CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

39 matches found

GHSA-JJRM-HR5F-673X Source controller: Improper path handling allows traversal

Impact An actor with the ability to influence the contents of a bucket referenced by a Bucket resource can cause source-controller to write fetched object data to paths outside the per-reconciliation working directory. The corruption surface is bounded by source-controller's own and downstream Fl...

5.3CVSS5.6AI score

Exploits0References4

Snyk•added 2026/04/16 9:38 p.m.•4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the jwksUri field of the RequestAuthentication resource. An attacker can access internal network resources by specifying a URL pointing to an internal service, causing the system to make unauthenticat...

7.7CVSS5.8AI score0.00027EPSS

Exploits0References2

Snyk•added 2026/04/16 9:38 p.m.•4 views

Server-side Request Forgery (SSRF)

7.7CVSS5.8AI score0.00027EPSS

Exploits0References2

Snyk•added 2026/04/16 9:38 p.m.•2 views

Server-side Request Forgery (SSRF)

7.7CVSS5.8AI score0.00027EPSS

Exploits0References2

SUSE CVE•added 2026/02/07 12:24 a.m.•8 views

SUSE CVE-2026-24514

A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, which may result in the ingress-nginx...

6.5CVSS5.4AI score0.0004EPSS

Exploits1References3

RedhatCVE•added 2026/02/05 1:22 a.m.•6 views

CVE-2026-24514

6.5CVSS5.4AI score0.0004EPSS

Exploits1References1

Github Security Blog•added 2026/02/04 12:30 a.m.•7 views

ingress-nginx vulnerable to Allocation of Resources Without Limits or Throttling

6.5CVSS5.5AI score0.0004EPSS

Exploits1References3Affected Software1

OSV•added 2026/02/03 11:16 p.m.•2 views

CVE-2026-24514

6.5CVSS5.8AI score0.0004EPSS

Exploits1References1

NVD•added 2026/02/03 11:16 p.m.•5 views

CVE-2026-24514

6.5CVSS0.0004EPSS

Exploits1References1

Snyk•added 2026/02/03 10:55 p.m.•6 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the validating admission controller feature. An attacker can exhaust system memory resources by sending large requests, potentially causing the controller pod to be terminated or...

7.1CVSS5.5AI score0.0004EPSS

Exploits1References2

Cvelist•added 2026/02/03 10:17 p.m.•33 views

CVE-2026-24514 ingress-nginx Admission Controller denial of service

6.5CVSS0.0004EPSS

Exploits1References1

ATTACKERKB•added 2026/02/03 10:17 p.m.•8 views

CVE-2026-24514

6.5CVSS5.4AI score0.0004EPSS

Exploits1References2

Github Security Blog•added 2025/11/06 11:35 p.m.•7 views

KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes

Summary The permissions granted to the virt-handler service account, such as the ability to update VMI and patch nodes, could be abused to force a VMI migration to an attacker-controlled node. Details Following the GitHub security advisory published on March 23 2023, a ValidatingAdmissionPolicy w...

6.9CVSS5.5AI score0.00104EPSS

Exploits1References3Affected Software1

Snyk•added 2025/03/24 11:43 p.m.•4 views

Improper Isolation or Compartmentalization

Overview Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization in the Validating Admission Controller feature. An attacker with access to the pod network can execute code, which allows them to access stored secrets. By default, the controller can access al...

9.8CVSS7.4AI score0.91918EPSS

Exploits20References2

Snyk•added 2025/03/24 11:43 p.m.•4 views

Improper Isolation or Compartmentalization

9.8CVSS7.4AI score0.91918EPSS

Exploits20References2

Snyk•added 2025/03/24 11:43 p.m.•4 views

Improper Isolation or Compartmentalization

9.8CVSS7.4AI score0.91918EPSS

Exploits20References2

OSV•added 2024/03/06 10:55 a.m.•13 views

BIT-KUSTOMIZE-2022-24817 Improper kubeconfig validation allows arbitrary code execution

Flux2 is an open and extensible continuous delivery solution for Kubernetes. Flux2 versions between 0.1.0 and 0.29.0, helm-controller 0.1.0 to v0.19.0, and kustomize-controller 0.1.0 to v0.23.0 are vulnerable to Code Injection via malicious Kubeconfig. In multi-tenancy deployments this can also...

9.9CVSS9.6AI score0.00378EPSS

Exploits0References2

SUSE CVE•added 2023/02/15 3:44 a.m.•1 views

SUSE CVE-2021-25735

A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the No...

6.5CVSS7.3AI score0.16302EPSS

Exploits1References3

OSV•added 2022/05/16 6:13 p.m.•19 views

GHSA-VVMQ-FWMG-2GJC Improper kubeconfig validation allows arbitrary code execution

Flux2 can reconcile the state of a remote cluster when provided with a kubeconfig with the correct access rights. Kubeconfig files can define commands to be executed to generate on-demand authentication tokens. A malicious user with write access to a Flux source or direct access to the target...

9.9CVSS10AI score0.00378EPSS

Exploits0References3

Cvelist•added 2022/05/06 12:0 a.m.•12 views

CVE-2022-24817 Improper kubeconfig validation allows arbitrary code execution

9.9CVSS9.9AI score0.00378EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by