267 matches found
KubePi JwtSigKey - Admin Authentication Bypass
KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Furthermor...
Ingress-Nginx Controller - Remote Code Execution
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. Note...
CVE-2026-46680 vulnerabilities
Vulnerabilities for packages: docker-compose, kubescape, k8ssandra-client, xeol, datadog-agent, kargo, steampipe, zarf, docker-cli-buildx, kots, newrelic-infrastructure-agent, helm-mapkubeapis, rancher-agent, opa, opa-envoy, eksctl, scorecard, spegel, wolfictl, k9s, ctop, rancher, helm-push,...
GHSA-FQW6-GF59-QR4W vulnerabilities
Vulnerabilities for packages: docker-compose, kubescape, k8ssandra-client, xeol, datadog-agent, kargo, steampipe, zarf, docker-cli-buildx, kots, newrelic-infrastructure-agent, helm-mapkubeapis, rancher-agent, opa, opa-envoy, eksctl, scorecard, spegel, wolfictl, k9s, ctop, rancher, helm-push,...
CVE-2026-46680 vulnerabilities
Vulnerabilities for packages: scorecard, headlamp-fips, spegel, consul-k8s-fips, k3s, zarf-fips, helm-exporter, trivy, kube-arangodb-fips, cg, helm-operator, k9s, kargo, opa-envoy, tigera-operator-fips, kube-mgmt-fips, k8ssandra-client, helm, newrelic-infrastructure-agent-fips,...
CLEANSTART-2026-CR27895 Security fixes for CVE-2026-42304, CVE-2026-44307, ghsa-2h4p-vjrc-8xpq, ghsa-grgv-6hw6-v9g4 applied in versions: 4.3.5-r0
Multiple security vulnerabilities affect the jupyterhub-k8s-hub package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-UV23635 Security fixes for CVE-2026-44431, CVE-2026-44432 applied in versions: 4.3.3-r0
Multiple security vulnerabilities affect the jupyterhub-k8s-hub package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-VU08393 Security fixes for CVE-2025-0913, CVE-2025-4673, CVE-2025-47907, CVE-2025-47911, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-58190, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-61732, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501 applied in versions: 2.6.1-r0, 2.6.1-r1, 2.6.1-r7, 2.6.1-r8, 2.6.1-r9
Multiple security vulnerabilities affect the opensearch-k8s-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2026-41898 vulnerabilities
Vulnerabilities for packages: rustup, deno, valkey-ldap, ztunnel-fips, guestproxyagent, rpm-sequoia, sccache, sqlx, bootc, vector, sentry-cli, komodo, rustls-openssl-client, typst, sdp-k8s-injector...
GHSA-MH2Q-Q3FH-2475 vulnerabilities
Vulnerabilities for packages: thanos-receive-controller-fips, fleet-server-fips, consul-k8s-fips, crossplane-provider-sql-fips, dataplaneapi-fips, crossplane-provider-aws-secretsmanager, tetragon-fips, nerdctl-fips, step-issuer-fips, flux-image-reflector-controller-fips, kubevirt-cdi-uploadserver...
ai.h2o:h2o-admissibleml (>=3.34.0.1 <=3.46.0.1), ai.h2o:h2o-algos (>=3.0.0.5 <=3.46.0.1) +44 more potentially affected by CVE-2026-3960 via ai.h2o:h2o-core (>=3.0.0.12 <=3.46.0.1)
ai.h2o:h2o-core MAVEN version =3.0.0.12, =3.34.0.1, =3.0.0.5, =3.0.0.5, =3.12.0.1, =3.10.0.1, =3.14.0.7, =3.16.0.1, =3.14.0.1, =3.24.0.1, =3.30.1.1, =3.26.0.4, =3.10.5.1, =3.24.0.1, =3.30.0.1, =3.34.0.3, =3.46.0.1 and more Source cves: CVE-2026-3960 Source advisory: SNYK:JAVA-AIH2O-16417170...
CVE-2026-41678 vulnerabilities
Vulnerabilities for packages: rustup, deno, valkey-ldap, ztunnel-fips, guestproxyagent, rpm-sequoia, sccache, sqlx, bootc, vector, sentry-cli, komodo, rustls-openssl-client, typst, sdp-k8s-injector...
GHSA-XMGF-HQ76-4VX2 vulnerabilities
Vulnerabilities for packages: rustup, deno, valkey-ldap, ztunnel-fips, guestproxyagent, rpm-sequoia, sccache, sqlx, bootc, vector, sentry-cli, komodo, rustls-openssl-client, typst, sdp-k8s-injector...
CVE-2026-41681 vulnerabilities
Vulnerabilities for packages: rustup, deno, valkey-ldap, ztunnel-fips, guestproxyagent, rpm-sequoia, sccache, sqlx, bootc, vector, sentry-cli, komodo, rustls-openssl-client, typst, sdp-k8s-injector...
GHSA-HPPC-G8H3-XHP3 vulnerabilities
Vulnerabilities for packages: rustup, deno, valkey-ldap, ztunnel-fips, guestproxyagent, rpm-sequoia, sccache, sqlx, bootc, vector, sentry-cli, komodo, rustls-openssl-client, typst, sdp-k8s-injector...
CVE-2026-41676 vulnerabilities
Vulnerabilities for packages: rustup, deno, valkey-ldap, ztunnel-fips, guestproxyagent, rpm-sequoia, sccache, sqlx, bootc, vector, sentry-cli, komodo, rustls-openssl-client, typst, sdp-k8s-injector...
CVE-2026-41677 vulnerabilities
Vulnerabilities for packages: rustup, deno, valkey-ldap, ztunnel-fips, guestproxyagent, rpm-sequoia, sccache, sqlx, bootc, vector, sentry-cli, komodo, rustls-openssl-client, typst, sdp-k8s-injector...
GHSA-8C75-8MHR-P7R9 vulnerabilities
Vulnerabilities for packages: rustup, deno, valkey-ldap, ztunnel-fips, guestproxyagent, rpm-sequoia, sccache, sqlx, bootc, vector, sentry-cli, komodo, rustls-openssl-client, typst, sdp-k8s-injector...
GHSA-GHM9-CR32-G9QJ vulnerabilities
Vulnerabilities for packages: rustup, deno, valkey-ldap, ztunnel-fips, guestproxyagent, rpm-sequoia, sccache, sqlx, bootc, vector, sentry-cli, komodo, rustls-openssl-client, typst, sdp-k8s-injector...
GHSA-PC3F-X583-G7J2 vulnerabilities
Vulnerabilities for packages: kubescape, k8ssandra-client, datadog-agent, hubble, kargo, zarf, cilium-cli, docker-cli-buildx, kots, falcoctl, rancher-agent, k8sgpt-operator, dynamic-localpv-provisioner, argo-rollouts, eksctl, cluster-api, rancher-fleet, k9s, rancher, redis-operator, istio,...