CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/06/17 4:55 a.m.•8 views

MAL-2026-6015 Malicious code in @mastra/deployer (npm)

5.4AI score

Veracode•added 2026/05/16 5:31 a.m.•14 views

Improper Authorization

Fleet is vulnerable to Improper Authorization. The vulnerability is due to incomplete application of ServiceAccount impersonation in certain Helm deployer code paths, which allows an attacker with git push access to read secrets from arbitrary namespaces on downstream clusters...

9.9CVSS6AI score0.00379EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2026/05/14 8:21 a.m.•10 views

CVE-2026-41050

Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their GitRepo...

NVD•added 2026/05/13 8:16 a.m.•8 views

CVE-2026-41050

9.9CVSS0.00379EPSS

Vulnrichment•added 2026/05/13 8:4 a.m.•9 views

CVE-2026-41050 Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering

ATTACKERKB•added 2026/05/13 8:4 a.m.•9 views

CVE-2026-41050

Exploits0References3Affected Software1

CVE•added 2026/05/13 8:4 a.m.•23 views

CVE-2026-41050

CVE-2026-41050 describes a multi-tenant isolation failure in Fleet’s Helm deployer where ServiceAccount impersonation was not consistently applied in two code paths, causing the Helm template engine to run Kubernetes API queries and read Secret/ConfigMap references with the fleet-agent’s cluster-...

Cvelist•added 2026/05/13 8:4 a.m.•37 views

CVE-2026-41050 Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering

9.9CVSS0.00379EPSS

CNNVD•added 2026/05/13 12:0 a.m.•9 views

Fleet 安全漏洞

Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. There is a security vulnerability in Fleet, which stems...

OSSF Malicious Packages•added 2026/04/16 9:52 a.m.•5 views

Malicious code in deployer-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da11ad369455db7b2449adf6bc2da43741e5ae36ae35188889dab9cbd7f221b8 The package deployer-kit was found to contain malicious code...

5.7AI score

OSV•added 2026/04/16 9:52 a.m.•2 views

MAL-2026-2754 Malicious code in deployer-kit (npm)

5.7AI score

RedhatCVE•added 2026/01/07 9:31 a.m.•19 views

CVE-2019-16560

A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system...

8.8CVSS6.6AI score0.00691EPSS

RedhatCVE•added 2026/01/07 9:31 a.m.•5 views

CVE-2019-16559

A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers with Overall/Read permission to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system...

5.5CVSS6.6AI score0.00676EPSS

EUVD•added 2026/01/01 4:52 p.m.•5 views

EUVD-2026-0021

Malicious code in rules-deployer npm...

6.6AI score

OSSF Malicious Packages•added 2026/01/01 4:52 p.m.•7 views

Malicious code in rules-deployer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 849a58d27ed0090633a72330c705b5849146aa1493961574c6a11dc758e28e34 The package rules-deployer was found to contain malicious code. Source: ossf-package-analysis...

6.9AI score

OSV•added 2026/01/01 4:52 p.m.•6 views

MAL-2026-3 Malicious code in rules-deployer (npm)

6.8AI score