CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

433 matches found

CVE-2026-42526

In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...

5.3CVSS5.4AI score0.0003EPSS

Exploits0References1

RedhatCVE•added 3 days ago•4 views

CVE-2026-6515

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions...

5.4CVSS5.5AI score0.00015EPSS

Exploits0References1

RedhatCVE•added 3 days ago•4 views

CVE-2026-22872

Capsule is a multi-tenancy and policy-based framework for Kubernetes. The Capsule Controller runs with cluster-admin privileges. Although the TenantResource RawItems processing logic forcibly sets the namespace, this is ineffective for cluster-scoped resources. Prior to version 0.13.0, tenant...

9.1CVSS5.5AI score0.00107EPSS

Exploits1References1

RedhatCVE•added 3 days ago•6 views

CVE-2026-5845

An improper authorization vulnerability in scoped user-to-server ghu token authorization in GitHub Enterprise Server allows an authenticated attacker to access private repositories outside the intended installation scope, which can include write operations, via an authorization fallback that...

9.6CVSS5.5AI score0.00025EPSS

Exploits0References1

RedhatCVE•added 4 days ago•7 views

CVE-2026-42998

A flaw was found in OpenStack Keystone. The application credential authentication plugin fails to verify if the user provided in an authentication request matches the owner of the application credential. This allows a remote attacker to authenticate with their own credentials while impersonating...

8.8CVSS5.8AI score0.00064EPSS

Exploits1References5

NVD•added last week•6 views

CVE-2026-22872

9.1CVSS0.00107EPSS

Exploits1References2

EUVD•added last week•6 views

EUVD-2026-33729

8.2CVSS5.8AI score0.00107EPSS

Exploits1References2

Cvelist•added last week•27 views

CVE-2026-22872 Capsule TenantResource RawItems Cluster-Scoped Resource Creation Vulnerability

8.2CVSS0.00107EPSS

Exploits1References2

CVE•added last week•12 views

CVE-2026-22872

CVE-2026-22872 affects Capsule, a Kubernetes multi-tenant framework. The Capsule Controller runs with cluster-admin privileges. The vulnerability lies in TenantResource RawItems processing: the code sets the namespace on deserialized objects, but this is ignored for cluster-scoped resources, allo...

9.1CVSS5.8AI score0.00107EPSS

Exploits1References2Affected Software1

Vulnrichment•added last week•6 views

CVE-2026-22872 Capsule TenantResource RawItems Cluster-Scoped Resource Creation Vulnerability

8.2CVSS5.8AI score0.00107EPSS

Exploits1References2

ATTACKERKB•added last week•6 views

CVE-2026-10533

A flaw was found in OpenShift Container Platform. Completed pods with restartPolicy: Never do not count toward ResourceQuota pod limits, and Kubernetes events are not quota-scoped. A non-privileged user who can create pods in a namespace can exploit this to generate a large volume of events that...

5CVSS5.8AI score0.00043EPSS

Exploits0References3

Tenable Nessus•added 2026/05/29 12:0 a.m.•14 views

Linux Distros Unpatched Vulnerability : CVE-2026-42998

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in...

8.8CVSS5.8AI score0.00064EPSS

Exploits1References3

OSV•added 2026/05/28 7:16 p.m.•4 views

UBUNTU-CVE-2026-42998

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in the authentication request matches the owner of the application credential. An attacker can authenticate with their own application...

8.8CVSS5.8AI score0.00064EPSS

Exploits1References4

Github Security Blog•added 2026/05/28 5:2 p.m.•5 views

Capsule TenantResource RawItems Cluster-Scoped Resource Creation Vulnerability

TenantResource RawItems Cluster-Scoped Resource Creation Vulnerability Summary The Capsule Controller runs with cluster-admin privileges. Although the TenantResource RawItems processing logic forcibly sets the namespace, this is ineffective for cluster-scoped resources. Tenant administrators can...

9.1CVSS6AI score0.00107EPSS

Exploits1References3Affected Software1

OSV•added 2026/05/28 5:2 p.m.•3 views

GHSA-QJJM-7J9W-PW72 Capsule TenantResource RawItems Cluster-Scoped Resource Creation Vulnerability

8.2CVSS6AI score0.00107EPSS

Exploits1References3

OSSF Malicious Packages•added 2026/05/28 12:0 a.m.•9 views

Malicious code in @mlspace/experiments-monitoring (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

5.8AI score

Exploits0References1

OSSF Malicious Packages•added 2026/05/28 12:0 a.m.•12 views

Malicious code in @cloudplatform-single-spa/enterprise (npm)

5.8AI score

Exploits0References2

OSSF Malicious Packages•added 2026/05/28 12:0 a.m.•10 views

Malicious code in @cloudplatform-single-spa/datagrid (npm)

5.8AI score

Exploits0References2

OSSF Malicious Packages•added 2026/05/28 12:0 a.m.•10 views

Malicious code in @cloudplatform-single-spa/ml-ai-agents-trigger (npm)