278 matches found
KubePi JwtSigKey - Admin Authentication Bypass
KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Furthermor...
GHSA-FF52-PH69-CF7X vulnerabilities
Vulnerabilities for packages: kyverno-policy-reporter-ui-fips, actions-runner-controller-fips, gh, dbmate-fips, crossplane-provider-aws-appstream-fips, ko-fips, crossplane-provider-aws-neptune, kong-ingress-controller-fips, grype-fips, cert-manager-openshift-routes-fips,...
GHSA-FF52-PH69-CF7X vulnerabilities
Vulnerabilities for packages: victoriametrics, pgpool2exporter, kubelet-csr-approver, mountpoint-s3-csi-driver, kubevela, spicedb, local-static-provisioner, sealed-secrets, q, blob-csi, dive, cloudnative-pg, infinispan-operator, prometheus-operator, amass, kube-vip, azuredisk-csi, delve,...
GHSA-8XWF-RJM4-XVHV vulnerabilities
Vulnerabilities for packages: kube-mgmt-fips, kots, helm-operator-fips, argo-cd-fips, falcoctl, tw, ocm-cli, tigera-operator, cert-manager-cmctl-fips, opentofu, rancher-helm, redpanda-operator, kyverno-notation-aws, helm-operator, zarf-fips, kyverno-fips, k9s-fips, kyverno-notation-aws-fips,...
GHSA-XF85-363P-868W vulnerabilities
Vulnerabilities for packages: kube-mgmt-fips, kots, helm-operator-fips, argo-cd-fips, falcoctl, tw, ocm-cli, tigera-operator, cert-manager-cmctl-fips, harvester-fips, opentofu, rancher-helm, redpanda-operator, kyverno-notation-aws, helm-operator, zarf-fips, kyverno-fips, k9s-fips,...
CVE-2026-50162 vulnerabilities
Vulnerabilities for packages: kube-mgmt-fips, kots, helm-operator-fips, argo-cd-fips, falcoctl, tw, ocm-cli, tigera-operator, cert-manager-cmctl-fips, opentofu, rancher-helm, redpanda-operator, kyverno-notation-aws, helm-operator, zarf-fips, kyverno-fips, k9s-fips, kyverno-notation-aws-fips,...
GHSA-VH4V-2XQ2-G5CG vulnerabilities
Vulnerabilities for packages: kube-mgmt-fips, kots, helm-operator-fips, argo-cd-fips, falcoctl, tw, ocm-cli, tigera-operator, cert-manager-cmctl-fips, opentofu, rancher-helm, redpanda-operator, kyverno-notation-aws, helm-operator, zarf-fips, kyverno-fips, k9s-fips, kyverno-notation-aws-fips,...
GHSA-JXPM-75MH-9FP7 vulnerabilities
Vulnerabilities for packages: kube-mgmt-fips, kots, helm-operator-fips, argo-cd-fips, falcoctl, tw, ocm-cli, tigera-operator, cert-manager-cmctl-fips, opentofu, rancher-helm, redpanda-operator, kyverno-notation-aws, helm-operator, zarf-fips, kyverno-fips, k9s-fips, kyverno-notation-aws-fips,...
CVE-2026-50151 vulnerabilities
Vulnerabilities for packages: kube-mgmt-fips, kots, helm-operator-fips, argo-cd-fips, falcoctl, tw, ocm-cli, tigera-operator, cert-manager-cmctl-fips, opentofu, rancher-helm, redpanda-operator, kyverno-notation-aws, helm-operator, zarf-fips, kyverno-fips, k9s-fips, kyverno-notation-aws-fips,...
Ingress-Nginx Controller - Remote Code Execution
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. Note...
GHSA-XJVP-4FHW-GC47 vulnerabilities
Vulnerabilities for packages: podman, buildah, cadvisor-fips, k8s-device-plugin, buildah-fips, node-feature-discovery-fips, sriov-network-device-plugin, podman-fips, prometheus-podman-exporter-fips, node-feature-discovery, sriov-network-device-plugin-fips, prometheus-podman-exporter,...
GHSA-XJVP-4FHW-GC47 vulnerabilities
Vulnerabilities for packages: rancher-agent, buildah, sriov-network-device-plugin, nvidia-container-toolkit, rancher, k8s-device-plugin, podman, cadvisor, node-feature-discovery...
CVE-2026-41178 vulnerabilities
Vulnerabilities for packages: external-secrets-operator-fips, kube-mgmt-fips, crossplane-provider-azure-synapse, helm-operator-fips, falcoctl, kserve, spire-server, kong-ingress-controller-fips, grype-fips, crossplane-provider-azure-powerbidedicated, cert-manager-openshift-routes-fips, opentofu,...
GHSA-FQW6-GF59-QR4W vulnerabilities
Vulnerabilities for packages: containerd, docker-compose, spegel, grype, envoy-gateway, xeol, k3s, eksctl, linkerd2, zarf, kubescape, gatekeeper, tw, zot, helm, syft, helm-push, trivy-operator, k8ssandra-client, gogatekeeper, wolfictl, manifest-tool, kubevela, docker-cli-buildx, tigera-operator,...
CVE-2026-46680 vulnerabilities
Vulnerabilities for packages: containerd, docker-compose, spegel, grype, envoy-gateway, xeol, k3s, eksctl, linkerd2, zarf, kubescape, gatekeeper, tw, zot, helm, syft, helm-push, trivy-operator, k8ssandra-client, gogatekeeper, wolfictl, manifest-tool, kubevela, docker-cli-buildx, tigera-operator,...
CVE-2026-46680 vulnerabilities
Vulnerabilities for packages: kube-mgmt-fips, kots, helm-operator-fips, tw, tigera-operator, datadog-agent, syft-fips, grype-fips, newrelic-infrastructure-agent-fips, dagger, eks-node-monitoring-agent, newrelic-infrastructure-agent, rancher-helm, redpanda-operator, packer-fips, gitlab-rails-ce,...
org.open-metadata:openmetadata-dist (>=0.12.1 <=DEMO_BETA1), org.open-metadata:openmetadata-k8s-operator (>=1.12.0 <=1.12.10) +2 more potentially affected by CVE-2026-46481 via org.open-metadata:openmetadata-service (>=DEMO_BETA1 <=1.12.3)
org.open-metadata:openmetadata-service MAVEN version =DEMOBETA1, =0.12.1, =1.12.0, =1.10.0, =1.12.10 - org.open-metadata:openmetadata-ui =0.12.1.preview Source cves: CVE-2026-46481 Source advisory: OSV:GHSA-9VMH-WHC4-7PHG...
CLEANSTART-2026-CR27895 Security fixes for CVE-2026-42304, CVE-2026-44307, ghsa-2h4p-vjrc-8xpq, ghsa-grgv-6hw6-v9g4 applied in versions: 4.3.5-r0
Multiple security vulnerabilities affect the jupyterhub-k8s-hub package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-UV23635 Security fixes for CVE-2026-44431, CVE-2026-44432 applied in versions: 4.3.3-r0
Multiple security vulnerabilities affect the jupyterhub-k8s-hub package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-VU08393 Security fixes for CVE-2025-0913, CVE-2025-4673, CVE-2025-47907, CVE-2025-47911, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-58190, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-61732, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501 applied in versions: 2.6.1-r0, 2.6.1-r1, 2.6.1-r7, 2.6.1-r8, 2.6.1-r9
Multiple security vulnerabilities affect the opensearch-k8s-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...