Lucene search
+L

179 matches found

Wolfi
Wolfi
added 2026/04/11 2:51 a.m.16 views

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: dask-gateway, litefs, flux-notification-controller, kube-arangodb, flux-image-reflector-controller, fscrypt, argocd-image-updater, kafkaexporter, envoy-ratelimit, crossplane-provider-azure-storage, speedtest-go, scorecard, kafka-proxy, kpt, aws-efs-csi-driver,...

7.5CVSS7.1AI score0.00349EPSS
Exploits0
OSV
OSV
added 2026/04/01 9:46 a.m.16 views

CLEANSTART-2026-UM45661 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27141, CVE-2026-27142, ghsa-6v2p-p543-phr9, ghsa-f6x5-jh6r-wrfv, ghsa-hcg3-q754-cr77, ghsa-j5w8-q4qc-rx2x, ghsa-qxp5-gwg8-xv66, ghsa-vvgc-356p-c3xw applied in versions: 4.4.0-r0, 4.4.0-r1, 4.4.0-r2, 4.4.0-r3

Multiple security vulnerabilities affect the dynamic-localpv-provisioner package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS7AI score0.01945EPSS
Exploits2References27
Veracode
Veracode
added 2026/03/24 1:16 p.m.5 views

Improper Authorization

github.com/smallstep/certificates is vulnerable to Improper Authorization. The vulnerability is due to insufficient authorization checks in SSH certificate revocation with the SSHPOP provisioner, which allows an attacker to improperly revoke certificates...

5CVSS7.1AI score0.00138EPSS
Exploits0References3Affected Software2
CVE
CVE
added 2026/02/25 10:49 a.m.43 views

CVE-2025-62878

The CVE-2025-62878 exposure is a path traversal flaw in the Local Path Provisioner (rancher.io/local-path) via the parameters.pathPattern in StorageClass. A malicious user can craft pathPattern (using relative segments like ../) to cause PersistentVolumes to target arbitrary host paths, e.g., ove...

9.9CVSS5.5AI score0.00581EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/25 10:49 a.m.4 views

CVE-2025-62878 Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern

A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories...

9.9CVSS5.5AI score0.00581EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/25 10:49 a.m.27 views

CVE-2025-62878 Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern

A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories...

9.9CVSS0.00581EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2026/02/12 5:3 a.m.234 views

Exploit for CVE-2025-62878

CVE-2025-62878: Local Path Provisioner Path Traversal Over...

5.8AI score0.00581EPSS
Exploits1
OSV
OSV
added 2026/02/05 3:20 a.m.9 views

GO-2026-4425 Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern in github.com/rancher/local-path-provisioner

Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern in github.com/rancher/local-path-provisioner...

9.9CVSS5.3AI score0.00581EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.4 views

PT-2026-6528

Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern in github.com/rancher/local-path-provisioner...

5.4AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/02/04 8:17 p.m.18 views

Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern

Impact A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories. Example: apiVersion: storage.k8s.io/v1 kind: StorageClass metadata:...

9.9CVSS5.7AI score0.00581EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/02/04 8:17 p.m.24 views

GHSA-JR3W-9VFR-C746 Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern

Impact A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories. Example: apiVersion: storage.k8s.io/v1 kind: StorageClass metadata:...

9.9CVSS5.7AI score0.00581EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.5 views

PT-2026-6443

Impact A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories. Example: apiVersion: storage.k8s.io/v1 kind: StorageClass metadata:...

9.9CVSS5.7AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.4 views

PT-2026-6543

Name of the Vulnerable Software and Affected Versions rancher.io/local-path-provisioner versions prior to 0.0.34 Description A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or...

9.9CVSS5.6AI score0.00581EPSS
Exploits1References19
vulnersOsv
vulnersOsv
added 2026/01/08 9:46 p.m.5 views

avalanche-config-installer (>=0.2.36 <=0.2.43), avalanche-installer (>=0.0.18 <=0.0.32) +38 more potentially affected by unknown CVE via aws-sdk-s3 (>=0.0.26-alpha <=0.9.0)

aws-sdk-s3 CARGO version =0.0.26-alpha, =0.2.36, =0.0.18, =0.0.42, =0.0.5, =0.0.24, =0.0.1, =0.0.0, =0.0.46, =0.1.7, =0.4.0, =0.4.0, =0.1.1, =0.1.0, =0.8.0, =0.8.0, =0.12.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...

5.5AI score
Exploits0
CBLMariner
CBLMariner
added 2025/12/29 5:22 p.m.3 views

CVE-2025-65637 affecting package local-path-provisioner for versions less than 0.0.21-20

CVE-2025-65637 affecting package local-path-provisioner for versions less than 0.0.21-20. A patched version of the package is available...

7.5CVSS6.9AI score0.00585EPSS
Exploits1
NVD
NVD
added 2025/12/17 4:16 p.m.7 views

CVE-2025-44005

An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completing certain protocol authorization checks...

10CVSS0.03318EPSS
Exploits0References3
CVE
CVE
added 2025/12/17 3:16 p.m.53 views

CVE-2025-44005

The CVE describes an Authorization bypass in Smallstep Step CA where ACME or SCEP provisioners can create certificates without completing certain protocol authorization checks. Affected component: Step CA (ACME/SCEP provisioners). Root cause: bypass of authorization checks. Impact: potential issu...

10CVSS6.5AI score0.03318EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/17 3:16 p.m.31 views

CVE-2025-44005

An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completing certain protocol authorization checks...

10CVSS0.03318EPSS
Exploits0References2
OSV
OSV
added 2025/12/17 3:16 p.m.11 views

CVE-2025-44005

An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completing certain protocol authorization checks...

10CVSS5.8AI score0.03318EPSS
Exploits0References5
Talos
Talos
added 2025/12/17 12:0 a.m.74 views

smallstep Step-CA Certificate Signing authentication bypass vulnerability

Talos Vulnerability Report TALOS-2025-2242 smallstep Step-CA Certificate Signing authentication bypass vulnerability December 17, 2025 CVE Number CVE-2025-44005 SUMMARY An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completi...

10CVSS6.6AI score0.03318EPSS
Exploits0
Rows per page
Query Builder