Lucene search
K

20 matches found

Wolfi
Wolfi
added 2026/05/22 7:48 p.m.25 views

CVE-2026-46680 vulnerabilities

Vulnerabilities for packages: rancher-helm, k9s, k8ssandra-client, fuse-overlayfs-snapshotter, tigera-operator, teleport, rancher, gogatekeeper, kubevela, zarf, dagger, kargo, chartmuseum, scorecard, ctop, k8sgpt, zot, wolfictl, helm-mapkubeapis, helm-push, helm, manifest-tool, linkerd2, syft,...

7.8CVSS5.9AI score0.00221EPSS
Exploits1
Chainguard
Chainguard
added 2026/05/22 7:17 p.m.16 views

CVE-2026-46680 vulnerabilities

Vulnerabilities for packages: chartmuseum, syft-fips, chartmuseum-fips, zarf, grype, kubevela-fips, eks-node-monitoring-agent-fips, headlamp, kubescape-server, k3s, xeol-fips, gitlab-rails-ce-fips, cluster-api-helm-controller-fips, opa, helm-fips, trivy-operator, linkerd2-fips, dagger, docker-fip...

7.8CVSS5.9AI score0.00221EPSS
Exploits1
Wolfi
Wolfi
added 2026/04/11 2:51 a.m.11 views

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: aws-load-balancer-controller, external-secrets-operator, rancher-system-upgrade-controller, knative-eventing, argo-rollouts, chartmuseum, falco-no-driver, aws-application-networking-k8s, cluster-api-provider-vsphere, dex, metacontroller, nri-f5, runc, cosign,...

7.5CVSS7.1AI score0.00349EPSS
Exploits0
Wolfi
Wolfi
added 2026/04/11 2:51 a.m.9 views

GHSA-7MR4-XJXG-34G6 vulnerabilities

Vulnerabilities for packages: gitness, terraform-provider-random, external-secrets-operator, cloud-provider-azure, sftpgo, opentelemetry-operator, cluster-api, docker-machine-driver-harvester, kserve-modelmesh-serving, docker-machine-driver-linode, knative-eventing, argo-rollouts,...

5.9AI score
Exploits0
Wolfi
Wolfi
added 2026/02/25 1:48 a.m.4 views

GHSA-9F29-V6MM-PW6W vulnerabilities

Vulnerabilities for packages: opa-envoy...

5.3AI score
Exploits0
Wolfi
Wolfi
added 2026/02/25 1:48 a.m.7 views

CVE-2026-26205 vulnerabilities

Vulnerabilities for packages: opa-envoy...

7.1CVSS5.3AI score0.0038EPSS
Exploits0
Chainguard
Chainguard
added 2026/02/25 1:17 a.m.8 views

CVE-2026-26205 vulnerabilities

Vulnerabilities for packages: opa-envoy, opa-fips-envoy...

7.1CVSS5.9AI score0.0038EPSS
Exploits0
Chainguard
Chainguard
added 2026/02/25 1:17 a.m.6 views

GHSA-9F29-V6MM-PW6W vulnerabilities

Vulnerabilities for packages: opa-envoy, opa-fips-envoy...

5.9AI score
Exploits0
OSV
OSV
added 2026/02/23 6:23 p.m.4 views

GO-2026-4506 opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in input.parsed_path in github.com/open-policy-agent/opa-envoy-plugin

opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in input.parsedpath in github.com/open-policy-agent/opa-envoy-plugin...

7.1CVSS5.3AI score0.0038EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/20 7:39 p.m.8 views

CVE-2026-26205

opa-envoy-plugun is a plugin to enforce OPA policies with Envoy. Versions prior to 1.13.2-envoy-2 have a vulnerability in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as...

7.1CVSS5.7AI score0.0038EPSS
Exploits0References1
NVD
NVD
added 2026/02/19 8:25 p.m.7 views

CVE-2026-26205

opa-envoy-plugun is a plugin to enforce OPA policies with Envoy. Versions prior to 1.13.2-envoy-2 have a vulnerability in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as...

7.1CVSS0.0038EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/19 7:31 p.m.6 views

CVE-2026-26205 opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in `input.parsed_path`

opa-envoy-plugun is a plugin to enforce OPA policies with Envoy. Versions prior to 1.13.2-envoy-2 have a vulnerability in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as...

7.1CVSS5.7AI score0.0038EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/19 7:31 p.m.29 views

CVE-2026-26205 opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in `input.parsed_path`

opa-envoy-plugun is a plugin to enforce OPA policies with Envoy. Versions prior to 1.13.2-envoy-2 have a vulnerability in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as...

7.1CVSS0.0038EPSS
Exploits0References3
OSV
OSV
added 2026/02/19 7:31 p.m.6 views

CVE-2026-26205 opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in `input.parsed_path`

opa-envoy-plugun is a plugin to enforce OPA policies with Envoy. Versions prior to 1.13.2-envoy-2 have a vulnerability in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as...

7.1CVSS5.7AI score0.0038EPSS
Exploits0References5
CVE
CVE
added 2026/02/19 7:31 p.m.18 views

CVE-2026-26205

CVE-2026-26205 affects the opa-envoy-plugin for Envoy (opa-envoy-plugun). Versions prior to 1.13.2-envoy-2 construct input.parsed_path by treating HTTP request paths as full URIs and interpreting leading segments with ‘//’ as authorities, which drops those segments from the parsed path. This crea...

7.1CVSS5.7AI score0.0038EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.8 views

opa-envoy-plugin 安全漏洞

opa-envoy-plugin is a plugin developed by Open Policy Agent. Versions of opa-envoy-plugin prior to 1.13.2-envoy-2 contained security vulnerabilities. These vulnerabilities stemmed from defects in the way the input.parsedpath field was constructed, which could lead to mismatches in path...

7.1CVSS5.8AI score0.0038EPSS
Exploits0References3
OSV
OSV
added 2026/02/18 3:25 p.m.3 views

GHSA-9F29-V6MM-PW6W opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in input.parsed_path

A security vulnerability has been discovered in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as authority components, and therefore dropping them from the parsed path. Thi...

7.1CVSS5.5AI score0.0038EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/02/18 3:25 p.m.8 views

opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in input.parsed_path

A security vulnerability has been discovered in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as authority components, and therefore dropping them from the parsed path. Thi...

7.1CVSS5.5AI score0.0038EPSS
Exploits0References5Affected Software1
Wolfi
Wolfi
added 2026/02/10 1:48 p.m.26 views

CVE-2025-68121 vulnerabilities

Vulnerabilities for packages: aws-load-balancer-controller, external-secrets-operator, gogatekeeper, cluster-api-azure-controller, rancher-system-upgrade-controller, knative-eventing, argo-rollouts, chartmuseum, falco-no-driver, aws-application-networking-k8s, cluster-api-provider-vsphere, dex,...

10CVSS6.9AI score0.00765EPSS
Exploits1
Wolfi
Wolfi
added 2025/03/20 4:43 a.m.13 views

GHSA-265R-HFXG-FHMG vulnerabilities

Vulnerabilities for packages: k8ssandra-client, fuse-overlayfs-snapshotter, kubevela, zarf, dagger, kargo, melange, chartmuseum, ctop, k8sgpt, zot, wolfictl, helm-push, flux-helm-controller, helm, linkerd2, syft, grype, opa, cert-manager-cmctl, gatekeeper, buildkitd, kaniko, osv-scanner,...

5.9AI score
Exploits0
Rows per page
Query Builder