208 matches found
CVE-2026-32281 vulnerabilities
Vulnerabilities for packages: grafana-pyroscope, ipfs-cluster, migrate, snyk-cli, kaf, secrets-store-csi-driver-provider-azure, prometheus-blackbox-exporter, q, k3s, whereabouts, azurefile-csi, incert, smokescreen, nri-f5, spark-operator, hey, mongodb-kubernetes-operator, envconsul,...
GHSA-7MR4-XJXG-34G6 vulnerabilities
Vulnerabilities for packages: neuvector-scanner, nginx-prometheus-exporter, prometheus-pushgateway, grafana-pyroscope, yunikorn-k8shim, dkron, flux-helm-controller, docker-cli, migrate, snyk-cli, step-issuer, gatekeeper, gh, kaf, tofu-controller, terraform, ingress-nginx-controller,...
GHSA-5W89-2C2X-6X66 vulnerabilities
Vulnerabilities for packages: age-fips, cluster-api-ipam-provider-in-cluster, jobset-fips, crossplane-provider-aws-cognitoidp-fips, cluster-api-provider-vsphere, json-exporter-fips, docker-compose-fips, kubernetes-csi-external-resizer-fips, kube-logging-operator-custom-runner, gitlab-workhorse-ce...
CVE-2026-32283 vulnerabilities
Vulnerabilities for packages: emissary, cluster-api-ipam-provider-in-cluster, minc-fips, pgwatch, jobset-fips, kubernetes-ingress-defaultbackend-fips, crossplane-provider-aws-cognitoidp-fips, crossplane-provider-aws-ssm, apache-exporter, nri-mongodb, cluster-api-provider-vsphere, yunikorn-k8shim,...
CLEANSTART-2026-KJ56465 Security fixes for CVE-2026-25679, CVE-2026-27139, CVE-2026-27142 applied in versions: 5.4.8-r0
Multiple security vulnerabilities affect the neuvector-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2026-33487 vulnerabilities
Vulnerabilities for packages: dex-fips, omni-fips, mattermost, rancher-agent, rancher, gotrue, commercial-grafana, mattermost-fips, zitadel, neuvector, omni, gotrue-fips, teleport, teleport-operator-fips, dex, neuvector-fips...
CVE-2025-67860
A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users...
CVE-2025-67860
A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users...
CVE-2025-67860
A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users...
CVE-2025-67860 NeuVector scanner insecurely handles passwords as command arguments
A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users...
CVE-2025-67860
A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users...
CVE-2025-67860 NeuVector scanner insecurely handles passwords as command arguments
A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users...
CVE-2025-67860
NeuVector scanner (CVE-2025-67860) is affected: the scanner process accepts registry and controller credentials via command-line arguments, potentially exposing sensitive credentials to local users. Root cause: credentials handled in command-line context. Impact: limited confidentiality risk (Low...
SUSE CVE-2025-67860
A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users...
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via handling passwords as command arguments. An attacker can obtain sensitive information by accessing process arguments through system interfaces. Remediation Upgrade github.com/neuvector/scanner to...
GO-2026-4490 NeuVector scanner insecurely handles passwords as command arguments in github.com/neuvector/scanner
NeuVector scanner insecurely handles passwords as command arguments in github.com/neuvector/scanner. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
GHSA-3C9M-GQ32-G4JX NeuVector scanner insecurely handles passwords as command arguments
Impact A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users. This may allow unauthorized access to registries or the NeuVector...
NeuVector scanner insecurely handles passwords as command arguments
Impact A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users. This may allow unauthorized access to registries or the NeuVector...
PT-2026-7954
Name of the Vulnerable Software and Affected Versions NeuVector versions prior to 4.072 Description The NeuVector scanner insecurely handles passwords as command arguments. The scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive...
Improper TLS Certificate Validation
github.com/neuvector/neuvector is vulnerable to improper TLS certificate validation. The vulnerability is due to TLS verification not being enforced by default for OpenID Connect authentication, which allows an attacker to perform man-in-the-middle MITM attacks by intercepting or tampering with...