Lucene search
K

46 matches found

Chainguard
Chainguard
added 2026/06/26 8:22 p.m.6 views

GHSA-45GG-VH54-H5M9 vulnerabilities

Vulnerabilities for packages: argocd-image-updater, kots, kubescape, helm, kaf, frankenphp-8.2, prometheus-mongodb-exporter, istio, trivy-operator-fips, cloud-provider-aws, commercial-grafana, kubernetes, osv-scanner, argo-workflows, calico-fips, gitlab-rails-ce-fips, traefik-fips, frankenphp-8.4...

6.1AI score
Exploits0
OSV
OSV
added 2026/06/08 3:6 p.m.25 views

CLEANSTART-2026-VX15911 Security fixes for CVE-2023-45288, CVE-2023-48795, CVE-2024-24786, CVE-2024-45337, CVE-2024-45338, CVE-2025-22868, CVE-2025-22869, CVE-2025-22870, CVE-2025-22872, CVE-2025-47911, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-58190, CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-27140, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32288, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39821, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39827, CVE-2026-39828, CVE-2026-39829, CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833, CVE-2026-39834, CVE-2026-39835, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, CVE-2026-42502, CVE-2026-42506, CVE-2026-42508, CVE-2026-46595, CVE-2026-46597, CVE-2026-46598 applied in versions: 2.10.1-r0, 2.10.1-r1, 2.10.1-r2

Multiple security vulnerabilities affect the kube-state-metrics package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS5.8AI score0.93305EPSS
Exploits11References111
OSV
OSV
added 2026/06/08 3:2 p.m.5 views

CLEANSTART-2026-XV65906 Security fixes for CVE-2023-45288, CVE-2023-48795, CVE-2024-24786, CVE-2024-45337, CVE-2024-45338, CVE-2025-22868, CVE-2025-22869, CVE-2025-22870, CVE-2025-22872, CVE-2025-47911, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-58190, CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-27140, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32288, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39821, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39827, CVE-2026-39828, CVE-2026-39829, CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833, CVE-2026-39834, CVE-2026-39835, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, CVE-2026-42502, CVE-2026-42506, CVE-2026-42508, CVE-2026-46595, CVE-2026-46597, CVE-2026-46598 applied in versions: 2.10.1-r0, 2.10.1-r1, 2.10.1-r2

Multiple security vulnerabilities affect the kube-state-metrics package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS7.6AI score0.93305EPSS
Exploits11References111
OSV
OSV
added 2026/06/08 12:50 p.m.8 views

CLEANSTART-2026-JL47330 Security fixes for CVE-2025-22868, CVE-2025-47911, CVE-2025-47912, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-58183, CVE-2025-58185, CVE-2025-58186, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-58190, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-25681, CVE-2026-27136, CVE-2026-27139, CVE-2026-27142, CVE-2026-27145, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32288, CVE-2026-32289, CVE-2026-33186, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, CVE-2026-42502, CVE-2026-42507, CVE-2026-46598 applied in versions: 2.15.0-r0, 2.15.0-r1, 2.15.0-r2, 2.15.0-r3, 2.16.0-r3

Multiple security vulnerabilities affect the kube-state-metrics package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS6.6AI score0.01945EPSS
Exploits7References101
OSV
OSV
added 2026/04/10 12:56 a.m.9 views

CLEANSTART-2026-NG75665 During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions

Multiple security vulnerabilities affect the kube-state-metrics package. During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions. See references for individual vulnerability details...

9.8CVSS6.8AI score0.01945EPSS
Exploits7References59
OSV
OSV
added 2026/04/10 12:51 a.m.19 views

CLEANSTART-2026-BM53321 attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing

Multiple security vulnerabilities affect the kube-state-metrics package. An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. See references for individual vulnerability details...

9.8CVSS6.8AI score0.01945EPSS
Exploits7References61
OSV
OSV
added 2026/04/10 12:45 a.m.6 views

CLEANSTART-2026-QN98167 html

Multiple security vulnerabilities affect the kube-state-metrics package. The html. See references for individual vulnerability details...

9.8CVSS6.9AI score0.01557EPSS
Exploits4References38
Wolfi
Wolfi
added 2026/04/09 1:48 p.m.49 views

GHSA-HFVC-G4FC-PQHX vulnerabilities

Vulnerabilities for packages: op-geth, external-dns, kubernetes-dns-node-cache, litestream, spicedb, pulumi-language-dotnet, kubernetes-csi-node-driver-registrar, kube-logging-operator, velero, cortex, witness, helm-operator, chartmuseum, hydra, crossplane-provider-aws-rds, vault-env,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/04/09 1:48 p.m.17 views

CVE-2026-39883 vulnerabilities

Vulnerabilities for packages: op-geth, external-dns, kubernetes-dns-node-cache, litestream, spicedb, pulumi-language-dotnet, kubernetes-csi-node-driver-registrar, kube-logging-operator, velero, cortex, witness, helm-operator, chartmuseum, hydra, crossplane-provider-aws-rds, vault-env,...

8.8CVSS6.9AI score0.0022EPSS
Exploits1
Chainguard
Chainguard
added 2026/04/09 1:18 p.m.11 views

CVE-2026-39883 vulnerabilities

Vulnerabilities for packages: k8s-agents-operator-fips, cluster-api-gcp-controller, kaniko, onepassword-operator, rekor, cluster-api-provider-vsphere, gitlab-kas-fips, percona-server-mongodb-operator, opentelemetry-operator-fips, jaeger-operator-fips, tkn, crossplane-provider-azure-resources,...

8.8CVSS6.9AI score0.0022EPSS
Exploits1
Chainguard
Chainguard
added 2026/04/09 1:18 p.m.13 views

GHSA-HFVC-G4FC-PQHX vulnerabilities

Vulnerabilities for packages: k8s-agents-operator-fips, cluster-api-gcp-controller, kaniko, onepassword-operator, rekor, cluster-api-provider-vsphere, gitlab-kas-fips, percona-server-mongodb-operator, opentelemetry-operator-fips, jaeger-operator-fips, tkn, crossplane-provider-azure-resources,...

6.1AI score
Exploits0
OSV
OSV
added 2026/04/07 12:44 a.m.6 views

CLEANSTART-2026-EJ93145 attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames

Multiple security vulnerabilities affect the kube-state-metrics package. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. See references for individual vulnerability details...

9.8CVSS7.2AI score0.91969EPSS
Exploits3References23
OSV
OSV
added 2026/04/01 9:34 a.m.6 views

CLEANSTART-2026-KK98885 Security fixes for CVE-2025-61732, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, ghsa-9h8m-3fm2-qjrq applied in versions: 2.18.0-r0

Multiple security vulnerabilities affect the kube-state-metrics package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS6.8AI score0.00765EPSS
Exploits1References14
OSV
OSV
added 2026/04/01 9:33 a.m.12 views

CLEANSTART-2026-RJ35552 Security fixes for CVE-2025-61727, CVE-2025-61729, CVE-2026-24051, ghsa-9h8m-3fm2-qjrq, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 2.17.0-r0, 2.17.0-r1, 2.18.0-r1

Multiple security vulnerabilities affect the kube-state-metrics-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

7.5CVSS7.2AI score0.00459EPSS
Exploits2References10
OSV
OSV
added 2026/01/30 3:3 p.m.8 views

CLEANSTART-2026-RJ88561 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the kube-state-metrics-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

9.8CVSS5.6AI score0.00459EPSS
Exploits2References9
OSV
OSV
added 2026/01/30 3:3 p.m.9 views

CLEANSTART-2026-LP38773 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the kube-state-metrics-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

9.8CVSS5.6AI score0.00459EPSS
Exploits2References7
OSV
OSV
added 2026/01/30 3:3 p.m.14 views

CLEANSTART-2026-VL83369 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the kube-state-metrics-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

9.8CVSS5.6AI score0.00459EPSS
Exploits2References9
OSV
OSV
added 2026/01/30 3:3 p.m.15 views

CLEANSTART-2026-PI00621 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the kube-state-metrics-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

9.8CVSS5.8AI score0.00459EPSS
Exploits2References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-3542

Malicious code in bioql PyPI...

6.5CVSS5.8AI score0.0178EPSS
Exploits1References8
Wolfi
Wolfi
added 2025/02/25 3:16 p.m.63 views

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: nri-couchbase, crossplane-provider-azure, fq, go-bindata, nri-f5, flux-image-automation-controller, external-dns, kubernetes-dns-node-cache, nri-elasticsearch, nri-rabbitmq, amass, kube-logging-operator, velero, cortex, nodetaint, q, pombump, helm-operator,...

6.1AI score
Exploits0
Rows per page
Query Builder