417 matches found
CVE-2026-3864 CSI Driver for NFS path traversal via subDir may delete unintended directories on the NFS server
A vulnerability was discovered in the Kubernetes CSI Driver for NFS where the subDir parameter in volume identifiers was insufficiently validated. Attackers with the ability to create PersistentVolumes referencing the NFS CSI driver could craft volume identifiers containing path traversal sequenc...
CSI Driver for NFS path traversal via subDir may delete unintended directories on the NFS server
CVSS Rating: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H — Medium 6.5 A vulnerability was discovered in the Kubernetes CSI Driver for NFS where the subDir parameter in volume identifiers was insufficiently validated. Attackers with the ability to create PersistentVolumes referencing the NFS CSI...
PT-2026-25942
Name of the Vulnerable Software and Affected Versions Kubernetes CSI Driver for NFS affected versions not specified Description A flaw exists in the Kubernetes CSI Driver for NFS related to insufficient validation of the subDir parameter within volume identifiers. An attacker capable of creating...
GHSA-RV83-G57W-FR8J vulnerabilities
Vulnerabilities for packages: regclient, crossplane-provider-aws-kinesis, trino, kyverno-policy-reporter-ui, openfga, gitness, flux-image-automation-controller, terraform-provider-kubernetes, bank-vaults, actions-runner-controller, stakater-reloader, sftpgo-plugin-eventsearch,...
GHSA-J3GX-2473-5FP8 vulnerabilities
Vulnerabilities for packages: regclient, crossplane-provider-aws-kinesis, trino, kyverno-policy-reporter-ui, openfga, gitness, flux-image-automation-controller, terraform-provider-kubernetes, bank-vaults, actions-runner-controller, stakater-reloader, sftpgo-plugin-eventsearch,...
GHSA-J4J7-VW47-RHFQ vulnerabilities
Vulnerabilities for packages: secrets-store-csi-driver-provider-aws, kubernetes-event-exporter, prometheus-alertmanager, crossplane-provider-aws-kinesis, kubernetes-csi-driver-nfs, trino, kyverno-policy-reporter-ui, bom, containerd, kyverno-policy-reporter, kube-rbac-proxy, openfga,...
CVE-2026-25679 vulnerabilities
Vulnerabilities for packages: regclient, crossplane-provider-aws-kinesis, trino, kyverno-policy-reporter-ui, openfga, gitness, flux-image-automation-controller, terraform-provider-kubernetes, bank-vaults, actions-runner-controller, stakater-reloader, sftpgo-plugin-eventsearch,...
CVE-2026-27142 vulnerabilities
Vulnerabilities for packages: secrets-store-csi-driver-provider-aws, kubernetes-event-exporter, prometheus-alertmanager, crossplane-provider-aws-kinesis, kubernetes-csi-driver-nfs, trino, kyverno-policy-reporter-ui, bom, containerd, kyverno-policy-reporter, kube-rbac-proxy, openfga,...
GHSA-J4J7-VW47-RHFQ vulnerabilities
Vulnerabilities for packages: k9s-fips, grafana-mimir, kyverno-policy-reporter-fips, prometheus-podman-exporter-fips, prometheus-process-exporter-fips, jobset-fips, blob-csi-fips, tfsec, crossplane-provider-gitlab, kubevela-fips, trivy-operator-fips, bank-vaults, spqr,...
GHSA-J3GX-2473-5FP8 vulnerabilities
Vulnerabilities for packages: minify, k9s-fips, grafana-mimir, kyverno-policy-reporter-fips, prometheus-nats-exporter, flux-source-watcher, minio-operator-fips, pgtimetable, prometheus-podman-exporter-fips, jobset-fips, prometheus-process-exporter-fips, blob-csi-fips, tfsec,...
CVE-2026-25679 vulnerabilities
Vulnerabilities for packages: minify, k9s-fips, grafana-mimir, kyverno-policy-reporter-fips, prometheus-nats-exporter, flux-source-watcher, minio-operator-fips, pgtimetable, prometheus-podman-exporter-fips, jobset-fips, prometheus-process-exporter-fips, blob-csi-fips, tfsec,...
GHSA-9H8M-3FM2-QJRQ vulnerabilities
Vulnerabilities for packages: k9s-fips, jobset-fips, blob-csi-fips, tfsec, kubevela-fips, trivy-operator-fips, bank-vaults, rancher-system-agent, flyte, cloudbeat, vault-secrets-webhook, cass-operator, migrate, spire-server-fips, onepassword-operator, k8s-agents-operator-fips, ops-agent,...
CVE-2026-24834 vulnerabilities
Vulnerabilities for packages: azurefile-csi...
GHSA-WWJ6-VGHV-5P64 vulnerabilities
Vulnerabilities for packages: azurefile-csi...
CVE-2026-24834 vulnerabilities
Vulnerabilities for packages: azurefile-csi-fips, azurefile-csi...
GHSA-WWJ6-VGHV-5P64 vulnerabilities
Vulnerabilities for packages: azurefile-csi-fips, azurefile-csi...
GHSA-8JVR-VH7G-F8GX vulnerabilities
Vulnerabilities for packages: pombump, regclient, crossplane-provider-aws-kinesis, rekor, kyverno-policy-reporter-ui, trino, velero-plugin-for-csi, flannel-cni-plugin, openfga, ip-masq-agent, gitness, dagdotdev, flux-image-automation-controller, chart-testing, terraform-provider-kubernetes,...
CVE-2025-68121 vulnerabilities
Vulnerabilities for packages: regclient, crossplane-provider-aws-kinesis, rekor, kyverno-policy-reporter-ui, trino, openfga, ip-masq-agent, gitness, dagdotdev, flux-image-automation-controller, chart-testing, terraform-provider-kubernetes, bank-vaults, actions-runner-controller, stakater-reloader...
CVE-2025-61732 vulnerabilities
Vulnerabilities for packages: pombump, regclient, crossplane-provider-aws-kinesis, rekor, kyverno-policy-reporter-ui, trino, velero-plugin-for-csi, flannel-cni-plugin, openfga, ip-masq-agent, gitness, dagdotdev, flux-image-automation-controller, chart-testing, terraform-provider-kubernetes,...
GHSA-8JVR-VH7G-F8GX vulnerabilities
Vulnerabilities for packages: minify, k9s-fips, grafana-mimir, kyverno-policy-reporter-fips, flux-source-watcher, minio-operator-fips, pgtimetable, prometheus-podman-exporter-fips, jobset-fips, prometheus-process-exporter-fips, blob-csi-fips, capslock, crossplane-provider-aws-ecr-fips,...