Buildah: CRI-O: symlink traversal vulnerability in the...

CVE-2026-6437

A flaw was found in the AWS EFS CSI Driver. Remote authenticated users with PersistentVolume creation permissions can exploit an improper neutralization of argument delimiters by injecting commas into volume handling arguments. This allows for the injection of arbitrary mount options, which could...

Amazon EFS CSI Driver has mount option injection via unsanitized volumeHandle and mounttargetip fields

Summary The Amazon EFS CSI Driver is a Container Storage Interface driver that allows Kubernetes clusters to use Amazon Elastic File System. An issue exists where, under certain circumstances, unsanitized values in the volumeHandle and mounttargetip fields are passed directly to the mount command...

PT-2026-33485

Name of the Vulnerable Software and Affected Versions AWS EFS CSI Driver versions prior to v3.0.1 Description Improper neutralization of argument delimiters in the volume handling component allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount...

CVE-2026-3864

A vulnerability was discovered in the Kubernetes CSI Driver for NFS where the subDir parameter in volume identifiers was insufficiently validated. Attackers with the ability to create PersistentVolumes referencing the NFS CSI driver could craft volume identifiers containing path traversal sequenc...

EUVD-2026-13831

A vulnerability was discovered in the Kubernetes CSI Driver for NFS where the subDir parameter in volume identifiers was insufficiently validated. Attackers with the ability to create PersistentVolumes referencing the NFS CSI driver could craft volume identifiers containing path traversal sequenc...

CVE-2026-3864

CVE-2026-3864 affects the Kubernetes CSI Driver for NFS (csi-driver-nfs). The vulnerability arises from insufficient validation of the subDir parameter in volume identifiers, enabling path traversal (../) when creating PersistentVolumes and during volume deletion/cleanup. An attacker with PV crea...

MiracleLinux 9 : podman-5.2.2-9.el9 (AXSA:2024-9333:11)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9333:11 advisory. go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion CVE-2024-34155...

EUVD-2024-3181

Malicious code in bioql PyPI...

EUVD-2024-3170

Malicious code in bioql PyPI...

EUVD-2022-37381

Malicious code in bioql PyPI...

EUVD-2022-37382

Malicious code in bioql PyPI...

EUVD-2022-37329

Malicious code in bioql PyPI...

EUVD-2022-37330

Malicious code in bioql PyPI...

CVE-2025-5187 vulnerabilities

Vulnerabilities for packages: yunikorn-k8shim, rancher, nodetaint, emissary, ip-masq-agent, docker-machine-driver-harvester, kubernetes-dns-node-cache, azurefile-csi, mesosphere-vsphere-csi, k8ssandra-client, kubernetes-csi-driver-hostpath, kubernetes, argo-rollouts, rancher-system-agent,...

CVE-2022-45157

A vulnerability has been identified in the way that Rancher stores vSphere's CPI Cloud Provider Interface and CSI Container Storage Interface credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being stored in a plaintext...

Podman: Buildah: CRI-O: symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS)

A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace...

SUSE CVE-2024-10975

Nomad Community and Nomad Enterprise "Nomad" volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container Storage Interface CSI volume writes. This vulnerability, identified as CVE-2024-10975, is fixed in Nomad Community Edition 1.9.2 and Nomad...

PT-2024-9996

Name of the Vulnerable Software and Affected Versions: Hashicorp Nomad versions prior to 1.9.2 Hashicorp Nomad versions prior to 1.8.7 Hashicorp Nomad versions prior to 1.7.15 Description: The issue is related to the Container Storage Interface CSI component of the Nomad application orchestrator,...