Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Cvelist
Cvelistadded 2026/02/20 10:38 p.m.20 views

CVE-2026-27133 Strimzi All CAs from CA chain will be trusted in Kafka Connect and Kafka MirrorMaker 2 target clusters

Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. From 0.47.0 to before 0.50.1, when a chain consisting of multiple CA Certificate Authority certificates is used in the trusted certificates configuration of a Kafka Connect opera...

5.9CVSS0.00012EPSS
Exploits0References2
Snyk
Snykadded 2026/02/20 10:38 p.m.2 views

Improper Following of a Certificate's Chain of Trust

Overview Affected versions of this package are vulnerable to Improper Following of a Certificate's Chain of Trust in the Kafka Connect and MirrorMaker 2 operands with multiple CA certificates. An attacker can gain unauthorized access by presenting a server certificate signed by any CA in the chai...

7.4CVSS5.9AI score0.00012EPSS
Exploits0References2
OSV
OSVadded 2026/02/20 10:38 p.m.2 views

CVE-2026-27133 Strimzi All CAs from CA chain will be trusted in Kafka Connect and Kafka MirrorMaker 2 target clusters

Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. From 0.47.0 to before 0.50.1, when a chain consisting of multiple CA Certificate Authority certificates is used in the trusted certificates configuration of a Kafka Connect opera...

5.9CVSS5.5AI score0.00012EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2025/12/06 6:44 p.m.2 views

CVE-2025-66623

A flaw was found in Strimzi. This vulnerability allows unauthorized GET access to all Kubernetes K8s Secrets that exist in the given Kubernetes K8s namespace via incorrect Kubernetes K8s Role creation. Mitigation Mitigation for this issue is either not available or the currently available options...

7.4CVSS5.8AI score0.00023EPSS
Exploits0References5
Snyk
Snykadded 2025/12/05 10:2 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the process that creates Kubernetes Role bindings. An attacker can access sensitive information by executing GET requests in affected Pods using their Service Account to retrieve any Secret from the same...

8.3CVSS6.8AI score0.00023EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/12/05 6:31 p.m.14 views

CVE-2025-66623 Strimzi allows unrestricted access to all Secrets in the same Kubernetes namespace from Kafka Connect and MirrorMaker 2 operands

Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. From 0.47.0 and prior to 0.49.1, in some situations, Strimzi creates an incorrect Kubernetes Role which grants the Apache Kafka Connect and Apache Kafka MirrorMaker 2 operands th...

7.4CVSS0.00023EPSS
Exploits0References2
Rows per page
Query Builder