15 matches found
Embedded Malicious Code
Overview kube-health-tools is a Lightweight Kubernetes node health diagnostics Affected versions of this package are vulnerable to Embedded Malicious Code that target Kubernetes environments by install a full LLM proxy service on the victim's machine, allowing the attacker to route LLM traffic...
CVE-2026-35205
A flaw was found in Helm, a package manager for Kubernetes. A remote attacker could exploit this vulnerability by providing a malicious plugin that lacks a provenance file. Even when signature verification is enabled, Helm would incorrectly install this unverified plugin, bypassing critical...
Exploit for CVE-2025-1974
Kubernetes Ingress-NGINX 인증되지 않은 원격 코드 실행CVE-2025-1974 Ingr...
GHSA-44F7-5FJ5-H4PX Ratify Azure authentication providers can leak authentication tokens to non-Azure container registries
Impact In a Kubernetes environment, Ratify can be configured to authenticate to a private Azure Container Registry ACR. The Azure workload identity and Azure managed identity authentication providers are configured in this setup. Users that configure a private ACR to be used with the Azure...
CVE-2025-27403 Ratify Azure authentication providers can leak authentication tokens to non-Azure container registries
Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment, Ratify can be configured to authenticate to a private Azu...
Deploy API Security On-Premises with New Imperva API Security Anywhere Self-Managed Option
API Security Anywhere Self-Managed Option Imperva continues to deliver solutions that help customers protect their applications and APIs, whether in the Cloud, on-premises, or in a hybrid environment. Imperva API Security includes a SaaS-based and an on-premises solution, both managed in the...
CVE-2022-34321
Improper Authentication vulnerability in Apache Pulsar Proxy allows an attacker to connect to the /proxy-stats endpoint without authentication. The vulnerable endpoint exposes detailed statistics about live connections, along with the capability to modify the logging level of proxied connections...
Prometheus API Information Gather
This module utilizes Prometheus' API calls to gather information about the server's configuration, and targets. Fields which may contain credentials, or credential file names are then pulled out and printed. Targets may have a wealth of information, this module will print the following values whe...
The vulnerability of the application deployment automation tool in Kubernetes ArgoCD, related to uncontrolled resource consumption, allows a malicious actor to trigger service failures.
The vulnerability of the application deployment automation tool in Kubernetes ArgoCD is related to an uncontrolled resource consumption. Exploiting this vulnerability allows a malicious actor to trigger service failures remotely...
CVE-2020-13327
An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner Configuration in Kubernetes Environments...
CVE-2020-13327
Removed by vendor...
Design/Logic Flaw
In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. This allows an attacker to gain full read & write access to the Conjur Postgres database, including escalating the attacker's...
CVE-2020-4062 Improper Access Control in Conjur OSS Helm Chart
In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. This allows an attacker to gain full read & write access to the Conjur Postgres database, including escalating the attacker's...
Choose the right ingress controller for your Kubernetes environment
Choosing the right ingress controller can help you ensure the right infrastructure, direction, and level of customization. Get the information about ingress controllers you need. The post Choose the right ingress controller for your Kubernetes environment appeared first on Wallarm Blog...
Choose the right ingress controller for your Kubernetes environment
Choosing the right ingress controller can help you ensure the right infrastructure, direction, and level of customization. Get the information about ingress controllers you need. The post Choose the right ingress controller for your Kubernetes environment appeared first on Wallarm Blog...