CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Chainguard•added 2025/03/21 4:12 p.m.•12 views

GHSA-CWPG-QGC6-JXVQ vulnerabilities

Vulnerabilities for packages: newrelic-fluent-bit-output, argo-workflows...

Cvelist•added 2025/03/20 10:9 a.m.•9 views

CVE-2024-9096 Improper Authorization in lunary-ai/lunary

In lunary-ai/lunary version 1.4.28, the /checklists/:id route allows low-privilege users to modify checklists by sending a PATCH request. The route lacks proper access control, such as middleware to ensure that only authorized users e.g., project owners or admins can modify checklist data. This...

7.6CVSS0.00447EPSS

Exploits1References2

Wolfi•added 2025/03/20 4:43 a.m.•27 views

CVE-2025-29786 vulnerabilities

Vulnerabilities for packages: nats, opentelemetry-collector, tempo, opentelemetry-collector-contrib, argo-cd, argo-rollouts, k8sgpt, grafana-alloy, amazon-cloudwatch-agent, kargo, splunk-otel-collector, kubeflow-pipelines, coredns, argo-workflows...

7.5CVSS7.1AI score0.00582EPSS

Wolfi•added 2025/03/20 4:43 a.m.•7 views

GHSA-93MQ-9FFX-83M2 vulnerabilities

Chainguard•added 2025/03/18 10:12 p.m.•16 views

GHSA-93MQ-9FFX-83M2 vulnerabilities

Vulnerabilities for packages: tempo-fips, opentelemetry-collector-fips, grafana-alloy-fips, elastic-agent-fips, kubeflow-pipelines, argo-cd, eks-distro, opentelemetry-collector-contrib-fips, argo-rollouts-fips, keda-fips, k8sgpt, opentelemetry-collector-contrib, keda, coredns-fips, nats,...

Qualys Blog•added 2025/02/24 6:0 p.m.•4 views

From Vulnerability Scanning to Risk Management: The Complete VMDR Advantage

What if your vulnerability management tool did more than just scan and instead helped you take control of cyber risks across your business? CISA defines “vulnerability management” as the process by which organizations identify, analyze, and manage vulnerabilities in a critical service’s operating...

7.1AI score

Chainguard•added 2025/02/10 5:48 p.m.•50 views

GHSA-67MH-4WV8-2F99 vulnerabilities

Vulnerabilities for packages: vitess, vite, argo-workflows...

Wolfi•added 2025/02/10 5:48 p.m.•4 views

GHSA-67MH-4WV8-2F99 vulnerabilities

Vulnerabilities for packages: vitess, vite, argo-workflows...

RedhatCVE•added 2025/02/05 11:55 p.m.•7 views

CVE-2022-29164

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions an attacker can create a workflow which produces a HTML artifact containing an HTML file that contains a script which uses XHR calls to interact with the Argo Serv...

7.1CVSS6AI score0.00842EPSS

RedhatCVE•added 2025/02/05 7:39 p.m.•5 views

CVE-2022-39395

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. In Vela Server and Vela Worker prior to version 0.16.0 and Vela UI prior to version 0.17.0, some default configurations for Vela allow exploitation and container breakouts. Users should upgrade to...

9.9CVSS6.5AI score0.01067EPSS

RedhatCVE•added 2025/02/05 7:38 p.m.•7 views

CVE-2022-39326

kartverket/github-workflows are shared reusable workflows for GitHub Actions. Prior to version 2.7.5, all users of the run-terraform reusable workflow from the kartverket/github-workflows repo are affected by a code injection vulnerability. A malicious actor could potentially send a PR with a...

8.8CVSS7.2AI score0.01201EPSS

RedhatCVE•added 2025/02/05 3:47 a.m.•9 views

CVE-2024-27920

projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing cust...

7.4CVSS7.5AI score0.00411EPSS

Spring Security Advisories•added 2025/01/21 12:0 a.m.•7 views

Building Effective Agents with Spring AI (Part 1)

In a recent research publication: Building effective agents, Anthropic shared valuable insights about building effective Large Language Model LLM agents. What makes this research particularly interesting is its emphasis on simplicity and composability over complex frameworks. Let's explore how...

7.5AI score

Wolfi•added 2025/01/09 9:15 a.m.•4 views

GHSA-CWPG-QGC6-JXVQ vulnerabilities

Vulnerabilities for packages: newrelic-fluent-bit-output, argo-workflows...

Chainguard•added 2025/01/06 5:15 p.m.•12 views

CVE-2025-21614 vulnerabilities

Vulnerabilities for packages: src-fingerprint-fips, trivy-fips, kyverno, apko, melange, trivy, dagger, datadog-agent, gitea-fips, goreleaser, grafana-alloy-fips, nuclei, datadog-agent-fips, tfsec, flux-image-automation-controller-fips, zot, tekton-pipelines, nemo, go-licenses, scorecard, pulumi,...

7.5CVSS6.6AI score0.00696EPSS

Veracode•added 2024/12/17 11:33 a.m.•8 views

Sensitive Information Exposure

github.com/argoproj/argo-workflows/v3 is vulnerable to a Sensitive Information Exposure. The vulnerability is due to the absence of proper authentication checks in the GET Workflow endpoint when retrieving Archived Workflows. Specifically, when using --auth-mode=client, fake or spoofed tokens can...

7.5CVSS6.4AI score0.00638EPSS

Exploits1References4Affected Software1

SUSE CVE•added 2024/12/12 6:58 a.m.•2 views

SUSE CVE-2024-53862

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using --auth-mode=client, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: /api/v1/workflows/namespace/name or when using...

7.5CVSS7.1AI score0.00638EPSS

Exploits1References3

Chainguard•added 2024/12/05 10:40 p.m.•11 views

GHSA-RHX6-C78J-4Q9W vulnerabilities

Vulnerabilities for packages: grafana-image-renderer, sqlpad, kubeflow-centraldashboard, tileserver-gl, kubeflow-pipelines, thingsboard, argo-workflows, tileserver-gl-fips...