KubePi JwtSigKey - Admin Authentication Bypass

KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Furthermor...

GHSA-XJVP-4FHW-GC47 vulnerabilities

Vulnerabilities for packages: node-feature-discovery, node-feature-discovery-fips, sriov-network-device-plugin-fips, gpu-operator-fips, cadvisor, sriov-network-device-plugin, nvidia-container-toolkit, prometheus-podman-exporter, podman-fips, k8s-device-plugin, buildah-fips, rancher,...

GHSA-XJVP-4FHW-GC47 vulnerabilities

Vulnerabilities for packages: cadvisor, rancher, k8s-device-plugin, rancher-agent, sriov-network-device-plugin, node-feature-discovery, nvidia-container-toolkit...

CVE-2026-41178 vulnerabilities

Vulnerabilities for packages: chainctl-fips, drone-fips, google-cloud-otel-ops-collector, cadvisor-fips, gitlab-runner, aws-iam-authenticator-fips, azurefile-csi-fips, aws-ebs-csi-driver, chainctl, gitlab-operator-fips, kcp, ory-kratos, spicedb, flux-notification-controller, azurefile-csi,...

Ingress-Nginx Controller - Remote Code Execution

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. Note...

CVE-2026-46680 vulnerabilities

Vulnerabilities for packages: trivy, opa-envoy, helm-set-status, neuvector-scanner, docker, kube-arangodb, ctop, xeol, grype, k3s, syft, zot, zarf, linkerd2, manifest-tool, kargo, kubescape-operator, kubevela, gatekeeper, rancher-agent, k9s, rancher-helm, datadog-agent, helm-push, opa, consul-k8s...

GHSA-FQW6-GF59-QR4W vulnerabilities

Vulnerabilities for packages: trivy, opa-envoy, helm-set-status, neuvector-scanner, docker, kube-arangodb, ctop, xeol, grype, k3s, syft, zot, zarf, linkerd2, manifest-tool, kargo, kubescape-operator, kubevela, gatekeeper, rancher-agent, k9s, rancher-helm, datadog-agent, helm-push, opa, consul-k8s...

CVE-2026-46680 vulnerabilities

Vulnerabilities for packages: chainctl-fips, envoy-gateway-fips, kube-arangodb-fips, tigera-operator, chainctl, k8ssandra-client, grype, kube-mgmt, kargo, opa-envoy, helm-operator, kube-arangodb, osv-scanner, headlamp, skaffold-fips, kubescape-server-fips, docker-cli-buildx-fips,...

org.open-metadata:openmetadata-dist (>=0.12.1 <=DEMO_BETA1), org.open-metadata:openmetadata-k8s-operator (>=1.12.0 <=1.12.3) +2 more potentially affected by CVE-2026-46481 via org.open-metadata:openmetadata-service (>=DEMO_BETA1 <=1.12.3)

org.open-metadata:openmetadata-service MAVEN version =DEMOBETA1, =0.12.1, =1.12.0, =1.10.0, =1.12.3 - org.open-metadata:openmetadata-ui =0.12.1.preview Source cves: CVE-2026-46481 Source advisory: OSV:GHSA-9VMH-WHC4-7PHG...

CLEANSTART-2026-CR27895 Security fixes for CVE-2026-42304, CVE-2026-44307, ghsa-2h4p-vjrc-8xpq, ghsa-grgv-6hw6-v9g4 applied in versions: 4.3.5-r0

Multiple security vulnerabilities affect the jupyterhub-k8s-hub package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-UV23635 Security fixes for CVE-2026-44431, CVE-2026-44432 applied in versions: 4.3.3-r0

Multiple security vulnerabilities affect the jupyterhub-k8s-hub package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-VU08393 Security fixes for CVE-2025-0913, CVE-2025-4673, CVE-2025-47907, CVE-2025-47911, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-58190, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-61732, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501 applied in versions: 2.6.1-r0, 2.6.1-r1, 2.6.1-r7, 2.6.1-r8, 2.6.1-r9

Multiple security vulnerabilities affect the opensearch-k8s-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-41898 vulnerabilities

Vulnerabilities for packages: sqlx, deno, guestproxyagent, rustup, rpm-sequoia, sentry-cli, ztunnel-fips, rustls-openssl-client, sdp-k8s-injector, valkey-ldap, typst, bootc, komodo, sccache, vector...

GHSA-MH2Q-Q3FH-2475 vulnerabilities

Vulnerabilities for packages: gitlab-runner, argocd-image-updater, crossplane-provider-gitlab-fips, kyverno-policy-reporter-plugins-trivy-fips, rancher-machine, go-discover, gitlab-operator-fips, crossplane-provider-azure-portal, trident, crossplane-provider-aws-cloudtrail-fips,...

ai.h2o:h2o-admissibleml (>=3.34.0.1 <=3.46.0.1), ai.h2o:h2o-algos (>=3.0.0.5 <=3.46.0.1) +44 more potentially affected by CVE-2026-3960 via ai.h2o:h2o-core (>=3.0.0.12 <=3.46.0.1)

ai.h2o:h2o-core MAVEN version =3.0.0.12, =3.34.0.1, =3.0.0.5, =3.0.0.5, =3.12.0.1, =3.10.0.1, =3.14.0.7, =3.16.0.1, =3.14.0.1, =3.24.0.1, =3.30.1.1, =3.26.0.4, =3.10.5.1, =3.24.0.1, =3.30.0.1, =3.34.0.3, =3.46.0.1 and more Source cves: CVE-2026-3960 Source advisory: SNYK:JAVA-AIH2O-16417170...

GHSA-XMGF-HQ76-4VX2 vulnerabilities

Vulnerabilities for packages: sqlx, deno, guestproxyagent, rustup, rpm-sequoia, sentry-cli, ztunnel-fips, rustls-openssl-client, sdp-k8s-injector, valkey-ldap, typst, bootc, komodo, sccache, vector...

GHSA-HPPC-G8H3-XHP3 vulnerabilities

Vulnerabilities for packages: sqlx, deno, guestproxyagent, rustup, rpm-sequoia, sentry-cli, ztunnel-fips, rustls-openssl-client, sdp-k8s-injector, valkey-ldap, typst, bootc, komodo, sccache, vector...

GHSA-GHM9-CR32-G9QJ vulnerabilities

Vulnerabilities for packages: sqlx, deno, guestproxyagent, rustup, rpm-sequoia, sentry-cli, ztunnel-fips, rustls-openssl-client, sdp-k8s-injector, valkey-ldap, typst, bootc, komodo, sccache, vector...

GHSA-8C75-8MHR-P7R9 vulnerabilities

Vulnerabilities for packages: sqlx, deno, guestproxyagent, rustup, rpm-sequoia, sentry-cli, ztunnel-fips, rustls-openssl-client, sdp-k8s-injector, valkey-ldap, typst, bootc, komodo, sccache, vector...

CVE-2026-41678 vulnerabilities

Vulnerabilities for packages: sqlx, deno, guestproxyagent, rustup, rpm-sequoia, sentry-cli, ztunnel-fips, rustls-openssl-client, sdp-k8s-injector, valkey-ldap, typst, bootc, komodo, sccache, vector...