Lucene search
K

58785 matches found

NVD
NVD
added yesterday6 views

CVE-2026-61462

mcp-gitlab contains a path traversal vulnerability in the jobid parameter of build/index.js that allows attackers to redirect GitLab API requests to arbitrary endpoints. Attackers can supply crafted jobid values like ../../../user to escape the intended path prefix and access arbitrary GitLab API...

9.2CVSS
Exploits0References4
CVE
CVE
added yesterday8 views

CVE-2026-61462

CVE-2026-61462 affects mcp-gitlab. A path traversal weakness exists in the build/index.js job_id parameter, allowing an attacker to escape the intended path prefix (e.g., using ../../../user) and redirect GitLab API requests to arbitrary endpoints. This can enable access to arbitrary GitLab API r...

9.2CVSS6.2AI score
Exploits0References4
CVE
CVE
added yesterday9 views

CVE-2026-62147

The Tempo Operator's gateway component failed to consistently apply namespace-scoped redaction on some query API response paths when query RBAC was enabled, allowing an authenticated user to read span attributes belonging to other tenants' namespaces...

6.5CVSS6.1AI score
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday9 views

CVE-2026-62147

The Tempo Operator's gateway component failed to consistently apply namespace-scoped redaction on some query API response paths when query RBAC was enabled, allowing an authenticated user to read span attributes belonging to other tenants' namespaces. Mitigation There is no mitigation or workarou...

6.5CVSS6.1AI score
Exploits0References3
Nuclei
Nuclei
added yesterday252 views

MinIO Operator Console Authentication Bypass

MinIO Console is a graphical user interface for the for MinIO Operator. MinIO itself is a multi-cloud object storage project. Affected versions are subject to an authentication bypass issue in the Operator Console when an external IDP is enabled. id: CVE-2021-41266 info: name: MinIO Operator...

9.8CVSS7AI score0.46706EPSS
Exploits1References5
Chainguard
Chainguard
added 4 days ago6 views

GHSA-9VCR-P3RJ-Q5Q6 vulnerabilities

Vulnerabilities for packages: zarf-fips, crossplane, kyverno-notation-aws, zarf, tbot, tkn-fips, trivy, tekton-chains-fips, kubescape-server, cloudbeat-fips, gitsign, teleport-operator-fips, tflint, trivy-fips, kubescape-server-fips, kyverno-notation-aws-fips, tflint-fips, trivy-operator-fips,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 5 days ago6 views

GHSA-XCGV-8MV7-V8C7 vulnerabilities

Vulnerabilities for packages: zarf-fips, kube-fluentd-operator, harbor, ocm-cli-fips, glab, azure-aad-pod-identity-mic, knative-eventing-fips, k9s-fips, redka, rekor-fips, libnvidia-container, flux-source-watcher-fips, apko, fuse-overlayfs-snapshotter, melange, mattermost,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 5 days ago6 views

GHSA-FF52-PH69-CF7X vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-networkmanager, policy-bot, crossplane-provider-azure-signalrservice, fairwinds-gemini-fips, generic-device-plugin-fips, timoni, crossplane-provider-aws-waf-fips, aws-application-networking-k8s, cluster-api, dataplaneapi-fips, gpu-operator,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 5 days ago5 views

GHSA-FF52-PH69-CF7X vulnerabilities

Vulnerabilities for packages: gcp-compute-persistent-disk-csi-driver, croc, crossplane-provider-aws-s3, crossplane-provider-aws-eks, src, k8ssandra-operator, openbao-k8s, authservice, neuvector-dbgen, docker-compose, telegraf, cluster-autoscaler, manifest-tool, kube-arangodb,...

6.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 5 days ago8 views

Important: Red Hat Security Advisory: RHTAS 1.0.1 - GA Release Of the Policy Controller Operator

The GA release of the RHTAS Policy Controller Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.4 The RHTAS Policy Controller Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.1...

9.1CVSS6.5AI score0.00533EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 5 days ago7 views

Important: Red Hat Security Advisory: RHTAS 1.4.2 - Tech Preview Release Of the Model Validation Operator

The Tech Preview release of the RHTAS Model Validation Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.4 The RHTAS Model Validation Operator can be used with OpenShift Container Platform 4.16, 4.17,...

9.1CVSS6.8AI score0.00533EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 5 days ago8 views

Important: Red Hat Security Advisory: RHTAS 1.4.2 - Red Hat Trusted Artifact Signer Release

The 1.4.2 release of Red Hat Trusted Artifact Signer OpenShift Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.4 The RHTAS Operator can be used with OpenShift Container Platform 4.17, 4.18, 4.19, 4.20...

9.1CVSS6.8AI score0.38811EPSS
Exploits12References19
RedHat Linux
RedHat Linux
added 5 days ago12 views

Important: Red Hat Security Advisory: RHTAS 1.4.2 - Red Hat Trusted Artifact Signer Release

The 1.4.2 release of Red Hat Trusted Artifact Signer OpenShift Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.4 The RHTAS Operator can be used with OpenShift Container Platform 4.17, 4.18, 4.19, 4.20...

9.1CVSS6.5AI score0.00533EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 5 days ago10 views

Important: Red Hat Security Advisory: RHTAS 1.4.2 - Red Hat Trusted Artifact Signer Release

The 1.4.2 release of Red Hat Trusted Artifact Signer OpenShift Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.4 The RHTAS Operator can be used with OpenShift Container Platform 4.17, 4.18, 4.19, 4.20...

9.1CVSS6.5AI score0.00533EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 5 days ago5 views

Important: Red Hat Security Advisory: RHTAS 1.4.2 - Red Hat Trusted Artifact Signer Release

The 1.4.2 release of Red Hat Trusted Artifact Signer OpenShift Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.4 The RHTAS Operator can be used with OpenShift Container Platform 4.17, 4.18, 4.19, 4.20...

7.5CVSS5.9AI score0.00326EPSS
Exploits0References4
Snyk
Snyk
added 5 days ago3 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the ssh process. An attacker can execute arbitrary commands on the operator's workstation by injecting malicious OpenSSH options when the operator runs non-interactive SSH commands. Remediation Upgrade...

8.3CVSS7.2AI score0.00293EPSS
Exploits0References2
NVD
NVD
added 5 days ago10 views

CVE-2026-41857

A compromised or malicious BOSH Director can execute arbitrary shell commands on the operator's workstation when the operator runs bosh ssh or bosh scp/bosh logs -f with default flags. Affected versions: BOSH CLI versions prior to 7.10.5...

7.8CVSS0.00148EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago10 views

CVE-2026-41857

A compromised or malicious BOSH Director can execute arbitrary shell commands on the operator's workstation when the operator runs bosh ssh or bosh scp/bosh logs -f with default flags. Affected versions: BOSH CLI versions prior to 7.10.5...

7.8CVSS7.3AI score0.00148EPSS
Exploits0References2
NVD
NVD
added 6 days ago7 views

CVE-2026-15063

A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing th...

6.3CVSS0.00184EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 6 days ago5 views

Important: Red Hat Security Advisory: DevWorkspace Operator 0.42.0 release.

DevWorkspace Operator 0.42.0 has been released. The DevWorkspace Operator extends OpenShift to provide DevWorkspace support...

10CVSS6.7AI score0.00533EPSS
Exploits0References9
Rows per page
Query Builder