Lucene search
K

7 matches found

OSV
OSV
added last week4 views

PYSEC-2026-1144 Apache Airflow CNCF Kubernetes provider, Apache Airflow: Kubernetes configuration file saved without encryption in the Metadata and logged as plain text in the Triggerer service

Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally, if used with an...

6.5CVSS6.5AI score0.00381EPSS
Exploits0References9
OSV
OSV
added 2026/05/28 6:30 p.m.2 views

GHSA-3M4Q-GGCJ-J6M4 Calico Inserts Sensitive Information into Log File

When calicoctl is invoked with --log-level=info or --log-level=debug, the client prints the full contents of its loaded connection-configuration struct to stderr in a single log line. The struct embeds every credential calicoctl uses to talk to the cluster — inline kubeconfig with bearer token,...

7.2CVSS5.8AI score0.00224EPSS
Exploits0References9
The Hacker News
The Hacker News
added 2026/05/08 11:0 a.m.17 views

Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise

A previously undocumented Linux implant codenamed Quasar Linux RAT QLNX is targeting developers' systems to establish a silent foothold as well as facilitate a broad range of post-compromise functionality, such as credential harvesting, keylogging, file manipulation, clipboard monitoring, and...

6.1AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/07 6:31 a.m.7 views

io.mosip.kernel:kernel-config-server (>=1.2.1-rc1 <=1.3.1-rc.1), org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=7.0.0 <=7.1.6.2) +5 more potentially affected by CVE-2026-41004 via org.springframework.cloud:spring-cloud-config-server (>=4.1.0 <=4.1.7)

org.springframework.cloud:spring-cloud-config-server MAVEN version =4.1.0, =1.2.1-rc1, =7.0.0, =7.0.0, =4.1.0, =3.1.0, =3.1.6 Source cves: CVE-2026-41004 Source advisory: OSV:GHSA-J6HH-H3CF-C2HF...

4.4CVSS5.4AI score0.00168EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/07 6:31 a.m.9 views

com.brihaspathee.artemis:config-server (>=0.0.1 <=1.0.2), com.brihaspathee.sapphire:config-server (>=1.0.0 <=1.0.7) +6 more potentially affected by CVE-2026-40982 via org.springframework.cloud:spring-cloud-config-server (>=4.2.0 <=4.2.4)

org.springframework.cloud:spring-cloud-config-server MAVEN version =4.2.0, =0.0.1, =1.0.0, =3.0.9, =0.1.41-Beta, =7.2.0, =7.2.0, =4.2.0, =3.2.0, =3.2.3 Source cves: CVE-2026-40982 Source advisory: OSV:GHSA-6G23-24MC-HX6X...

9.1CVSS5.8AI score0.00727EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/01/24 12:0 a.m.7 views

PT-2024-14253

Name of the Vulnerable Software and Affected Versions Airflow versions 5.2.0 through 6.x Airflow versions 2.3.0 through 2.6.0 Description The Airflow worker serializes a Kubernetes configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption wh...

6.5CVSS6.6AI score0.00381EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2020/04/24 12:0 a.m.3 views

PT-2020-12493 · Helm +1 · Helm +1

Name of the Vulnerable Software and Affected Versions: Helm versions 3.0.0 through 3.1.2 Description: There is an information disclosure issue in Helm. The lookup template function, introduced in Helm v3, can lookup resources in the cluster to check for the existence of specific resources and get...

8.5CVSS4.6AI score0.01517EPSS
Exploits1References22
Rows per page
Query Builder