Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the logging process. An attacker can obtain sensitive artifact repository credentials by accessing workflow pod logs. This is only exploitable if the attacker has Kubernetes RBAC permissions to...

GHSA-8FJ7-8H3W-XWFM vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-cloudfront, cilium-cli, mattermost, crossplane-provider-aws-iam, harbor, opa-envoy, chezmoi, k3s, datadog-agent, caddy, pulumi, gitlab-pages, crossplane-provider-aws-sns, gitlab-runner, cluster-api-azure-controller, kubo, external-dns,...

CVE-2025-66623 Strimzi allows unrestricted access to all Secrets in the same Kubernetes namespace from Kafka Connect and MirrorMaker 2 operands

Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. From 0.47.0 and prior to 0.49.1, in some situations, Strimzi creates an incorrect Kubernetes Role which grants the Apache Kafka Connect and Apache Kafka MirrorMaker 2 operands th...

EUVD-2023-1718

Malicious code in bioql PyPI...

EUVD-2025-16305

Malicious code in bioql PyPI...

CVE-2025-5198

A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting XSS if the script code is included in a small subset of table cells. The only known potential exploit is if the script is included in the name of a Kubernetes “Role” object that is applied to a secured cluster. This obje...

CVE-2025-5198

A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting XSS if the script code is included in a small subset of table cells. The only known potential exploit is if the script is included in the name of a Kubernetes “Role” object that is applied to a secured cluster. This obje...

CVE-2025-5198 Stackrox: xss in stackrox

A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting XSS if the script code is included in a small subset of table cells. The only known potential exploit is if the script is included in the name of a Kubernetes “Role” object that is applied to a secured cluster. This obje...

CVE-2025-5198 Stackrox: xss in stackrox

A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting XSS if the script code is included in a small subset of table cells. The only known potential exploit is if the script is included in the name of a Kubernetes “Role” object that is applied to a secured cluster. This obje...

CVE-2025-5198

CVE-2025-5198 describes a Cross-site Scripting (XSS) flaw in Stackrox where the vulnerability can be triggered if script code is placed in a small subset of table cells, specifically when contained in the name of a Kubernetes “Role” object applied to a secured cluster. The exploit would require c...

PT-2025-23036 · Stackrox · Stackrox

Name of the Vulnerable Software and Affected Versions: Stackrox affected versions not specified Description: A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting XSS if the script code is included in a small subset of table cells. The only known potential exploit is if the...

StackRox Kubernetes Security Platform 跨站脚本漏洞

StackRox Kubernetes Security Platform is an open source security platform from StackRox. A cross-site scripting vulnerability exists in StackRox Kubernetes Security Platform that stems from a possible cross-site scripting attack via Kubernetes Role...