Lucene search
K

29 matches found

Chainguard
Chainguard
added 2026/07/02 2:16 p.m.13 views

GHSA-8XWF-RJM4-XVHV vulnerabilities

Vulnerabilities for packages: ratify, argocd-image-updater, kots, kubescape, kube-mgmt, maru, envoy-gateway-fips, helm-push, trivy-operator-fips, steampipe, chaos-mesh, gogatekeeper, crossplane, oras, manifest-tool, chartmuseum-fips, linkerd2, ocm-kubernetes-controller-fips, xeol-fips, jfrog-cli,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/07/02 2:16 p.m.10 views

CVE-2026-48978 vulnerabilities

Vulnerabilities for packages: ratify, argocd-image-updater, kots, kubescape, kube-mgmt, maru, envoy-gateway-fips, helm-push, trivy-operator-fips, steampipe, chaos-mesh, gogatekeeper, crossplane, oras, manifest-tool, chartmuseum-fips, linkerd2, ocm-kubernetes-controller-fips, xeol-fips, jfrog-cli,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/07/02 2:16 p.m.12 views

GHSA-XF85-363P-868W vulnerabilities

Vulnerabilities for packages: ratify, argocd-image-updater, kots, kubescape, kube-mgmt, maru, envoy-gateway-fips, helm-push, trivy-operator-fips, steampipe, chaos-mesh, gogatekeeper, crossplane, oras, manifest-tool, chartmuseum-fips, linkerd2, ocm-kubernetes-controller-fips, xeol-fips, jfrog-cli,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/07/02 2:16 p.m.10 views

CVE-2026-50162 vulnerabilities

Vulnerabilities for packages: ratify, argocd-image-updater, kots, kubescape, kube-mgmt, maru, envoy-gateway-fips, helm-push, trivy-operator-fips, steampipe, chaos-mesh, gogatekeeper, crossplane, oras, manifest-tool, chartmuseum-fips, linkerd2, ocm-kubernetes-controller-fips, xeol-fips, jfrog-cli,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/07/02 2:16 p.m.11 views

GHSA-VH4V-2XQ2-G5CG vulnerabilities

Vulnerabilities for packages: ratify, argocd-image-updater, kots, kubescape, kube-mgmt, maru, envoy-gateway-fips, helm-push, trivy-operator-fips, steampipe, chaos-mesh, gogatekeeper, crossplane, oras, manifest-tool, chartmuseum-fips, linkerd2, ocm-kubernetes-controller-fips, xeol-fips, jfrog-cli,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/07/02 2:16 p.m.16 views

GHSA-JXPM-75MH-9FP7 vulnerabilities

Vulnerabilities for packages: ratify, argocd-image-updater, kots, kubescape, kube-mgmt, maru, envoy-gateway-fips, helm-push, trivy-operator-fips, steampipe, chaos-mesh, gogatekeeper, crossplane, oras, manifest-tool, chartmuseum-fips, linkerd2, ocm-kubernetes-controller-fips, xeol-fips, jfrog-cli,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/07/02 2:16 p.m.8 views

CVE-2026-50151 vulnerabilities

Vulnerabilities for packages: ratify, argocd-image-updater, kots, kubescape, kube-mgmt, maru, envoy-gateway-fips, helm-push, trivy-operator-fips, steampipe, chaos-mesh, gogatekeeper, crossplane, oras, manifest-tool, chartmuseum-fips, linkerd2, ocm-kubernetes-controller-fips, xeol-fips, jfrog-cli,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/19 2:17 a.m.14 views

CVE-2026-2303 vulnerabilities

Vulnerabilities for packages: ratify, prometheus-mongodb-exporter-fips, tekton-chains, kubescape, bento-fips, prometheus-mongodb-exporter, tetragon, kubeflow-pipelines, tekton-chains-fips, trufflehog-fips, packer-fips, amazon-cloudwatch-agent, trident, percona-backup-mongodb-fips,...

6.9CVSS6.6AI score0.00223EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/19 2:17 a.m.10 views

GHSA-CP6G-7HQX-QXHP vulnerabilities

Vulnerabilities for packages: ratify, prometheus-mongodb-exporter-fips, tekton-chains, kubescape, bento-fips, prometheus-mongodb-exporter, tetragon, kubeflow-pipelines, tekton-chains-fips, trufflehog-fips, packer-fips, amazon-cloudwatch-agent, trident, percona-backup-mongodb-fips,...

6.1AI score
Exploits0
NVD
NVD
added 2026/05/14 3:16 p.m.28 views

CVE-2026-42457

vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0, there is a Stored XSS attack vulnerability via the name field of a templateRef. This can lead to the execution of arbitrary external...

9CVSS0.00312EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 2:48 p.m.50 views

CVE-2026-42457 vCluster Platform: Stored XSS can lead to privilege escalation

vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0, there is a Stored XSS attack vulnerability via the name field of a templateRef. This can lead to the execution of arbitrary external...

9CVSS0.00312EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 2:48 p.m.6 views

CVE-2026-42457

vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0, there is a Stored XSS attack vulnerability via the name field of a templateRef. This can lead to the execution of arbitrary external...

9CVSS6AI score0.00312EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/14 2:48 p.m.43 views

CVE-2026-42457

Affected software: vCluster Platform. Component/issue: Stored XSS via the name field of a templateRef (root cause: stored XSS in templateRef name). Impact: could lead to arbitrary script execution in the platform’s browser context and, in the worst case, privilege escalation by creating a new Glo...

9CVSS6AI score0.00312EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.15 views

PT-2026-40945

vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0, there is a Stored XSS attack vulnerability via the name field of a templateRef. This can lead to the execution of arbitrary external...

9CVSS6AI score0.00312EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

vCluster Platform 跨站脚本漏洞

vCluster Platform is an open-source virtual cluster manager developed by vCluster. Versions prior to vCluster Platform 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from a storage-type cross-site scripting in the name field of the...

9CVSS5.8AI score0.00312EPSS
Exploits0References1
Wolfi
Wolfi
added 2026/04/17 8:0 p.m.8 views

CVE-2026-35469 vulnerabilities

Vulnerabilities for packages: envoy-gateway, kubescape, kube-arangodb, rancher-fleet, teleport, velero, kots, kubevela, linkerd2, cri-tools, kubeflow-pipelines, docker-cli-buildx, falcoctl, datadog-agent, argocd-image-updater, headlamp, kubernetes-dashboard-api, istio, cert-manager-istio-csr,...

8.7CVSS6.1AI score0.00656EPSS
Exploits0
Wolfi
Wolfi
added 2026/04/17 8:0 p.m.10 views

GHSA-PC3F-X583-G7J2 vulnerabilities

Vulnerabilities for packages: envoy-gateway, kubescape, kube-arangodb, rancher-fleet, teleport, velero, kots, kubevela, linkerd2, cri-tools, kubeflow-pipelines, docker-cli-buildx, falcoctl, datadog-agent, argocd-image-updater, headlamp, kubernetes-dashboard-api, istio, cert-manager-istio-csr,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/04/03 7:17 p.m.10 views

CVE-2026-34986 vulnerabilities

Vulnerabilities for packages: kaniko, rekor, gitlab-kas-fips, percona-server-mongodb-operator, tkn, envoy-gateway-fips, kubeflow-pipelines, oauth2-proxy, commercial-chainloop-cli, packer-fips, spire-controller-manager, commercial-grafana, gcsfuse, crossplane, seaweedfs-operator-fips,...

7.5CVSS6.7AI score0.00651EPSS
Exploits0
Wolfi
Wolfi
added 2026/03/31 1:48 p.m.16 views

CVE-2026-32285 vulnerabilities

Vulnerabilities for packages: lazygit, teleport, kubevela, witness, cri-tools, opentelemetry-collector, datadog-agent, prometheus, terraform-mcp-server, nuclei, redpanda, dagger, eksctl, grafana-alloy, grafana, tempo, malcontent, gitlab-runner, dgraph, k8sgpt, loki, terragrunt, weaviate, nfpm,...

7.5CVSS6.7AI score0.0075EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/01/30 9:23 p.m.5 views

CVE-2026-22806

vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to versions 4.6.0, 4.5.4, 4.4.2, and 4.3.10, when an access key is created with a limited scope, the scope can be bypassed to access resources outside of it. However, the user...

9.1CVSS5.9AI score0.00444EPSS
Exploits0References1
Rows per page
Query Builder