Lucene search
K

170 matches found

OSV
OSV
added 2026/06/23 2:37 p.m.4 views

BIT-APISIX-2026-49231 Apache APISIX: Identity spoofing issue in APISIX opa plugin

Authentication Bypass by Spoofing vulnerability in opa plugin. An attacker could relay spoofed identity headers to upstream capitalising on non-default configuration in opa plugin. This could allow the attacker to assume higher privileges on the upstream service. This issue affects Apache APISIX:...

5.4CVSS5.9AI score0.00359EPSS
Exploits0References3
NVD
NVD
added 2026/06/19 2:16 p.m.11 views

CVE-2026-49231

Authentication Bypass by Spoofing vulnerability in opa plugin. An attacker could relay spoofed identity headers to upstream capitalising on non-default configuration in opa plugin. This could allow the attacker to assume higher privileges on the upstream service. This issue affects Apache APISIX:...

5.4CVSS0.00359EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 1:14 p.m.29 views

CVE-2026-49231 Apache APISIX: Identity spoofing issue in APISIX opa plugin

Authentication Bypass by Spoofing vulnerability in opa plugin. An attacker could relay spoofed identity headers to upstream capitalising on non-default configuration in opa plugin. This could allow the attacker to assume higher privileges on the upstream service. This issue affects Apache APISIX:...

2.3CVSS0.00359EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 1:14 p.m.11 views

EUVD-2026-38020

Authentication Bypass by Spoofing vulnerability in opa plugin. An attacker could relay spoofed identity headers to upstream capitalising on non-default configuration in opa plugin. This could allow the attacker to assume higher privileges on the upstream service. This issue affects Apache APISIX:...

2.3CVSS5.9AI score0.00359EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 1:14 p.m.26 views

CVE-2026-49231

CVE-2026-49231 describes an authentication bypass via spoofed identity headers in the APISIX opa plugin. Affected software: Apache APISIX (versions 3.5.0–3.16.0). Root cause: spoofed headers accepted due to non-default plugin configuration, allowing an attacker to relay identities to an upstream ...

5.4CVSS5.9AI score0.00359EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.30 views

PT-2026-50896

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 3.5.0 through 3.16.0 Description An authentication bypass issue exists in the opa plugin. An attacker can relay spoofed identity headers to upstream services by exploiting non-default configurations in the opa plugin,...

5.4CVSS5.9AI score0.00359EPSS
Exploits0References6
CBLMariner
CBLMariner
added 2026/05/30 12:34 a.m.11 views

CVE-2026-39821 affecting package opa for versions less than 0.63.0-4

CVE-2026-39821 affecting package opa for versions less than 0.63.0-4. A patched version of the package is available...

9.6CVSS5.8AI score0.00478EPSS
Exploits0
Wolfi
Wolfi
added 2026/05/22 7:48 p.m.28 views

CVE-2026-46680 vulnerabilities

Vulnerabilities for packages: neuvector-scanner, kubescape, k9s, helm-operator, chartmuseum, helm, rancher, steampipe, trivy-operator, rancher-agent, docker-compose, eksctl, spegel, k8ssandra-client, skaffold, opa, dagger, rancher-helm, cluster-api-helm-controller, manifest-tool, zarf,...

7.8CVSS7AI score0.00221EPSS
Exploits1
Chainguard
Chainguard
added 2026/05/22 7:17 p.m.16 views

CVE-2026-46680 vulnerabilities

Vulnerabilities for packages: envoy-gateway-fips, grype, zarf, dagger, k8ssandra-client, consul-k8s, kubescape-operator, newrelic-infrastructure-agent-fips, helm-mapkubeapis, trivy-operator-fips, rancher-agent, syft, kubescape-server-fips, docker-compose, kaniko-fips, redpanda-operator,...

7.8CVSS7AI score0.00221EPSS
Exploits1
OSV
OSV
added 2026/05/12 12:0 a.m.5 views

OPENSUSE-SU-2026:10755-1 opa-1.16.2-1.1 on GA media

These are all security issues fixed in the opa-1.16.2-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/05/05 9:31 a.m.10 views

actix-web-opentelemetry (>=0.2.0 <=0.17.0), ailake-file (>=0.0.8 <=0.0.16) +199 more potentially affected by CVE-2026-43868 via thrift (>=0.0.4 <=0.17.0)

thrift CARGO version =0.0.4, =0.2.0, =0.0.8, =0.0.6, =0.3.0, =0.3.5, =0.3.5, =0.2.0, =0.7.0, =0.1.0, =0.1.0, =0.32.1, =0.34.0 and more Source cves: CVE-2026-43868 Source advisory: OSV:GHSA-2F9F-GQ7V-9H6M...

7.5CVSS5.7AI score0.00665EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/04 6:26 p.m.10 views

org.apache.polaris:polaris-admin (>=1.0.0-incubating <=1.4.0), org.apache.polaris:polaris-api-catalog-service (>=1.0.0-incubating <=1.4.0) +23 more potentially affected by CVE-2026-42811 via org.apache.polaris:polaris-core (>=1.0.0-incubating <=1.4.0)

org.apache.polaris:polaris-core MAVEN version =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.3.0-incubating, =1.3.0-incubating, =1.1.0-incubating, =1.1.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.4.0 and more Source...

9.9CVSS5.8AI score0.00431EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/04 5:26 p.m.8 views

org.apache.polaris:polaris-extensions-auth-opa-tests (>=1.3.0-incubating <=1.4.0), org.apache.polaris:polaris-runtime-spark-tests (>=1.0.0-incubating <=1.4.0) +3 more potentially affected by CVE-2026-42812 via org.apache.polaris:polaris-runtime-service (>=1.0.0-incubating <=1.4.0)

org.apache.polaris:polaris-runtime-service MAVEN version =1.0.0-incubating, =1.3.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.4.0 Source cves: CVE-2026-42812 Source advisory: SNYK:JAVA-ORGAPACHEPOLARIS-16422548...

9.9CVSS5.8AI score0.00364EPSS
Exploits0
Wolfi
Wolfi
added 2026/04/11 2:51 a.m.12 views

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: kube-fluentd-operator, karpenter, amazon-cloudwatch-agent-operator, buf, git-sync, chezmoi, act, kube-vip, kafkaexporter, nri-couchbase, k8ssandra-client, splunk-otel-collector, kubernetes-ingress-defaultbackend, smarter-device-manager, crossplane-provider-azure-sql,...

7.5CVSS6.9AI score0.00349EPSS
Exploits0
Wolfi
Wolfi
added 2026/04/11 2:51 a.m.9 views

GHSA-7MR4-XJXG-34G6 vulnerabilities

Vulnerabilities for packages: kube-fluentd-operator, gcsfuse, kubescape, argo-cd, karpenter, k8s-device-plugin, helm, amazon-cloudwatch-agent-operator, kubernetes-dashboard, modelmesh-runtime-adapter, cluster-api, dapr, gcp-compute-persistent-disk-csi-driver, rancher-agent, grpcurl, swagger,...

6.1AI score
Exploits0
CBLMariner
CBLMariner
added 2026/03/10 10:56 p.m.5 views

CVE-2025-11065 affecting package opa for versions less than 0.63.0-3

CVE-2025-11065 affecting package opa for versions less than 0.63.0-3. A patched version of the package is available...

5.3CVSS5.8AI score0.00357EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/03/09 2:32 p.m.4 views

CVE-2025-11065 affecting package opa for versions less than 0.63.0-6

CVE-2025-11065 affecting package opa for versions less than 0.63.0-6. A patched version of the package is available...

5.3CVSS5.8AI score0.00357EPSS
Exploits0
Chainguard
Chainguard
added 2026/03/03 7:17 a.m.6 views

GHSA-8FJ7-8H3W-XWFM vulnerabilities

Vulnerabilities for packages: descheduler-fips, deck, crossplane-provider-aws-route53-fips, terraform-provider-aws-fips, peerdb-flow, cluster-api-azure-controller, crossplane-provider-aws-kinesis, crossplane-provider-aws-ecs-fips, vertical-pod-autoscaler-fips, apache-beam-java-sdk, ollama-fips,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/03/03 7:17 a.m.10 views

CVE-2026-27141 vulnerabilities

Vulnerabilities for packages: descheduler-fips, deck, crossplane-provider-aws-route53-fips, terraform-provider-aws-fips, peerdb-flow, cluster-api-azure-controller, crossplane-provider-aws-kinesis, crossplane-provider-aws-ecs-fips, vertical-pod-autoscaler-fips, apache-beam-java-sdk, ollama-fips,...

7.5CVSS7AI score0.00501EPSS
Exploits0
Wolfi
Wolfi
added 2026/02/25 1:48 a.m.5 views

GHSA-9F29-V6MM-PW6W vulnerabilities

Vulnerabilities for packages: opa-envoy...

5.3AI score
Exploits0
Rows per page
Query Builder