Lucene search
K

417 matches found

Vulnrichment
Vulnrichment
added 2026/03/20 10:21 p.m.4 views

CVE-2026-3864 CSI Driver for NFS path traversal via subDir may delete unintended directories on the NFS server

A vulnerability was discovered in the Kubernetes CSI Driver for NFS where the subDir parameter in volume identifiers was insufficiently validated. Attackers with the ability to create PersistentVolumes referencing the NFS CSI driver could craft volume identifiers containing path traversal sequenc...

6.5CVSS5.8AI score0.00539EPSS
Exploits0References2
Kubernetes Security Advisories
Kubernetes Security Advisories
added 2026/03/17 5:54 a.m.12 views

CSI Driver for NFS path traversal via subDir may delete unintended directories on the NFS server

CVSS Rating: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H — Medium 6.5 A vulnerability was discovered in the Kubernetes CSI Driver for NFS where the subDir parameter in volume identifiers was insufficiently validated. Attackers with the ability to create PersistentVolumes referencing the NFS CSI...

6.5CVSS6.6AI score0.00539EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.11 views

PT-2026-25942

Name of the Vulnerable Software and Affected Versions Kubernetes CSI Driver for NFS affected versions not specified Description A flaw exists in the Kubernetes CSI Driver for NFS related to insufficient validation of the subDir parameter within volume identifiers. An attacker capable of creating...

6.5CVSS6AI score0.00539EPSS
Exploits0References13
Wolfi
Wolfi
added 2026/03/10 1:48 p.m.7 views

GHSA-RV83-G57W-FR8J vulnerabilities

Vulnerabilities for packages: regclient, crossplane-provider-aws-kinesis, trino, kyverno-policy-reporter-ui, openfga, gitness, flux-image-automation-controller, terraform-provider-kubernetes, bank-vaults, actions-runner-controller, stakater-reloader, sftpgo-plugin-eventsearch,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/03/10 1:48 p.m.5 views

GHSA-J3GX-2473-5FP8 vulnerabilities

Vulnerabilities for packages: regclient, crossplane-provider-aws-kinesis, trino, kyverno-policy-reporter-ui, openfga, gitness, flux-image-automation-controller, terraform-provider-kubernetes, bank-vaults, actions-runner-controller, stakater-reloader, sftpgo-plugin-eventsearch,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/03/10 1:48 p.m.6 views

GHSA-J4J7-VW47-RHFQ vulnerabilities

Vulnerabilities for packages: secrets-store-csi-driver-provider-aws, kubernetes-event-exporter, prometheus-alertmanager, crossplane-provider-aws-kinesis, kubernetes-csi-driver-nfs, trino, kyverno-policy-reporter-ui, bom, containerd, kyverno-policy-reporter, kube-rbac-proxy, openfga,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/03/10 1:48 p.m.18 views

CVE-2026-25679 vulnerabilities

Vulnerabilities for packages: regclient, crossplane-provider-aws-kinesis, trino, kyverno-policy-reporter-ui, openfga, gitness, flux-image-automation-controller, terraform-provider-kubernetes, bank-vaults, actions-runner-controller, stakater-reloader, sftpgo-plugin-eventsearch,...

7.5CVSS7AI score0.00728EPSS
Exploits0
Wolfi
Wolfi
added 2026/03/10 1:48 p.m.6 views

CVE-2026-27142 vulnerabilities

Vulnerabilities for packages: secrets-store-csi-driver-provider-aws, kubernetes-event-exporter, prometheus-alertmanager, crossplane-provider-aws-kinesis, kubernetes-csi-driver-nfs, trino, kyverno-policy-reporter-ui, bom, containerd, kyverno-policy-reporter, kube-rbac-proxy, openfga,...

6.1CVSS6.8AI score0.00328EPSS
Exploits0
Chainguard
Chainguard
added 2026/03/10 1:17 p.m.10 views

GHSA-J4J7-VW47-RHFQ vulnerabilities

Vulnerabilities for packages: k9s-fips, grafana-mimir, kyverno-policy-reporter-fips, prometheus-podman-exporter-fips, prometheus-process-exporter-fips, jobset-fips, blob-csi-fips, tfsec, crossplane-provider-gitlab, kubevela-fips, trivy-operator-fips, bank-vaults, spqr,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/03/10 1:17 p.m.5 views

GHSA-J3GX-2473-5FP8 vulnerabilities

Vulnerabilities for packages: minify, k9s-fips, grafana-mimir, kyverno-policy-reporter-fips, prometheus-nats-exporter, flux-source-watcher, minio-operator-fips, pgtimetable, prometheus-podman-exporter-fips, jobset-fips, prometheus-process-exporter-fips, blob-csi-fips, tfsec,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/03/10 1:17 p.m.7 views

CVE-2026-25679 vulnerabilities

Vulnerabilities for packages: minify, k9s-fips, grafana-mimir, kyverno-policy-reporter-fips, prometheus-nats-exporter, flux-source-watcher, minio-operator-fips, pgtimetable, prometheus-podman-exporter-fips, jobset-fips, prometheus-process-exporter-fips, blob-csi-fips, tfsec,...

7.5CVSS7AI score0.00728EPSS
Exploits0
Chainguard
Chainguard
added 2026/02/28 7:17 p.m.6 views

GHSA-9H8M-3FM2-QJRQ vulnerabilities

Vulnerabilities for packages: k9s-fips, jobset-fips, blob-csi-fips, tfsec, kubevela-fips, trivy-operator-fips, bank-vaults, rancher-system-agent, flyte, cloudbeat, vault-secrets-webhook, cass-operator, migrate, spire-server-fips, onepassword-operator, k8s-agents-operator-fips, ops-agent,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/02/20 7:48 p.m.6 views

CVE-2026-24834 vulnerabilities

Vulnerabilities for packages: azurefile-csi...

9.3CVSS5.4AI score0.00223EPSS
Exploits1
Wolfi
Wolfi
added 2026/02/20 7:48 p.m.4 views

GHSA-WWJ6-VGHV-5P64 vulnerabilities

Vulnerabilities for packages: azurefile-csi...

5.4AI score
Exploits0
Chainguard
Chainguard
added 2026/02/20 7:17 p.m.8 views

CVE-2026-24834 vulnerabilities

Vulnerabilities for packages: azurefile-csi-fips, azurefile-csi...

9.3CVSS5.9AI score0.00223EPSS
Exploits1
Chainguard
Chainguard
added 2026/02/20 7:17 p.m.5 views

GHSA-WWJ6-VGHV-5P64 vulnerabilities

Vulnerabilities for packages: azurefile-csi-fips, azurefile-csi...

5.9AI score
Exploits0
Wolfi
Wolfi
added 2026/02/10 1:48 p.m.5 views

GHSA-8JVR-VH7G-F8GX vulnerabilities

Vulnerabilities for packages: pombump, regclient, crossplane-provider-aws-kinesis, rekor, kyverno-policy-reporter-ui, trino, velero-plugin-for-csi, flannel-cni-plugin, openfga, ip-masq-agent, gitness, dagdotdev, flux-image-automation-controller, chart-testing, terraform-provider-kubernetes,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/02/10 1:48 p.m.26 views

CVE-2025-68121 vulnerabilities

Vulnerabilities for packages: regclient, crossplane-provider-aws-kinesis, rekor, kyverno-policy-reporter-ui, trino, openfga, ip-masq-agent, gitness, dagdotdev, flux-image-automation-controller, chart-testing, terraform-provider-kubernetes, bank-vaults, actions-runner-controller, stakater-reloader...

10CVSS6.8AI score0.00765EPSS
Exploits1
Wolfi
Wolfi
added 2026/02/10 1:48 p.m.15 views

CVE-2025-61732 vulnerabilities

Vulnerabilities for packages: pombump, regclient, crossplane-provider-aws-kinesis, rekor, kyverno-policy-reporter-ui, trino, velero-plugin-for-csi, flannel-cni-plugin, openfga, ip-masq-agent, gitness, dagdotdev, flux-image-automation-controller, chart-testing, terraform-provider-kubernetes,...

8.6CVSS7AI score0.00472EPSS
Exploits0
Chainguard
Chainguard
added 2026/02/10 1:17 p.m.5 views

GHSA-8JVR-VH7G-F8GX vulnerabilities

Vulnerabilities for packages: minify, k9s-fips, grafana-mimir, kyverno-policy-reporter-fips, flux-source-watcher, minio-operator-fips, pgtimetable, prometheus-podman-exporter-fips, jobset-fips, prometheus-process-exporter-fips, blob-csi-fips, capslock, crossplane-provider-aws-ecr-fips,...

6.1AI score
Exploits0
Rows per page
Query Builder