Lucene search
K

95 matches found

Chainguard
Chainguard
added 2026/06/26 8:22 p.m.7 views

GHSA-RM3J-F69W-WQMQ vulnerabilities

Vulnerabilities for packages: packer-fips, crossplane-provider-aws-networkmanager, crossplane-provider-aws-organizations, crossplane-provider-azure-signalrservice, spire-server, crossplane-provider-aws-elasticache-fips, grype-db, pulumi-kubernetes-operator, tflint, crossplane-provider-aws-route53...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.14 views

GHSA-Q4H4-GMJ2-QVW2 vulnerabilities

Vulnerabilities for packages: packer-fips, crossplane-provider-aws-networkmanager, crossplane-provider-aws-organizations, crossplane-provider-azure-signalrservice, spire-server, crossplane-provider-aws-elasticache-fips, grype-db, pulumi-kubernetes-operator, tflint, crossplane-provider-aws-route53...

6.1AI score
Exploits0
Patchstack
Patchstack
added 2026/06/24 1:41 p.m.6 views

WordPress Kargo Takip plugin <= 1.2 - Unauthenticated Server-Side Request Forgery vulnerability

Unauthenticated Server-Side Request Forgery vulnerability discovered by Eason - The University of Sydney in WordPress Plugin Kargo Takip versions = 1.2...

7.2CVSS5.8AI score0.0029EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/24 7:16 a.m.10 views

CVE-2026-12095

The Kargo Takip plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2 via the 'apiurl' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be...

7.2CVSS0.0029EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 5:33 a.m.10 views

CVE-2026-12095

The CVE-2026-12095 entry concerns the WordPress plugin Kargo Takip (versions up to 1.2). It describes an unauthenticated Server-Side Request Forgery (SSRF) via the api_url parameter, enabling an attacker to cause the application to make web requests to arbitrary locations from within the web app....

7.2CVSS6AI score0.0029EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.34 views

CVE-2026-12095 Kargo Takip <= 1.2 - Unauthenticated Server-Side Request Forgery via 'api_url' Parameter

The Kargo Takip plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2 via the 'apiurl' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be...

7.2CVSS0.0029EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/24 5:33 a.m.6 views

CVE-2026-12095

The Kargo Takip plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2 via the 'apiurl' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be...

7.2CVSS6AI score0.0029EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/24 5:33 a.m.8 views

EUVD-2026-38670

The Kargo Takip plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2 via the 'apiurl' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be...

7.2CVSS6AI score0.0029EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51672

Name of the Vulnerable Software and Affected Versions Kargo Takip versions prior to 1.3 Description The Kargo Takip plugin for WordPress contains a Server-Side Request Forgery SSRF issue. This allows unauthenticated attackers to initiate web requests to arbitrary locations from the web applicatio...

7.2CVSS5.9AI score0.0029EPSS
Exploits0References11
Wolfi
Wolfi
added 2026/06/05 7:48 a.m.19 views

GHSA-VVGJ-X9JQ-8CJ9 vulnerabilities

Vulnerabilities for packages: kyverno-policy-reporter-ui, traefik, ipfs-cluster, prometheus-blackbox-exporter, dkron, spegel, kube-metrics-adapter, frp, k3s, kargo, opentelemetry-operator, q, jitsucom-bulker, kubo, teleport, kyverno-policy-reporter, k8sgateway, coredns, kubernetes-dns-node-cache...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/05 7:48 a.m.17 views

CVE-2026-40898 vulnerabilities

Vulnerabilities for packages: kyverno-policy-reporter-ui, traefik, ipfs-cluster, prometheus-blackbox-exporter, dkron, spegel, kube-metrics-adapter, frp, k3s, kargo, opentelemetry-operator, q, jitsucom-bulker, kubo, teleport, kyverno-policy-reporter, k8sgateway, coredns, kubernetes-dns-node-cache...

7.5CVSS6.1AI score0.00279EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/12 8:21 p.m.11 views

CVE-2026-42350

Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo query parameter. This issue has been patched in versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2...

5.1CVSS5.7AI score0.00239EPSS
Exploits0References1
Wolfi
Wolfi
added 2026/05/12 7:48 a.m.16 views

GHSA-389R-GV7P-R3RP vulnerabilities

Vulnerabilities for packages: snyk-cli, pulumi-language-yaml, trufflehog, crossplane, rancher-fleet, terragrunt, kubescape, xeol, flux-source-controller, flux-image-automation-controller, nuclei, gomplate, wolfictl, gitaly, scorecard, apko, external-secrets-operator, grafana, grafana-alloy,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/05/12 7:19 a.m.35 views

CVE-2026-45022 vulnerabilities

Vulnerabilities for packages: kubevela, packer-fips, src-fingerprint, tfsec, zarf-fips, xeol, osv-scanner, k9s-fips, argocd-image-updater, grype-db, pulumi-kubernetes-operator, trivy-fips, argo-events, apko, melange, cloudbeat, amazon-ssm-agent, external-secrets-operator, nuclei, trufflehog-fips,...

7.5CVSS6.1AI score0.00159EPSS
Exploits0
NVD
NVD
added 2026/05/08 11:16 p.m.15 views

CVE-2026-42350

Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo query parameter. This issue has been patched in versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2...

5.1CVSS0.00239EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/08 10:35 p.m.11 views

EUVD-2026-28857

Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo query parameter. This issue has been patched in versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2...

5.1CVSS5.7AI score0.00239EPSS
Exploits0References1
CVE
CVE
added 2026/05/08 10:35 p.m.22 views

CVE-2026-42350

Kargo Open Redirect in UI OIDC Login Flow (CVE-2026-42350). Affected versions: prior to 1.7.10, 1.8.13, 1.9.8, and 1.10.2. Root cause: open redirect via the redirectTo query parameter in the UI OIDC login flow. Impact: describes an open redirect vulnerability with potential to redirect users to e...

5.1CVSS5.7AI score0.00239EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/08 10:35 p.m.8 views

CVE-2026-42350

Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo query parameter. This issue has been patched in versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2...

5.1CVSS5.7AI score0.00239EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/08 10:35 p.m.10 views

CVE-2026-42350 Kargo: Open Redirect in UI OIDC Login Flow via redirectTo Query Parameter

Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo query parameter. This issue has been patched in versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2...

5.1CVSS5.7AI score0.00239EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/08 10:35 p.m.34 views

CVE-2026-42350 Kargo: Open Redirect in UI OIDC Login Flow via redirectTo Query Parameter

Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo query parameter. This issue has been patched in versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2...

5.1CVSS0.00239EPSS
Exploits0References1
Rows per page
Query Builder