Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

Wolfi
Wolfiadded 2026/04/11 2:51 a.m.6 views

GHSA-FV83-X2XW-2J55 vulnerabilities

Vulnerabilities for packages: gh, karpenter, local-path-provisioner, nova, oras, temporal, nodetaint, flux-notification-controller, supercronic, mountpoint-s3-csi-driver, osv-scanner, grafana-rollout-operator, polaris, aws-privateca-issuer, clickhouse-operator, victoriametrics,...

5.4AI score
Exploits0
OSV
OSVadded 2024/08/21 4:3 p.m.10 views

GO-2022-0960 Flux CLI Workload Injection in github.com/fluxcd/flux2

Flux CLI Workload Injection in github.com/fluxcd/flux2...

7.8CVSS7.7AI score0.00103EPSS
Exploits0References3
OSV
OSVadded 2024/08/21 3:11 p.m.8 views

GO-2022-0447 Improper path handling in kustomization files allows path traversal in github.com/fluxcd/flux2

Improper path handling in kustomization files allows path traversal in github.com/fluxcd/flux2...

9.9CVSS9AI score0.00617EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2024/05/15 5:9 p.m.28 views

source-controller leaks Azure Storage SAS token into logs

Impact When source-controller is configured to use an Azure SAS token when connecting to Azure Blob Storage, the token was logged along with the Azure URL when the controller encountered a connection error. An attacker with access to the source-controller logs could use the token to gain access t...

5.1CVSS6.5AI score0.00153EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2022/10/28 4:7 p.m.24 views

GO-2022-1071 Denial of service in flux controllers in github.com/fluxcd modules

Flux controllers are vulnerable to a denial of service attack. Users that have permissions to change Flux's objects, either through a Flux source or directly within a cluster, can provide invalid data to fields .spec.interval or .spec.timeout and structured variations of these fields, causing the...

5CVSS4.5AI score0.00328EPSS
Exploits0References8
Veracode
Veracodeadded 2022/10/25 6:53 a.m.25 views

Denial Of Service (DoS)

github.com/fluxcd is vulnerable to Denial of Service. The vulnerability exists due to the lack of data fields validation in the metav1.Duration parameter in multiple fluxcd repositories which allows an attacker to cause an application crash...

5CVSS5AI score0.00328EPSS
Exploits0References8Affected Software7
Veracode
Veracodeadded 2022/09/08 8:27 a.m.25 views

Denial Of Service (DoS)

github.com/fluxcd/helm-controller and github.com/fluxcd/flux2 are vulnerable to denial of service DoS attacks. A remote authenticated attacker is able to cause a system panic by supplying specific data inputs, resulting in denial of service conditions via high memory consumption...

7.7CVSS7AI score0.00568EPSS
Exploits0References9Affected Software2
Veracode
Veracodeadded 2022/09/01 4:39 a.m.15 views

Path Traversal

github.com/fluxcd/flux2 is vulnerable to path traversal. The vulnerability exists because the library does not properly handle the user-supplied input, allowing an attacker to access files outside the expected directory and replace the flux deployment information with arbitrary content...

7.8CVSS7.3AI score0.00103EPSS
Exploits0References4Affected Software1
Veracode
Veracodeadded 2022/05/09 8:0 a.m.17 views

Remote Code Execution (RCE)

github.com/fluxcd is vulnerable to remote code execution. The vulnerability exists due to a lack of validation of access and sanitization of flagging inputs which allows a malicious user to inject and execute arbitrary javascript code...

9.9CVSS3.8AI score0.00378EPSS
Exploits0References4Affected Software3
Rows per page
Query Builder