11 matches found
CLEANSTART-2026-NN42198 Security fixes for CVE-2024-35195, CVE-2024-47081, CVE-2025-8869, CVE-2026-1703, CVE-2026-25645, CVE-2026-3219, CVE-2026-44431, CVE-2026-44432, CVE-2026-45409, CVE-2026-48710, CVE-2026-6357, ghsa-58qw-9mgm-455v, ghsa-65pc-fj4g-8rjx, ghsa-jp4c-xjxw-mgf9, ghsa-mf9v-mfxr-j63j, ghsa-qccp-gfcp-xxvc applied in versions: 1.25.2-r0, 2.2.3-r0, 2.2.3-r1
Multiple security vulnerabilities affect the k8s-sidecar package. These issues are resolved in later releases. See references for individual vulnerability details...
PT-2026-46857
Impact Any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In a misconfigured deployment e.g., following the production Docker example in the README, this is exploitable from the local network without...
CVE-2026-23490 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-visualization-server, airflow, kubeflow-katib, open-webui, kubeflow-jupyter-web-app, k8s-sidecar, py3-cassandra-medusa, kserve, kubeflow-volumes-web-app, mlflow, kubeflow-pipelines, dask-kubernetes, superset...
GHSA-63VM-454H-VHHQ vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-visualization-server, airflow, kubeflow-katib, open-webui, kubeflow-jupyter-web-app, k8s-sidecar, py3-cassandra-medusa, kserve, kubeflow-volumes-web-app, mlflow, kubeflow-pipelines, dask-kubernetes, superset...
CVE-2026-23490 vulnerabilities
Vulnerabilities for packages: kserve, ansible-operator, kubeflow-katib, localstack, spamcheck, pgadmin4, airflow, kubeflow-pipelines-visualization-server, litellm, k8s-sidecar, authentik, kubeflow-pipelines, authentik-fips, open-webui, superset, kubeflow-volumes-web-app,...
GHSA-63VM-454H-VHHQ vulnerabilities
Vulnerabilities for packages: kserve, ansible-operator, kubeflow-katib, localstack, spamcheck, pgadmin4, airflow, kubeflow-pipelines-visualization-server, litellm, k8s-sidecar, authentik, kubeflow-pipelines, authentik-fips, open-webui, superset, kubeflow-volumes-web-app,...
GHSA-7F5H-V6XP-FCQ8 vulnerabilities
Vulnerabilities for packages: open-webui, k8s-sidecar, reflex, kserve, mlflow...
CVE-2025-62727 vulnerabilities
Vulnerabilities for packages: open-webui, k8s-sidecar, reflex, kserve, mlflow...
GHSA-7F5H-V6XP-FCQ8 vulnerabilities
Vulnerabilities for packages: reflex, mlflow, airflow-core, kserve, open-webui, airflow, k8s-sidecar, nemo...
CVE-2025-62727 vulnerabilities
Vulnerabilities for packages: reflex, mlflow, airflow-core, kserve, open-webui, airflow, k8s-sidecar, nemo...
Multiple Kubernetes Sidecar Containers CVE-2019-11255 Unauthorized Access Vulnerability
Description Multiple Kubernetes Sidecar Containers are prone to an unauthorized access vulnerability. An attacker can exploit this issue to gain unauthorized access and perform unintended actions. This may lead to further attacks. Technologies Affected Kubernetes external-provisioner 0.4.1...