353 matches found
Improper Authorization
Fleet is vulnerable to Improper Authorization. The vulnerability is due to incomplete application of ServiceAccount impersonation in certain Helm deployer code paths, which allows an attacker with git push access to read secrets from arbitrary namespaces on downstream clusters...
CVE-2026-41050
Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their GitRepo...
CVE-2026-41050
Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their GitRepo...
CVE-2026-41050 Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering
Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their GitRepo...
CVE-2026-41050
CVE-2026-41050 describes a multi-tenant isolation failure in Fleet’s Helm deployer where ServiceAccount impersonation was not consistently applied in two code paths, causing the Helm template engine to run Kubernetes API queries and read Secret/ConfigMap references with the fleet-agent’s cluster-...
CVE-2026-41050 Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering
Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their GitRepo...
CVE-2026-41050
Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their GitRepo...
Fleet 安全漏洞
Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. There is a security vulnerability in Fleet, which stems...
MAL-2026-2754 Malicious code in deployer-kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da11ad369455db7b2449adf6bc2da43741e5ae36ae35188889dab9cbd7f221b8 The package deployer-kit was found to contain malicious code...
Malicious code in deployer-kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da11ad369455db7b2449adf6bc2da43741e5ae36ae35188889dab9cbd7f221b8 The package deployer-kit was found to contain malicious code...
CVE-2019-16560
A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system...
CVE-2019-16559
A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers with Overall/Read permission to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system...
MAL-2026-3 Malicious code in rules-deployer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 849a58d27ed0090633a72330c705b5849146aa1493961574c6a11dc758e28e34 The package rules-deployer was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in rules-deployer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 849a58d27ed0090633a72330c705b5849146aa1493961574c6a11dc758e28e34 The package rules-deployer was found to contain malicious code. Source: ossf-package-analysis...
EUVD-2026-0021
Malicious code in rules-deployer npm...
Impact of Domain name or Hostname Change on Veeam Appliances
Challenge After changing the FQDN of a Veeam Appliance--either by adding it to a domain or changing its hostname--some operations may be impacted. Solution SAML Authentication May Stop Working After the host name of the Veeam Software Appliance is changed, the Service Provider SP information will...
Exploit for Deserialization of Untrusted Data in Google Android
Project Documentation Official QQ Group: 745307987 Although P...
EUVD-2014-6076
Malware in sbrugna...
EUVD-2022-6360
Malicious code in bioql PyPI...
EUVD-2022-3569
Malicious code in bioql PyPI...