Lucene search
K

22 matches found

Wolfi
Wolfi
added 2026/06/26 8:22 p.m.16 views

GHSA-RM3J-F69W-WQMQ vulnerabilities

Vulnerabilities for packages: snyk-cli, chisel, pulumi-language-yaml, terragrunt, crossplane-provider-aws-s3, ksops, crossplane-provider-aws-eks, crossplane-provider-aws-kms, gomplate, src, wolfictl, caddy, crossplane-provider-aws-lambda, crossplane-provider-aws-dynamodb, fulcio, docker-compose,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.8 views

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: snyk-cli, chisel, pulumi-language-yaml, terragrunt, ksops, gomplate, wolfictl, caddy, fulcio, vault-benchmark, telegraf, cosign, dagger, witness, podman, pulumi-language-java, helm, kots, step-issuer, prometheus, crossplane-provider-azure-authorization, gh,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/19 8:24 p.m.12 views

CVE-2026-41178 vulnerabilities

Vulnerabilities for packages: calico, gcp-compute-persistent-disk-csi-driver, snyk-cli, lazydocker, rancher-fleet, xeol, crossplane-provider-aws-s3, ksops, crossplane-provider-aws-eks, crossplane-provider-aws-kms, gomplate, wolfictl, distribution, caddy, thanos, crossplane-provider-aws-lambda,...

5.3CVSS6.1AI score0.00237EPSS
Exploits0
Wolfi
Wolfi
added 2026/06/19 8:24 p.m.21 views

GHSA-5WRP-CWCJ-Q835 vulnerabilities

Vulnerabilities for packages: calico, gcp-compute-persistent-disk-csi-driver, snyk-cli, lazydocker, rancher-fleet, xeol, crossplane-provider-aws-s3, ksops, crossplane-provider-aws-eks, crossplane-provider-aws-kms, gomplate, wolfictl, distribution, caddy, thanos, crossplane-provider-aws-lambda,...

6.1AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/04/14 11:25 p.m.8 views

SUSE CVE-2026-40109

Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any...

3.1CVSS5.8AI score0.00127EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/10 8:18 p.m.4 views

EUVD-2026-21150

Flux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggering...

3.1CVSS5.8AI score0.00127EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/10 8:18 p.m.5 views

Flux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggering

Impact The gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any valid Google-issued token, to authenticate against the Receiver webhook endpoint, triggering unauthorized Flux reconciliations...

3.1CVSS5.8AI score0.00127EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/10 8:18 p.m.2 views

GHSA-H9CX-XJG6-5V2W Flux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggering

Impact The gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any valid Google-issued token, to authenticate against the Receiver webhook endpoint, triggering unauthorized Flux reconciliations...

3.1CVSS5.8AI score0.00127EPSS
Exploits0References5
NVD
NVD
added 2026/04/09 9:16 p.m.4 views

CVE-2026-40109

Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any...

3.1CVSS0.00127EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/09 9:6 p.m.22 views

CVE-2026-40109 Flux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggering

Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any...

3.1CVSS0.00127EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/09 9:6 p.m.3 views

CVE-2026-40109 Flux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggering

Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any...

3.1CVSS5.8AI score0.00127EPSS
Exploits0References3
CVE
CVE
added 2026/04/09 9:6 p.m.11 views

CVE-2026-40109

CVE-2026-40109 affects Flux notification-controller (GitOps Toolkit) prior to version 1.8.3. The vulnerability lies in the gcr Receiver type not validating the email claim of Google OIDC tokens used for Pub/Sub push authentication, allowing any valid Google-issued token to authenticate against th...

3.1CVSS5.9AI score0.00127EPSS
Exploits0References3
Chainguard
Chainguard
added 2026/02/28 7:17 p.m.6 views

GHSA-9H8M-3FM2-QJRQ vulnerabilities

Vulnerabilities for packages: packer-fips, gcp-compute-persistent-disk-csi-driver-fips, eck-operator-fips, spire-server, k8s-agents-operator-fips, temporal-server-fips, ansible-operator-fips, containerd-fips, grype-db, grafana-pyroscope, pulumi-kubernetes-operator, tflint, trivy-fips, cloudprober...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2025/02/25 3:16 p.m.18 views

GHSA-7WRW-R4P8-38RX vulnerabilities

Vulnerabilities for packages: gcp-compute-persistent-disk-csi-driver, configmap-reload, croc, nri-cassandra, mockery, distribution, k8ssandra-operator, openbao-k8s, thanos, velero-plugin-for-microsoft-azure, neuvector-dbgen, docker-compose, crossplane-provider-aws, cluster-autoscaler, wuzz, podma...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2024/05/08 4:15 p.m.35 views

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: prometheus-elasticsearch-exporter-fips, pulumi-kubernetes-operator, melange, timoni, crossplane-provider-aws, cortex, docker-credential-acr-env, gosu, secrets-store-csi-driver, govulncheck, http-echo, sonobuoy, q, git-lfs, ctop, capslock, multus-cni-fips, crane,...

5.9CVSS6.8AI score0.01001EPSS
Exploits0
Chainguard
Chainguard
added 2024/03/05 11:15 p.m.79 views

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: kube-fluentd-operator, prometheus-elasticsearch-exporter-fips, spire-server, temporal-server-fips, pulumi-kubernetes-operator, tflint, crossplane-provider-aws-route53, melange, kubeadm-controlplane-controller, weaviate, timoni, crossplane-provider-aws, cortex,...

7.5CVSS6.7AI score0.01262EPSS
Exploits0
Chainguard
Chainguard
added 2023/11/18 12:30 a.m.17 views

GHSA-3F2Q-6294-FMQ5 vulnerabilities

Vulnerabilities for packages: pulumi-kubernetes-operator, argo-workflows, snyk-cli, argo-events, task, argo-events-fips, flux-notification-controller, melange...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2023/11/18 12:15 a.m.591 views

CVE-2023-46402 vulnerabilities

Vulnerabilities for packages: snyk-cli, pulumi-kubernetes-operator, task, melange, flux-notification-controller, argo-workflows, argo-events...

7.5CVSS6.5AI score0.0085EPSS
Exploits1
Chainguard
Chainguard
added 2023/11/18 12:15 a.m.55 views

CVE-2023-46402 vulnerabilities

Vulnerabilities for packages: pulumi-kubernetes-operator, argo-workflows, snyk-cli, argo-events, task, argo-events-fips, flux-notification-controller, melange...

7.5CVSS6.5AI score0.0085EPSS
Exploits1
Wolfi
Wolfi
added 2023/10/25 9:17 p.m.179 views

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: scorecard, kubeflow, kubevela, kubescape, cortex, falco, dgraph, spark-operator, k3d, prometheus-blackbox-exporter, terraform-provider-sendgrid, aactl, src, slsa-verifier, up, buildkitd...

6.1AI score
Exploits0
Rows per page
Query Builder