Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

350 matches found

Cvelist
Cvelistadded 2024/03/13 8:50 p.m.25 views

CVE-2023-50726 Users with `create` but not `override` privileges can perform local sync in argo-cd

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it...

6.4CVSS6.6AI score0.00024EPSS
Exploits0References3
OSV
OSVadded 2024/03/13 8:50 p.m.20 views

CVE-2023-50726 Users with `create` but not `override` privileges can perform local sync in argo-cd

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it...

6.4CVSS6.4AI score0.00024EPSS
Exploits0References5
Cvelist
Cvelistadded 2024/03/13 8:48 p.m.23 views

CVE-2024-28175 Cross-site scripting on application summary component in argo-cd

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Due to the improper URL protocols filtering of links specified in the link.argocd.argoproj.io annotations in the application summary component, an attacker can achieve cross-site scripting with elevated permissions. All...

9CVSS8.6AI score0.00476EPSS
Exploits0References2
OSV
OSVadded 2024/03/13 8:48 p.m.15 views

CVE-2024-28175 Cross-site scripting on application summary component in argo-cd

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Due to the improper URL protocols filtering of links specified in the link.argocd.argoproj.io annotations in the application summary component, an attacker can achieve cross-site scripting with elevated permissions. All...

9CVSS8.2AI score0.00476EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2024/03/13 8:48 p.m.14 views

CVE-2024-28175 Cross-site scripting on application summary component in argo-cd

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Due to the improper URL protocols filtering of links specified in the link.argocd.argoproj.io annotations in the application summary component, an attacker can achieve cross-site scripting with elevated permissions. All...

9CVSS5.8AI score0.00476EPSS
Exploits0References2
CVE
CVEadded 2024/03/13 8:48 p.m.324 views

CVE-2024-28175

CVE-2024-28175 – Argo CD XSS vulnerability. Due to improper URL protocol filtering in the application summary component’s link annotations (link.argocd.argoproj.io), an attacker can inject a javascript: link and trigger cross-site scripting with elevated permissions when a victim clicks it. The i...

9CVSS8.4AI score0.00476EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2024/03/06 10:51 a.m.15 views

BIT-ARGO-CD-2023-25163

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v2.6.0-rc1 have an output sanitization bug which leaks repository access credentials in error messages. These error messages are visible to the user, and they are logged. The error...

6.5CVSS6.5AI score0.00121EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2024/02/05 8:41 p.m.34 views

Critical: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps 1.10.2 security update

An update is now available for Red Hat OpenShift GitOps v1.10.2. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

9.8CVSS6.7AI score0.04027EPSS
Exploits1References5
RedHat Linux
RedHat Linuxadded 2024/02/05 8:30 p.m.42 views

Critical: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.9.4 security update

An update is now available for Red Hat OpenShift GitOps v1.9.4. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

9.8CVSS6.6AI score0.04027EPSS
Exploits1References4
RedHat Linux
RedHat Linuxadded 2024/02/05 8:19 p.m.36 views

Critical: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps 1.11.1 security update

An update is now available for Red Hat OpenShift GitOps v1.11. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

8.3CVSS7.3AI score0.00064EPSS
Exploits1References3
OSV
OSVadded 2024/01/19 12:25 a.m.19 views

CVE-2024-22424 Cross-Site Request Forgery (CSRF) in github.com/argoproj/argo-cd

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15 are vulnerable to a cross-server request forgery CSRF attack when the attacker has the ability to write HTML to a page on the same parent domain as Argo C...

8.3CVSS8AI score0.00064EPSS
Exploits1References5
CVE
CVEadded 2024/01/19 12:25 a.m.403 views

CVE-2024-22424

CVE-2024-22424 affects Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15 (and related 2.7.16 per some advisories). The root cause is failure to validate that requests carry the correct content type, allowing bypass of browser CORS preflight checks and enabling CSRF via cross-origin...

8.3CVSS8.1AI score0.00064EPSS
Exploits1References3Affected Software2
CNNVD
CNNVDadded 2024/01/19 12:0 a.m.3 views

ArgoCD Security Vulnerabilities

ArgoCD is a software application. A declarative GitOps continuous delivery tool for Kubernetes. It continuously monitors running applications and compares the current live state with the desired target state e.g., configuration in a Git repository, automatically synchronizing and deploying...

8.3CVSS6.7AI score0.00064EPSS
Exploits1References5
RedHat Linux
RedHat Linuxadded 2023/11/20 8:34 a.m.62 views

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.9.3 security update

An update is now available for Red Hat OpenShift GitOps 1.9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...

7.5CVSS7AI score0.944EPSS
Exploits19References5
RedHat Linux
RedHat Linuxadded 2023/11/20 7:53 a.m.40 views

Important: Red Hat Security Advisory: openshift-gitops-kam security update

An update for openshift-gitops-kam is now available for Red Hat OpenShift GitOps 1.9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS7AI score0.944EPSS
Exploits19References4
RedHat Linux
RedHat Linuxadded 2023/11/08 2:5 a.m.52 views

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...

7.5CVSS7.1AI score0.944EPSS
Exploits19References4
RedHat Linux
RedHat Linuxadded 2023/11/08 1:10 a.m.38 views

Important: Red Hat Security Advisory: openshift-gitops-kam security update

An update for openshift-gitops-kam is now available for Red Hat OpenShift GitOps 1.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS7.1AI score0.944EPSS
Exploits19References4
RedHat Linux
RedHat Linuxadded 2023/11/01 2:8 p.m.45 views

Important: Red Hat Security Advisory: openshift-gitops-kam security update

An update for openshift-gitops-kam is now available for Red Hat OpenShift GitOps 1.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS7.1AI score0.944EPSS
Exploits19References2
RedHat Linux
RedHat Linuxadded 2023/10/31 6:22 p.m.48 views

Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.10.1 security update

An update is now available for Red Hat OpenShift GitOps 1.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

7.5CVSS7.1AI score0.944EPSS
Exploits19References3
CNVD
CNVDadded 2023/10/07 12:0 a.m.7 views

emlog pro /content/templates/arbitrary file upload vulnerability

emlog is a lightweight blog and CMS builder based on PHP and MySQL. An arbitrary file upload vulnerability exists in emlog pro /content/templates/, which can be exploited by a remote attacker to submit a special request that can be used to upload a malicious file to execute arbitrary code in the...

9.8CVSS9.8AI score0.00443EPSS
Exploits1References1
Rows per page
Query Builder