Lucene search
K

4 matches found

Snyk
Snyk
added 2026/07/01 8:45 p.m.7 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the helm.repo process when the helmRepoURLRegex field is not set on a GitRepo resource. An attacker with git push access to a monitored repository can cause the system to forward Helm authentication...

5.3CVSS6.1AI score0.00386EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 11:4 p.m.10 views

MAL-2026-6423 Malicious code in leo-connector-elasticsearch (npm)

The leo-connector-elasticsearch npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...

6AI score
Exploits0References3
Veracode
Veracode
added 2025/03/20 10:32 a.m.10 views

Unauthorised Access

k8s.io/kubernetes is vulnerable to Unauthorized Access. The vulnerability is due to improper isolation of gitRepo volumes, which allows users with pod creation permissions to access git repositories from other pods on the same node...

6.5CVSS6.5AI score0.00516EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2020/09/17 12:0 a.m.5 views

PT-2020-14258 · Helm +2 · Helm +2

Name of the Vulnerable Software and Affected Versions: Helm versions prior to 2.16.11 Helm versions prior to 3.3.2 Description: A Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs...

8.5CVSS6AI score0.01517EPSS
Exploits1References42
Rows per page
Query Builder