Lucene search
+L

140 matches found

nessus
nessus
added 2026/05/09 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1070e Security Update: kubernetes (UTSA-2026-017342)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017342 advisory. A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows...

5.8CVSS7.2AI score0.00361EPSS
Exploits0References4
nessus
nessus
added 2026/05/06 12:0 a.m.9 views

RHCOS 4 : OpenShift Container Platform 4.4.8 openshift (RHSA-2020:2448)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2448 advisory. - kubernetes: Server side request forgery SSRF in kube-controller-manager allows users to leak secret information CVE-2020-8555 Note that...

6.3CVSS7.3AI score0.03679EPSS
Exploits0References5
nessus
nessus
added 2026/05/06 12:0 a.m.9 views

RHCOS 4 : OpenShift Container Platform 4.2.36 openshift (RHSA-2020:2594)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2594 advisory. - kubernetes: Server side request forgery SSRF in kube-controller-manager allows users to leak secret information CVE-2020-8555 Note that...

6.3CVSS7.3AI score0.03679EPSS
Exploits0References5
cgr
cgr
added 2026/04/11 2:18 a.m.71 views

GHSA-5W89-2C2X-6X66 vulnerabilities

Vulnerabilities for packages: promxy, dragonfly-operator-fips, nri-rabbitmq-fips, wait-for-port-fips, nri-postgresql, litmus-chaos-operator, trust-manager-fips, cluster-proportional-autoscaler-fips, gobuster, dask-gateway, thanos-operator, prometheus, yace, emissary, slsa-verifier, authservice,...

6.1AI score
Exploits0
cgr
cgr
added 2026/04/11 2:18 a.m.14 views

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: kor, secrets-store-csi-driver-provider-aws-fips, promxy, malcontent, cerbos, dragonfly-operator-fips, langfuse-fips, spicedb-operator, cluster-api-ipam-provider-in-cluster, aws-privateca-issuer, nri-rabbitmq-fips, azurefile-csi, neuvector, secrets-store-csi-driver,...

7.5CVSS6.9AI score0.00621EPSS
Exploits0
nessus
nessus
added 2026/02/26 12:0 a.m.7 views

Cisco Catalyst SD-WAN Controller Authentication Bypass (cisco-sa-sdwan-rpa-EHchtZk)

According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a vulnerability. - A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an...

10CVSS7.7AI score0.57793EPSS
Exploits10References3
osv
osv
added 2025/12/16 7:39 p.m.4 views

GO-2025-4240 Half-blind Server Side Request Forgery in kube-controller-manager through in-tree Portworx StorageClass in k8s.io/kubernetes

Half-blind Server Side Request Forgery in kube-controller-manager through in-tree Portworx StorageClass in k8s.io/kubernetes...

5.8CVSS6.9AI score0.00361EPSS
Exploits0References7
mscve
mscve
added 2025/12/16 9:1 a.m.6 views

Portworx Half-Blind SSRF in kube-controller-manager

...

5.8CVSS7AI score0.00361EPSS
Exploits0
redhatcve
redhatcve
added 2025/12/15 4:20 p.m.5 views

CVE-2025-13281

A half-blind Server-Side Request Forgery SSRF found in kube-controller-manager that can be triggered when using the legacy in-tree Portworx StorageClass. An authorized user with sufficient privileges can cause the controller to make requests to internal, host-network–accessible endpoints,...

5.8CVSS6.5AI score0.00361EPSS
Exploits0References5
euvd
euvd
added 2025/12/15 12:30 a.m.5 views

EUVD-2025-203310

A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...

5.8CVSS6.2AI score0.00361EPSS
Exploits0References4
osv
osv
added 2025/12/15 12:30 a.m.7 views

GHSA-R6J8-C6R2-37RR kube-controller-manager is vulnerable to half-blind Server Side Request Forgery through in-tree Portworx StorageClass

A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...

5.8CVSS6.7AI score0.00361EPSS
Exploits0References9
github
github
added 2025/12/15 12:30 a.m.11 views

kube-controller-manager is vulnerable to half-blind Server Side Request Forgery through in-tree Portworx StorageClass

A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...

5.8CVSS6.8AI score0.00361EPSS
Exploits0References8Affected Software1
osv
osv
added 2025/12/14 10:15 p.m.9 views

AZL-72386 CVE-2025-13281 affecting package kubernetes for versions less than 1.28.4-21

A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...

5.8CVSS5.9AI score0.00361EPSS
Exploits0References1
nvd
nvd
added 2025/12/14 10:15 p.m.9 views

CVE-2025-13281

A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...

5.8CVSS0.00361EPSS
Exploits0References3
osv
osv
added 2025/12/14 10:15 p.m.6 views

DEBIAN-CVE-2025-13281

A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...

5.8CVSS7.8AI score0.00361EPSS
Exploits0References1
osv
osv
added 2025/12/14 10:15 p.m.9 views

AZL-72382 CVE-2025-13281 affecting package kubernetes for versions less than 1.30.10-18

A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...

5.8CVSS5.9AI score0.00361EPSS
Exploits0References1
snyk
snyk
added 2025/12/14 9:39 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the kube-controller-manager when using the in-tree Portworx StorageClass. An attacker can access sensitive information from unprotected endpoints within the control plane's host network, including...

6.9CVSS6.7AI score0.00361EPSS
Exploits0References2
snyk
snyk
added 2025/12/14 9:39 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the kube-controller-manager when using the in-tree Portworx StorageClass. An attacker can access sensitive information from unprotected endpoints within the control plane's host network, including...

6.9CVSS6.7AI score0.00361EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/12/14 9:27 p.m.3 views

CVE-2025-13281 Portworx Half-Blind SSRF in kube-controller-manager

A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...

5.8CVSS6.4AI score0.00361EPSS
Exploits0References2
cvelist
cvelist
added 2025/12/14 9:27 p.m.29 views

CVE-2025-13281 Portworx Half-Blind SSRF in kube-controller-manager

A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...

5.8CVSS0.00361EPSS
Exploits0References2
Rows per page
Query Builder