135 matches found
Nuclio: Missing authorization on project write paths allows any authenticated user to modify or delete any project
This vulnerability exists in Nuclio Dashboard's project management API, allowing any authenticated user without membership in the target project to bypass OPA authorization checks on write paths PUT /api/projects/id, DELETE /api/projects and modify or delete any project along with all its...
SUSE CVE-2026-26205
opa-envoy-plugun is a plugin to enforce OPA policies with Envoy. Versions prior to 1.13.2-envoy-2 have a vulnerability in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as...
Azure Linux 3.0 Security Update: opa (CVE-2025-46569)
The version of opa installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-46569 advisory. - Open Policy Agent OPA is an open source, general-purpose policy engine. Prior to version 1.4.0, when run as a...
CVE-2023-45822
Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which a default unsafe rego built-in was allowed to be used when...
CVE-2011-0846
Unspecified vulnerability in the Oracle Sun Java System Access Manager Policy Agent 2.2 allows remote attackers to affect availability via unknown vectors related to Web Proxy Agent...
PT-2026-1334
Name of the Vulnerable Software and Affected Versions Spinnaker versions prior to 2025.1.6 Spinnaker versions prior to 2025.2.3 Spinnaker versions prior to 2025.3.0 Description Spinnaker, an open source, multi-cloud continuous delivery platform, is susceptible to server-side request forgery. This...
CVE-2025-62159 External Secrets Operator's BeyondTrust Provider has Insecure Secret Retrieval
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator versions 0.10.1 through 0.19.2. The provider previously...
CVE-2025-62159
CVE-2025-62159 affects External Secrets Operator’s BeyondTrust provider (versions 0.10.1–0.19.2). The legacy code retrieved Kubernetes secrets directly without validating namespace context or secret store type, enabling cross‑namespace secret access and security boundary violations. In version 0....
CVE-2025-62159 External Secrets Operator's BeyondTrust Provider has Insecure Secret Retrieval
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator versions 0.10.1 through 0.19.2. The provider previously...
EUVD-2018-7204
Malware in sbrugna...
EUVD-2022-6209
Malicious code in bioql PyPI...
EUVD-2023-12557
Malicious code in bioql PyPI...
EUVD-2022-5738
Malicious code in bioql PyPI...
EUVD-2022-6789
Malicious code in bioql PyPI...
EUVD-2023-2711
Malicious code in bioql PyPI...
EUVD-2025-5090
Malicious code in bioql PyPI...
EUVD-2023-12400
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-22320
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenAM Web Policy Agent OpenAM Consortium Edition provided by OpenAM Consortium parses URLs improperly, leading to a path traversal vulnerabilityCWE-22...
MAL-2025-6646 Malicious code in policy-agent-client (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in policy-agent-client (npm)
--- -= Per source details. Do not edit below this line.=-...