Lucene search
K

8 matches found

NVD
NVD
added 2026/01/31 12:16 p.m.10 views

CVE-2025-71180

In the Linux kernel, the following vulnerability has been resolved: counter: interrupt-cnt: Drop IRQFNOTHREAD flag An IRQ handler can either be IRQFNOTHREAD or acquire spinlockt, as CONFIGPROVERAWLOCKNESTING warns: ============================= BUG: Invalid wait context 6.18.0-rc1+git... 1...

5.5CVSS0.00149EPSS
Exploits0References6
Veracode
Veracode
added 2025/11/20 8:54 a.m.5 views

Denial-of-service (DoS)

github.com/argoproj/argo-cd is vulnerable to a Denial-of-service DoS. The vulnerability is due to Argo CD’s /api/webhook endpoint crashing when it receives a malformed Gogs push event with a missing or null commits.repo field, which allows an attacker to send crafted API requests that crash the A...

7.5CVSS6.9AI score0.00563EPSS
Exploits1References5Affected Software3
SUSE CVE
SUSE CVE
added 2025/10/02 11:22 p.m.2 views

SUSE CVE-2025-59537

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions 1.2.0 through 1.8.7, 2.0.0-rc1 through 2.14.19, 3.0.0-rc1 through 3.2.0-rc1, 3.1.7 and 3.0.18 are vulnerable to malicious API requests which can crash the API server and cause denial of service to legitimate client...

5.3CVSS8.9AI score0.00563EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2025/10/02 11:22 p.m.3 views

SUSE CVE-2025-59538

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. For versions 2.9.0-rc1 through 2.14.19, 3.0.0-rc1 through 3.2.0-rc1, 3.1.6 and 3.0.17, when the webhook.azuredevops.username and webhook.azuredevops.password are not set in the default configuration, the /api/webhook endpoi...

5.3CVSS7AI score0.00549EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/10/01 9:9 p.m.2 views

CVE-2025-59538 Argo CD is Vulnerable to Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. For versions 2.9.0-rc1 through 2.14.19, 3.0.0-rc1 through 3.2.0-rc1, 3.1.6 and 3.0.17, when the webhook.azuredevops.username and webhook.azuredevops.password are not set in the default configuration, the /api/webhook endpoi...

7.5CVSS6.5AI score0.00549EPSS
Exploits1References2
OSV
OSV
added 2025/09/30 6:32 p.m.3 views

GHSA-GPX4-37G2-C8PV Argo CD Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook

Summary In the default configuration, webhook.azuredevops.username and webhook.azuredevops.password not set, Argo CD’s /api/webhook endpoint crashes the entire argocd-server process when it receives an Azure DevOps Push event whose JSON array resource.refUpdates is empty. The slice index 0 is...

7.5CVSS7.4AI score0.00549EPSS
Exploits1References5
Snyk
Snyk
added 2025/09/30 6:28 p.m.2 views

Improper Validation of Function Hook Arguments

Overview Affected versions of this package are vulnerable to Improper Validation of Function Hook Arguments in the /api/webhook endpoint via the affectedRevisionInfo function. An attacker can cause the server process to crash and disrupt service availability by sending a Gogs push event whose JSO...

8.7CVSS6.9AI score0.00563EPSS
Exploits1References2
Snyk
Snyk
added 2025/09/30 6:28 p.m.2 views

Improper Validation of Function Hook Arguments

Overview Affected versions of this package are vulnerable to Improper Validation of Function Hook Arguments in the /api/webhook endpoint via the affectedRevisionInfo function. An attacker can cause the server process to crash and disrupt service availability by sending a Gogs push event whose JSO...

8.7CVSS6.9AI score0.00563EPSS
Exploits1References2
Rows per page
Query Builder