CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1038 matches found

GHSA-XHF5-7WJV-PQXP vulnerabilities

Vulnerabilities for packages: trivy, kgateway, newrelic-infrastructure-agent, helm-operator-fips, spegel-fips, grype, chaos-mesh-fips, k9s, grype-fips, skaffold-fips, helm-operator, kube-arangodb, scorecard, kots, trivy-fips, newrelic-infrastructure-agent-fips, docker-compose-fips,...

5.8AI score

Exploits0

Chainguard•added yesterday•3 views

GHSA-JPCC-P29G-P8MQ vulnerabilities

5.8AI score

Exploits0

Chainguard•added yesterday•5 views

CVE-2026-53488 vulnerabilities

5.8AI score

Exploits0

Chainguard•added yesterday•4 views

CVE-2026-47262 vulnerabilities

5.8AI score

Exploits0

Wolfi•added 4 days ago•6 views

GHSA-XHF5-7WJV-PQXP vulnerabilities

Vulnerabilities for packages: k9s, docker-cli-buildx, ctop, kubevela, headlamp, buildkitd, k8sgpt, rancher-helm, helm-mapkubeapis, steampipe, manifest-tool, chartmuseum, rancher, docker-compose, rancher-agent, neuvector-scanner, envoy-gateway, trivy, newrelic-infrastructure-agent, zot,...

5.8AI score

Exploits0

Wolfi•added 4 days ago•8 views

GHSA-JPCC-P29G-P8MQ vulnerabilities

5.8AI score

Exploits0

Wolfi•added 4 days ago•12 views

CVE-2026-47262 vulnerabilities

5.8AI score

Exploits0

Wolfi•added 4 days ago•11 views

CVE-2026-53488 vulnerabilities

5.8AI score

Exploits0

NVD•added 5 days ago•8 views

CVE-2026-44939

A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint /v3/import/tokenclusterId.yaml through unsanitized YAML parameters could allow remote attackers to break out of an image, and execute e.g. malicious containers...

9.4CVSS0.01113EPSS

Exploits0References1

Cvelist•added 5 days ago•30 views

CVE-2026-44939 Command injection through unsanitized YAML parameter in Rancher

9.4CVSS0.01113EPSS

Exploits0References1

CVE•added 5 days ago•30 views

CVE-2026-44939

An input validation flaw in Rancher Manager's import endpoint (/v3/import/{token}_{clusterId}.yaml) allows command injection via unsanitized YAML parameters in versions prior to 2.14.2. Impact: remote attackers could break out of the container image and execute arbitrary code inside containers. R...

9.4CVSS6AI score0.01113EPSS

Exploits0References1

NVD•added 2026/06/16 5:16 p.m.•7 views

CVE-2025-71261

An attacker with network-level access between the SUSE Virtualization and Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse it to bypass TLS as a security control...

8.6CVSS0.00208EPSS

Exploits0References1

CVE•added 2026/06/16 3:42 p.m.•10 views

CVE-2025-71261

The CVE-2025-71261 issue affects the SUSE Virtualization (Harvester) Rancher integration registration client, specifically the cluster-registration-url path. The root cause is an insecure TLS setup that fails to verify the remote server’s certificate, enabling MITM between SUSE Virtualization and...

8.6CVSS5.2AI score0.00208EPSS

Exploits0References1

EUVD•added 2026/06/16 3:42 p.m.•4 views

EUVD-2025-210170

8.6CVSS5.2AI score0.00208EPSS

Exploits0References1

OSV•added 2026/06/11 12:41 a.m.•10 views

CLEANSTART-2026-OK35650 During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succ...

Multiple security vulnerabilities affect the rancher-agent package. During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed...

9.8CVSS5.5AI score0.00765EPSS

Exploits1References5

F5 Networks•added 2026/06/01 3:16 p.m.•16 views

K000161495: Rancher Local Path Provisioner vulnerability CVE-2025-62878

Security Advisory Description A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories. CVE-2025-62878 Impact There is no impact; F5 products...

9.9CVSS5.9AI score0.00581EPSS

Exploits1

Wolfi•added 2026/05/22 7:48 p.m.•22 views

CVE-2026-46680 vulnerabilities

Vulnerabilities for packages: k9s, docker-cli-buildx, ctop, kubevela, opa, headlamp, buildkitd, k8sgpt, gogatekeeper, helm-mapkubeapis, rancher-helm, steampipe, manifest-tool, chartmuseum, rancher, docker-compose, rancher-agent, neuvector-scanner, envoy-gateway, trivy,...

5.8AI score0.00019EPSS

Exploits1

Wolfi•added 2026/05/22 7:48 p.m.•22 views

GHSA-FQW6-GF59-QR4W vulnerabilities

5.8AI score

Exploits0

Chainguard•added 2026/05/22 7:17 p.m.•11 views

CVE-2026-46680 vulnerabilities

Vulnerabilities for packages: trivy, newrelic-infrastructure-agent, helm-operator-fips, spegel-fips, grype, chaos-mesh-fips, k9s, grype-fips, skaffold-fips, helm-operator, osv-scanner, kube-arangodb, scorecard, kots, k8ssandra-client, trivy-fips, newrelic-infrastructure-agent-fips,...

5.8AI score0.00019EPSS

Exploits1

Veracode•added 2026/05/16 5:36 a.m.•6 views

Improper Certificate Validation

rancher is vulnerable to Improper Certificate Validation. The vulnerability is due to the Rancher CLI automatically retrieving and trusting CA certificates from Rancher’s cacerts setting when the -skip-verify flag is used without the --cacert flag, potentially allowing attackers to influence...

8.3CVSS5.8AI score0.00153EPSS

Exploits0References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by