29 matches found
GHSA-8XWF-RJM4-XVHV vulnerabilities
Vulnerabilities for packages: ratify, argocd-image-updater, kots, kubescape, kube-mgmt, maru, envoy-gateway-fips, helm-push, trivy-operator-fips, steampipe, chaos-mesh, gogatekeeper, crossplane, oras, manifest-tool, chartmuseum-fips, linkerd2, ocm-kubernetes-controller-fips, xeol-fips, jfrog-cli,...
CVE-2026-48978 vulnerabilities
Vulnerabilities for packages: ratify, argocd-image-updater, kots, kubescape, kube-mgmt, maru, envoy-gateway-fips, helm-push, trivy-operator-fips, steampipe, chaos-mesh, gogatekeeper, crossplane, oras, manifest-tool, chartmuseum-fips, linkerd2, ocm-kubernetes-controller-fips, xeol-fips, jfrog-cli,...
GHSA-XF85-363P-868W vulnerabilities
Vulnerabilities for packages: ratify, argocd-image-updater, kots, kubescape, kube-mgmt, maru, envoy-gateway-fips, helm-push, trivy-operator-fips, steampipe, chaos-mesh, gogatekeeper, crossplane, oras, manifest-tool, chartmuseum-fips, linkerd2, ocm-kubernetes-controller-fips, xeol-fips, jfrog-cli,...
CVE-2026-50162 vulnerabilities
Vulnerabilities for packages: ratify, argocd-image-updater, kots, kubescape, kube-mgmt, maru, envoy-gateway-fips, helm-push, trivy-operator-fips, steampipe, chaos-mesh, gogatekeeper, crossplane, oras, manifest-tool, chartmuseum-fips, linkerd2, ocm-kubernetes-controller-fips, xeol-fips, jfrog-cli,...
GHSA-VH4V-2XQ2-G5CG vulnerabilities
Vulnerabilities for packages: ratify, argocd-image-updater, kots, kubescape, kube-mgmt, maru, envoy-gateway-fips, helm-push, trivy-operator-fips, steampipe, chaos-mesh, gogatekeeper, crossplane, oras, manifest-tool, chartmuseum-fips, linkerd2, ocm-kubernetes-controller-fips, xeol-fips, jfrog-cli,...
GHSA-JXPM-75MH-9FP7 vulnerabilities
Vulnerabilities for packages: ratify, argocd-image-updater, kots, kubescape, kube-mgmt, maru, envoy-gateway-fips, helm-push, trivy-operator-fips, steampipe, chaos-mesh, gogatekeeper, crossplane, oras, manifest-tool, chartmuseum-fips, linkerd2, ocm-kubernetes-controller-fips, xeol-fips, jfrog-cli,...
CVE-2026-50151 vulnerabilities
Vulnerabilities for packages: ratify, argocd-image-updater, kots, kubescape, kube-mgmt, maru, envoy-gateway-fips, helm-push, trivy-operator-fips, steampipe, chaos-mesh, gogatekeeper, crossplane, oras, manifest-tool, chartmuseum-fips, linkerd2, ocm-kubernetes-controller-fips, xeol-fips, jfrog-cli,...
CVE-2026-2303 vulnerabilities
Vulnerabilities for packages: ratify, prometheus-mongodb-exporter-fips, tekton-chains, kubescape, bento-fips, prometheus-mongodb-exporter, tetragon, kubeflow-pipelines, tekton-chains-fips, trufflehog-fips, packer-fips, amazon-cloudwatch-agent, trident, percona-backup-mongodb-fips,...
GHSA-CP6G-7HQX-QXHP vulnerabilities
Vulnerabilities for packages: ratify, prometheus-mongodb-exporter-fips, tekton-chains, kubescape, bento-fips, prometheus-mongodb-exporter, tetragon, kubeflow-pipelines, tekton-chains-fips, trufflehog-fips, packer-fips, amazon-cloudwatch-agent, trident, percona-backup-mongodb-fips,...
CVE-2026-42457
vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0, there is a Stored XSS attack vulnerability via the name field of a templateRef. This can lead to the execution of arbitrary external...
CVE-2026-42457 vCluster Platform: Stored XSS can lead to privilege escalation
vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0, there is a Stored XSS attack vulnerability via the name field of a templateRef. This can lead to the execution of arbitrary external...
CVE-2026-42457
vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0, there is a Stored XSS attack vulnerability via the name field of a templateRef. This can lead to the execution of arbitrary external...
CVE-2026-42457
Affected software: vCluster Platform. Component/issue: Stored XSS via the name field of a templateRef (root cause: stored XSS in templateRef name). Impact: could lead to arbitrary script execution in the platform’s browser context and, in the worst case, privilege escalation by creating a new Glo...
PT-2026-40945
vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0, there is a Stored XSS attack vulnerability via the name field of a templateRef. This can lead to the execution of arbitrary external...
vCluster Platform 跨站脚本漏洞
vCluster Platform is an open-source virtual cluster manager developed by vCluster. Versions prior to vCluster Platform 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from a storage-type cross-site scripting in the name field of the...
CVE-2026-35469 vulnerabilities
Vulnerabilities for packages: envoy-gateway, kubescape, kube-arangodb, rancher-fleet, teleport, velero, kots, kubevela, linkerd2, cri-tools, kubeflow-pipelines, docker-cli-buildx, falcoctl, datadog-agent, argocd-image-updater, headlamp, kubernetes-dashboard-api, istio, cert-manager-istio-csr,...
GHSA-PC3F-X583-G7J2 vulnerabilities
Vulnerabilities for packages: envoy-gateway, kubescape, kube-arangodb, rancher-fleet, teleport, velero, kots, kubevela, linkerd2, cri-tools, kubeflow-pipelines, docker-cli-buildx, falcoctl, datadog-agent, argocd-image-updater, headlamp, kubernetes-dashboard-api, istio, cert-manager-istio-csr,...
CVE-2026-34986 vulnerabilities
Vulnerabilities for packages: kaniko, rekor, gitlab-kas-fips, percona-server-mongodb-operator, tkn, envoy-gateway-fips, kubeflow-pipelines, oauth2-proxy, commercial-chainloop-cli, packer-fips, spire-controller-manager, commercial-grafana, gcsfuse, crossplane, seaweedfs-operator-fips,...
CVE-2026-32285 vulnerabilities
Vulnerabilities for packages: lazygit, teleport, kubevela, witness, cri-tools, opentelemetry-collector, datadog-agent, prometheus, terraform-mcp-server, nuclei, redpanda, dagger, eksctl, grafana-alloy, grafana, tempo, malcontent, gitlab-runner, dgraph, k8sgpt, loki, terragrunt, weaviate, nfpm,...
CVE-2026-22806
vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to versions 4.6.0, 4.5.4, 4.4.2, and 4.3.10, when an access key is created with a limited scope, the scope can be bypassed to access resources outside of it. However, the user...