761 matches found
CVE-2026-49838 vulnerabilities
Vulnerabilities for packages: cilium-cli, kube-vip...
GHSA-FRRJ-87JH-2772 vulnerabilities
Vulnerabilities for packages: cilium-cli, kube-vip...
GHSA-FRRJ-87JH-2772 vulnerabilities
Vulnerabilities for packages: kube-vip-fips, kube-vip, cilium-cli...
CVE-2026-49838 vulnerabilities
Vulnerabilities for packages: kube-vip-fips, kube-vip, cilium-cli...
Kubelet: CRI-O: kube-apiserver: Kubelet, CRI-O, kube-apiserver: Denial of Service via SPDY streaming code
A flaw was found in the SPDY streaming code used by Kubelet, CRI-O, and kube-apiserver. An attacker with specific cluster roles, such as those allowing access to pod port forwarding, execution, or attachment, or node proxying, could exploit this vulnerability. This could lead to a Denial of Servi...
CVE-2026-15063
A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing th...
CVE-2026-15063
The CVE-2026-15063 affects the gorch service in the trustyai-service-operator. The issue is that, even with authentication enabled, gorch exposes unproxied orchestrator and detector metrics ports, reachable from any pod on the cluster network. This bypasses kube-rbac-proxy authentication, enablin...
CVE-2026-15063 Trustyai-service-operator: trustyai service operator: gorch port bypass when auth is enabled
A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing th...
CVE-2026-15063
A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing th...
CVE-2026-44162 vulnerabilities
Vulnerabilities for packages: kube-logging-operator...
GHSA-XV9W-7V6Q-HPJH vulnerabilities
Vulnerabilities for packages: kube-logging-operator...
CVE-2026-44162 vulnerabilities
Vulnerabilities for packages: kube-logging-operator...
GHSA-XV9W-7V6Q-HPJH vulnerabilities
Vulnerabilities for packages: kube-logging-operator...
GHSA-XF85-363P-868W vulnerabilities
Vulnerabilities for packages: kubescape-operator-fips, argocd-image-updater-fips, eksctl, tw, helm-mapkubeapis, trivy-operator, helm-set-status, gogatekeeper, chaos-mesh-fips, envoy-gateway-fips, kubescape-server, kube-mgmt, kyverno, kubescape-operator, ocm-kubernetes-controller, consul-k8s,...
CVE-2026-48978 vulnerabilities
Vulnerabilities for packages: kubescape-operator-fips, argocd-image-updater-fips, eksctl, tw, helm-mapkubeapis, trivy-operator, helm-set-status, gogatekeeper, chaos-mesh-fips, envoy-gateway-fips, kubescape-server, kube-mgmt, kyverno, kubescape-operator, ocm-kubernetes-controller, consul-k8s,...
Malicious code in @marketfront/header (npm)
The @marketfront/header package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.20.27 security and extras update
Red Hat OpenShift Container Platform release 4.20.27 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.20. Red Hat Product Security has rated this update as having a security impact of...
CVE-2026-30405 vulnerabilities
Vulnerabilities for packages: kube-vip-fips, kube-vip, cilium-cli...
GHSA-4P9M-8GC4-RW2H vulnerabilities
Vulnerabilities for packages: kube-vip-fips, kube-vip, cilium-cli...
GHSA-45GG-VH54-H5M9 vulnerabilities
Vulnerabilities for packages: mattermost-fips, telegraf, argocd-image-updater-fips, seaweedfs-rocksdb, coder, docker-machine-driver-harvester, mattermost, zitadel, prometheus, frankenphp-8.5, trivy-operator, elastic-agent-fips, cert-manager, argo-workflows-fips, coder-fips, prometheus-fips, harbo...