58707 matches found
MinIO Operator Console Authentication Bypass
MinIO Console is a graphical user interface for the for MinIO Operator. MinIO itself is a multi-cloud object storage project. Affected versions are subject to an authentication bypass issue in the Operator Console when an external IDP is enabled. id: CVE-2021-41266 info: name: MinIO Operator...
CVE-2025-71375
The CVE-2025-71375 issue affects the Python package picklescan (prior to 0.0.34) and stems from failure to detect the built-in function _operator.methodcaller when scanning pickle files for malicious code. This oversight allows attackers to craft pickle payloads that evade detection and can lead ...
EUVD-2025-210425
picklescan before 0.0.34 fails to detect the operator.methodcaller built-in function when scanning pickle files for malicious code. Attackers can craft malicious pickle payloads using operator.methodcaller that evade detection and execute arbitrary code when loaded by pickle.load...
CVE-2025-71373
CVE-2025-71373 : picklescan before 0.0.33 fails to detect operator.methodcaller calls in pickle files, allowing remote attackers to craft payloads that execute arbitrary code when loaded, compromising systems relying on picklescan for validation.
CVE-2025-71373
picklescan before 0.0.33 fails to detect operator.methodcaller function calls in pickle files, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle payloads using operator.methodcaller that execute arbitrary code when loaded, compromising systems relying on...
EUVD-2025-210424
picklescan before 0.0.33 fails to detect operator.methodcaller function calls in pickle files, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle payloads using operator.methodcaller that execute arbitrary code when loaded, compromising systems relying on...
CVE-2025-71367
CVE-2025-71367 affects picklescan before 0.0.34. The root cause is a failure to detect _operator.attrgetter calls inside pickle payloads, allowing remote attackers to craft malicious pickle files using _operator.attrgetter in reduce methods and achieve arbitrary code execution when pickle.load() ...
CVE-2025-71367
picklescan before 0.0.34 fails to detect operator.attrgetter function calls in pickle payloads, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using operator.attrgetter in reduce methods to execute arbitrary code when pickle.load processes the file...
EUVD-2025-210421
picklescan before 0.0.34 fails to detect operator.attrgetter function calls in pickle payloads, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using operator.attrgetter in reduce methods to execute arbitrary code when pickle.load processes the file...
GHSA-XV9W-7V6Q-HPJH vulnerabilities
Vulnerabilities for packages: kube-logging-operator...
CVE-2026-44162 vulnerabilities
Vulnerabilities for packages: kube-logging-operator...
GHSA-Q675-QJ96-32M9 vulnerabilities
Vulnerabilities for packages: seaweedfs-rocksdb, seaweedfs-fips, seaweedfs, seaweedfs-operator-fips, seaweedfs-operator, gitlab-workhorse-ce, seaweedfs-rocksdb-fips...
CVE-2026-44162 vulnerabilities
Vulnerabilities for packages: kube-logging-operator...
GHSA-XV9W-7V6Q-HPJH vulnerabilities
Vulnerabilities for packages: kube-logging-operator...
CVE-2026-11769
A flaw was found in the Grafana Operator. This vulnerability allows a malicious user, who can create Dashboard or LibraryPanel resources for a Grafana instance, to exploit a path traversal issue within the jsonnet data templating language. This exploitation can lead to privilege escalation and...
GHSA-9R4W-JG96-92MV vulnerabilities
Vulnerabilities for packages: tbot, teleport-operator-fips, teleport...
GHSA-VH4V-2XQ2-G5CG vulnerabilities
Vulnerabilities for packages: xeol-fips, steampipe, falcoctl-fips, kots, kubescape-operator-fips, vcluster-fips, k8ssandra-client-fips, zarf, kyverno-notation-aws-fips, gitness, opentofu-fips, kube-arangodb, kubescape-server-fips, chartmuseum-fips, cloudbeat, kyverno-notation-aws, conftest-fips,...
GHSA-8XWF-RJM4-XVHV vulnerabilities
Vulnerabilities for packages: xeol-fips, steampipe, falcoctl-fips, kots, kubescape-operator-fips, vcluster-fips, k8ssandra-client-fips, zarf, kyverno-notation-aws-fips, gitness, opentofu-fips, kube-arangodb, kubescape-server-fips, chartmuseum-fips, cloudbeat, kyverno-notation-aws, conftest-fips,...
GHSA-XF85-363P-868W vulnerabilities
Vulnerabilities for packages: xeol-fips, steampipe, falcoctl-fips, kots, kubescape-operator-fips, vcluster-fips, k8ssandra-client-fips, zarf, kyverno-notation-aws-fips, gitness, opentofu-fips, kube-arangodb, kubescape-server-fips, chartmuseum-fips, cloudbeat, kyverno-notation-aws, conftest-fips,...
CVE-2026-50162 vulnerabilities
Vulnerabilities for packages: xeol-fips, steampipe, falcoctl-fips, kots, kubescape-operator-fips, vcluster-fips, k8ssandra-client-fips, zarf, kyverno-notation-aws-fips, gitness, opentofu-fips, kube-arangodb, kubescape-server-fips, chartmuseum-fips, cloudbeat, kyverno-notation-aws, conftest-fips,...