CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

133 matches found

OSV•added 4 days ago•4 views

GHSA-WFQX-GJRF-G28R Crossplane: Signature verification TOCTOU allows installing unverified package content via mutable tag

Summary Crossplane allows package signature verification to be configured via the ImageConfig mechanism. When enabled, the package manager uses cosign to verify that packages are correctly signed before pulling and installing them. When a package is installed using a tag reference e.g., a semanti...

9CVSS5.7AI score

Exploits0References2

Wolfi•added 2026/05/20 7:48 p.m.•12 views

GHSA-M7CR-M3PV-HGRP vulnerabilities

Vulnerabilities for packages: nfpm, gitea, gptscript, external-secrets-operator, crossplane, kubescape, flux-image-automation-controller, teleport, wolfictl, kyverno, k9s, pulumi-language-dotnet, src-fingerprint, argo-cd, grafana-alloy, kaniko, pulumi-kubernetes-operator, gitlab-runner,...

Wolfi•added 2026/05/20 7:48 p.m.•12 views

GHSA-CRHJ-59GH-8X96 vulnerabilities

Vulnerabilities for packages: nfpm, gitea, gptscript, external-secrets-operator, crossplane, kubescape, flux-image-automation-controller, teleport, wolfictl, kyverno, k9s, pulumi-language-dotnet, src-fingerprint, argo-cd, grafana-alloy, kaniko, pulumi-kubernetes-operator, gitlab-runner,...

Wolfi•added 2026/05/20 7:48 p.m.•13 views

CVE-2026-45571 vulnerabilities

Vulnerabilities for packages: nfpm, gitea, gptscript, external-secrets-operator, crossplane, kubescape, flux-image-automation-controller, teleport, wolfictl, kyverno, k9s, pulumi-language-dotnet, src-fingerprint, argo-cd, grafana-alloy, kaniko, pulumi-kubernetes-operator, gitlab-runner,...

5.4CVSS5.8AI score0.00297EPSS

Wolfi•added 2026/05/20 7:48 p.m.•11 views

CVE-2026-45570 vulnerabilities

Vulnerabilities for packages: nfpm, gitea, gptscript, external-secrets-operator, crossplane, kubescape, flux-image-automation-controller, teleport, wolfictl, kyverno, k9s, pulumi-language-dotnet, src-fingerprint, argo-cd, grafana-alloy, kaniko, pulumi-kubernetes-operator, gitlab-runner,...

9.6CVSS5.8AI score0.00365EPSS

Chainguard•added 2026/05/20 7:17 p.m.•12 views

CVE-2026-45571 vulnerabilities

Vulnerabilities for packages: trivy, coder-fips, nuclei, gitlab-runner, scorecard, mapotf-fips, kubescape-server, kaniko-fips, google-osconfig-agent, redpanda-console, gitea, flux-fips, kubescape, guac, snyk-cli, argo-workflows-fips, argocd-image-updater, grype, argo-workflows, bom, cloudbeat-fip...

5.4CVSS5.8AI score0.00297EPSS

Chainguard•added 2026/05/20 7:17 p.m.•6 views

GHSA-CRHJ-59GH-8X96 vulnerabilities

Vulnerabilities for packages: trivy, coder-fips, nuclei, gitlab-runner, scorecard, mapotf-fips, kubescape-server, kaniko-fips, google-osconfig-agent, redpanda-console, gitea, flux-fips, kubescape, guac, snyk-cli, argo-workflows-fips, argocd-image-updater, grype, argo-workflows, bom, cloudbeat-fip...

Chainguard•added 2026/05/20 7:17 p.m.•5 views

GHSA-M7CR-M3PV-HGRP vulnerabilities

Vulnerabilities for packages: trivy, coder-fips, nuclei, gitlab-runner, scorecard, mapotf-fips, kubescape-server, kaniko-fips, google-osconfig-agent, redpanda-console, gitea, flux-fips, kubescape, guac, snyk-cli, argo-workflows-fips, argocd-image-updater, grype, argo-workflows, bom, cloudbeat-fip...

Chainguard•added 2026/05/20 7:17 p.m.•7 views

CVE-2026-45570 vulnerabilities

Vulnerabilities for packages: trivy, coder-fips, nuclei, gitlab-runner, scorecard, mapotf-fips, kubescape-server, kaniko-fips, google-osconfig-agent, redpanda-console, gitea, flux-fips, kubescape, guac, snyk-cli, argo-workflows-fips, argocd-image-updater, grype, argo-workflows, bom, cloudbeat-fip...

9.6CVSS5.8AI score0.00365EPSS

Wolfi•added 2026/05/12 7:48 a.m.•9 views

GHSA-389R-GV7P-R3RP vulnerabilities

Vulnerabilities for packages: nfpm, gitea, gptscript, external-secrets-operator, crossplane, kubescape, flux-image-automation-controller, teleport, wolfictl, kyverno, k9s, pulumi-language-dotnet, src-fingerprint, argo-cd, grafana-alloy, kaniko, pulumi-kubernetes-operator, gitlab-runner,...

Chainguard•added 2026/05/12 7:19 a.m.•31 views

CVE-2026-45022 vulnerabilities

Vulnerabilities for packages: trivy, coder-fips, nuclei, gitlab-runner, scorecard, mapotf-fips, kubescape-server, grafana, kaniko-fips, google-osconfig-agent, redpanda-console, gitea, flux-fips, kubescape, guac, snyk-cli, argo-workflows-fips, argocd-image-updater, grype, argo-workflows, bom,...

7.5CVSS5.8AI score0.00147EPSS

Wolfi•added 2026/05/09 7:48 p.m.•14 views

GHSA-PMWQ-PJRM-6P5R vulnerabilities

Vulnerabilities for packages: gh, vexctl, crossplane, kubescape, slsa-verifier, teleport, kyverno, docker, policy-controller, tflint, gitlab-runner, trivy, skaffold, falcoctl, rekor, docker-compose, docker-cli-buildx, flux-source-controller, gitsign, bom, kyverno-notation-aws, guac,...

Chainguard•added 2026/05/09 7:17 p.m.•5 views

GHSA-PMWQ-PJRM-6P5R vulnerabilities

Vulnerabilities for packages: trivy, reports-server, ko, livekit-cli, gitlab-runner, vexctl, docker-compose, kubescape-server, aactl, docker-cli-buildx, kubescape, guac, policy-controller, buildkitd, gh, bom, cloudbeat-fips, ko-fips, chainloop-cli-fips, docker, image-factory, tekton-chains-fips,...

Wolfi•added 2026/05/09 2:21 a.m.•19 views

CVE-2026-33814 vulnerabilities

Vulnerabilities for packages: secrets-store-csi-driver-provider-aws, kubernetes-csi-external-snapshotter, infinispan-operator, kubernetes-dashboard-metrics-scraper, vcluster, kserve-modelmesh-serving, newrelic-nri-statsd, gatekeeper, metrics-server, sftpgo, kubernetes-dashboard-web,...

7.5CVSS5.8AI score0.00565EPSS

Chainguard•added 2026/05/06 7:17 p.m.•25 views

CVE-2026-41506 vulnerabilities

Vulnerabilities for packages: trivy, nuclei, gitlab-runner, scorecard, mapotf-fips, kubescape-server, grafana, kaniko-fips, google-osconfig-agent, redpanda-console, gitea, flux-fips, kubescape, guac, snyk-cli, argo-workflows-fips, argocd-image-updater, grype, argo-workflows, bom, cloudbeat-fips,...

7.4CVSS5.8AI score0.00259EPSS

vulnersOsv•added 2026/04/28 12:0 a.m.•8 views

io.crossplane.compositefunctions:crossplane-function-example (>=1.20-alpha <=2.0.5), io.crossplane.compositefunctions:crossplane-function-springboot-starter (>=1.20-alpha <=2.0.5) +19 more potentially affected by CVE-2026-40969 via org.springframework.grpc:spring-grpc-core (>=1.0.0-RC1 <=1.0.2)

org.springframework.grpc:spring-grpc-core MAVEN version =1.0.0-RC1, =1.20-alpha, =1.20-alpha, =2026.01, =0.8.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =1.0.0, =1.0.0, =1.0.2 - org.springframew...

5.3CVSS5.8AI score0.002EPSS

Chainguard•added 2026/04/25 7:17 p.m.•4 views

GHSA-MH2Q-Q3FH-2475 vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure-notificationhubs, trivy, knative-net-istio-fips, kapp, datadog-agent, influxd, crossplane-provider-azure-managedidentity, trident, gatus-fips, crossplane-provider-aws-secretsmanager-fips, docker-machine-driver-harvester,...

Chainguard•added 2026/04/25 7:17 p.m.•7 views

CVE-2026-29181 vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure-notificationhubs, trivy, knative-net-istio-fips, kapp, datadog-agent, influxd, crossplane-provider-azure-managedidentity, trident, gatus-fips, crossplane-provider-aws-secretsmanager-fips, docker-machine-driver-harvester,...

7.5CVSS5.8AI score0.00329EPSS

Wolfi•added 2026/04/17 1:48 a.m.•10 views

GHSA-XM5M-WGH2-RRG3 vulnerabilities

Vulnerabilities for packages: gh, vexctl, crossplane, kubescape, kyverno, docker, policy-controller, tflint, trivy, skaffold, falcoctl, docker-cli-buildx, flux-source-controller, sigstore-scaffolding, gitsign, kyverno-notation-aws, neuvector-sigstore-interface, witness, zot, goreleaser,...

Wolfi•added 2026/04/17 1:48 a.m.•5 views

CVE-2026-39984 vulnerabilities

Vulnerabilities for packages: gh, vexctl, crossplane, kubescape, kyverno, docker, policy-controller, tflint, trivy, skaffold, falcoctl, docker-cli-buildx, flux-source-controller, sigstore-scaffolding, gitsign, kyverno-notation-aws, neuvector-sigstore-interface, witness, zot, goreleaser,...

5.5CVSS7.1AI score0.00099EPSS

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by