Lucene search
K

46 matches found

Chainguard
Chainguard
added 2026/06/26 8:22 p.m.4 views

GHSA-45GG-VH54-H5M9 vulnerabilities

Vulnerabilities for packages: mattermost, upwind-agent, chisel-fips, nemo, gitlab-rails-ce, kine, telegraf, kube-arangodb-fips, opentelemetry-collector, cloud-provider-aws, knative-serving-fips, zot, frankenphp-8.5, kubescape, kubescape-server-fips, frankenphp-8.4, minio-fips, opentofu-fips,...

6.1AI score
Exploits0
OSV
OSV
added 2026/06/08 3:6 p.m.25 views

CLEANSTART-2026-VX15911 Security fixes for CVE-2023-45288, CVE-2023-48795, CVE-2024-24786, CVE-2024-45337, CVE-2024-45338, CVE-2025-22868, CVE-2025-22869, CVE-2025-22870, CVE-2025-22872, CVE-2025-47911, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-58190, CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-27140, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32288, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39821, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39827, CVE-2026-39828, CVE-2026-39829, CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833, CVE-2026-39834, CVE-2026-39835, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, CVE-2026-42502, CVE-2026-42506, CVE-2026-42508, CVE-2026-46595, CVE-2026-46597, CVE-2026-46598 applied in versions: 2.10.1-r0, 2.10.1-r1, 2.10.1-r2

Multiple security vulnerabilities affect the kube-state-metrics package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS5.8AI score0.93305EPSS
Exploits11References111
OSV
OSV
added 2026/06/08 3:2 p.m.5 views

CLEANSTART-2026-XV65906 Security fixes for CVE-2023-45288, CVE-2023-48795, CVE-2024-24786, CVE-2024-45337, CVE-2024-45338, CVE-2025-22868, CVE-2025-22869, CVE-2025-22870, CVE-2025-22872, CVE-2025-47911, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-58190, CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-27140, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32288, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39821, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39827, CVE-2026-39828, CVE-2026-39829, CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833, CVE-2026-39834, CVE-2026-39835, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, CVE-2026-42502, CVE-2026-42506, CVE-2026-42508, CVE-2026-46595, CVE-2026-46597, CVE-2026-46598 applied in versions: 2.10.1-r0, 2.10.1-r1, 2.10.1-r2

Multiple security vulnerabilities affect the kube-state-metrics package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS7.6AI score0.93305EPSS
Exploits11References111
OSV
OSV
added 2026/06/08 12:50 p.m.8 views

CLEANSTART-2026-JL47330 Security fixes for CVE-2025-22868, CVE-2025-47911, CVE-2025-47912, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-58183, CVE-2025-58185, CVE-2025-58186, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-58190, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-25681, CVE-2026-27136, CVE-2026-27139, CVE-2026-27142, CVE-2026-27145, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32288, CVE-2026-32289, CVE-2026-33186, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, CVE-2026-42502, CVE-2026-42507, CVE-2026-46598 applied in versions: 2.15.0-r0, 2.15.0-r1, 2.15.0-r2, 2.15.0-r3, 2.16.0-r3

Multiple security vulnerabilities affect the kube-state-metrics package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS6.6AI score0.01945EPSS
Exploits7References101
OSV
OSV
added 2026/04/10 12:56 a.m.9 views

CLEANSTART-2026-NG75665 During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions

Multiple security vulnerabilities affect the kube-state-metrics package. During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions. See references for individual vulnerability details...

9.8CVSS6.8AI score0.01945EPSS
Exploits7References59
OSV
OSV
added 2026/04/10 12:51 a.m.19 views

CLEANSTART-2026-BM53321 attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing

Multiple security vulnerabilities affect the kube-state-metrics package. An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. See references for individual vulnerability details...

9.8CVSS6.8AI score0.01945EPSS
Exploits7References61
OSV
OSV
added 2026/04/10 12:45 a.m.6 views

CLEANSTART-2026-QN98167 html

Multiple security vulnerabilities affect the kube-state-metrics package. The html. See references for individual vulnerability details...

9.8CVSS6.9AI score0.01557EPSS
Exploits4References38
Wolfi
Wolfi
added 2026/04/09 1:48 p.m.24 views

GHSA-HFVC-G4FC-PQHX vulnerabilities

Vulnerabilities for packages: secrets-store-csi-driver, cadvisor, sftpgo, harbor-cli, crossplane-provider-aws-iam, fluent-operator, aws-otel-collector, kuberay-operator, cluster-api-gcp-controller, external-dns, podinfo, crossplane-provider-azure-sql, grafana-alloy, cluster-autoscaler,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/04/09 1:48 p.m.16 views

CVE-2026-39883 vulnerabilities

Vulnerabilities for packages: secrets-store-csi-driver, cadvisor, sftpgo, harbor-cli, crossplane-provider-aws-iam, fluent-operator, aws-otel-collector, kuberay-operator, cluster-api-gcp-controller, external-dns, podinfo, crossplane-provider-azure-sql, grafana-alloy, cluster-autoscaler,...

8.8CVSS6.9AI score0.0022EPSS
Exploits1
Chainguard
Chainguard
added 2026/04/09 1:18 p.m.11 views

CVE-2026-39883 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-elbv2-fips, azcopy-fips, istio-fips, opencost-fips, tflint, tflint-fips, k6-fips, gotrue-fips, grafana-beyla, crossplane-provider-aws-ecr-fips, envoy-gateway, gitlab-pages-fips, crossplane-provider-aws-imagebuilder, kine, kaniko, coredns,...

8.8CVSS6.9AI score0.0022EPSS
Exploits1
Chainguard
Chainguard
added 2026/04/09 1:18 p.m.13 views

GHSA-HFVC-G4FC-PQHX vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-elbv2-fips, azcopy-fips, istio-fips, opencost-fips, tflint, tflint-fips, k6-fips, gotrue-fips, grafana-beyla, crossplane-provider-aws-ecr-fips, envoy-gateway, gitlab-pages-fips, crossplane-provider-aws-imagebuilder, kine, kaniko, coredns,...

6.1AI score
Exploits0
OSV
OSV
added 2026/04/07 12:44 a.m.6 views

CLEANSTART-2026-EJ93145 attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames

Multiple security vulnerabilities affect the kube-state-metrics package. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. See references for individual vulnerability details...

9.8CVSS7.2AI score0.91969EPSS
Exploits3References23
OSV
OSV
added 2026/04/01 9:34 a.m.6 views

CLEANSTART-2026-KK98885 Security fixes for CVE-2025-61732, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, ghsa-9h8m-3fm2-qjrq applied in versions: 2.18.0-r0

Multiple security vulnerabilities affect the kube-state-metrics package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS6.8AI score0.00765EPSS
Exploits1References14
OSV
OSV
added 2026/04/01 9:33 a.m.10 views

CLEANSTART-2026-RJ35552 Security fixes for CVE-2025-61727, CVE-2025-61729, CVE-2026-24051, ghsa-9h8m-3fm2-qjrq, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 2.17.0-r0, 2.17.0-r1, 2.18.0-r1

Multiple security vulnerabilities affect the kube-state-metrics-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

7.5CVSS7.2AI score0.00459EPSS
Exploits2References10
OSV
OSV
added 2026/01/30 3:3 p.m.8 views

CLEANSTART-2026-RJ88561 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the kube-state-metrics-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

9.8CVSS5.6AI score0.00459EPSS
Exploits2References9
OSV
OSV
added 2026/01/30 3:3 p.m.14 views

CLEANSTART-2026-VL83369 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the kube-state-metrics-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

9.8CVSS5.6AI score0.00459EPSS
Exploits2References9
OSV
OSV
added 2026/01/30 3:3 p.m.9 views

CLEANSTART-2026-LP38773 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the kube-state-metrics-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

9.8CVSS5.6AI score0.00459EPSS
Exploits2References7
OSV
OSV
added 2026/01/30 3:3 p.m.13 views

CLEANSTART-2026-PI00621 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the kube-state-metrics-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

9.8CVSS5.8AI score0.00459EPSS
Exploits2References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-3542

Malicious code in bioql PyPI...

6.5CVSS5.8AI score0.0178EPSS
Exploits1References8
Wolfi
Wolfi
added 2025/02/25 3:16 p.m.63 views

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: cadvisor, flannel-cni-plugin, lazygit, terraform, http-echo, clusterctl, hubble-ui, esbuild, kuberay-operator, logstash-exporter, external-dns, nri-f5, oras, aws-flb-kinesis, kubeadm-controlplane-controller, mongo-tools, timoni, task, kube-bench, nuclei,...

6.1AI score
Exploits0
Rows per page
Query Builder