CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

201 matches found

The Hacker News•added 3 days ago•17 views

China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & Taiwan

A new cyber espionage campaign codenamed Operation Dragon Weave has been observed targeting officials and citizens in the Czech Republic and Taiwan to deliver an AdaptixC2 agent. According to Seqrite Labs, targets of the campaign include government, research, academic, technology, and financial...

6.1AI score

Exploits0

Nuclei•added 2026/05/28 5:39 a.m.•19 views

W&B Weave Server - Remote Arbitrary File Leak

The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin. id:...

8.8CVSS7.6AI score0.87694EPSS

Exploits0References3

Snyk•added 2026/03/03 2:50 p.m.•1 views

Missing Encryption of Sensitive Data

Overview github.com/rancher/rancher/pkg/controllers/management/node is a complete container management platform Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data in the cluster creation using RKE templates with Weave CNI, where the WEAVEPASSWORD is not set,...

7.6CVSS5.8AI score0.00082EPSS

Exploits1References2

Github Security Blog•added 2026/03/03 2:50 p.m.•8 views

Rancher's weave CNI password is not configured when a cluster is created from an RKE template

Impact This vulnerability only affects customers using Weave CNI Container Network Interface when configured through RKE templates. A flaw was discovered in Rancher versions from 2.5.0 up to and including 2.5.13 and from 2.6.0 up to and including 2.6.4, where a UI user interface issue with RKE...

6.8CVSS6.7AI score0.00082EPSS

Exploits1References4Affected Software1

OSV•added 2026/03/03 2:50 p.m.•1 views

GHSA-VRPH-M5JJ-C46C Rancher's weave CNI password is not configured when a cluster is created from an RKE template

6.8CVSS5.9AI score0.00082EPSS

Exploits1References4

RedhatCVE•added 2026/01/09 10:57 a.m.•1 views

CVE-2022-38790

Weave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting XSS bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim's permission. The exposure appears in Weave GitOps Enterprise UI via a GitopsCluste...

5.4CVSS5.2AI score0.00322EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 8:44 a.m.•2 views

CVE-2022-23509

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. The communication between GitOps...

7.3CVSS6.6AI score0.00033EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:42 a.m.•5 views

CVE-2022-31098

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive cluster configurations, aka KubeConfg, of...

9CVSS6.5AI score0.00399EPSS

Exploits0References1