Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

72 matches found

NVD
NVDadded 2026/05/07 6:16 a.m.7 views

CVE-2026-41413

Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request to that URL without filtering out localhos...

7.7CVSS0.00027EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/07 4:18 a.m.5 views

EUVD-2026-28315

Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request to that URL without filtering out localhos...

5CVSS5.7AI score0.00027EPSS
Exploits0References3
CNNVD
CNNVDadded 2026/05/07 12:0 a.m.4 views

Istio 代码问题漏洞

Istio is an open-source platform that connects, manages, and protects microservices. Versions of Istio prior to 1.28.6 and 1.29.2 have code vulnerabilities. These vulnerabilities arise when creating a RequestAuthentication resource that points to an internal service’s jwksUri, and Istio does not...

7.7CVSS5.9AI score0.00027EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/04/23 6:44 p.m.1 views

CVE-2026-41246 Contour: Lua code injection via Cookie Path Rewrite Policy

Contour is a Kubernetes ingress controller using Envoy proxy. From v1.19.0 to before v1.33.4, v1.32.5, and v1.31.6, Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker with RBAC permissions to create or modify HTTPProxy resources can craft a malicious value in...

8.1CVSS6.3AI score0.00071EPSS
Exploits0References4
Snyk
Snykadded 2026/04/16 9:38 p.m.1 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the jwksUri field of the RequestAuthentication resource. An attacker can access internal network resources by specifying a URL pointing to an internal service, causing the system to make unauthenticat...

7.7CVSS5.8AI score0.00027EPSS
Exploits0References2
Snyk
Snykadded 2026/03/11 12:37 a.m.1 views

Use of Hard-coded Credentials

Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials in the JWKS resolver, which can be exposed if a fetch operation fails. An attacker can obtain private keys by forcing such a failure. Note: The keys are exposed even if RequestAuthentication is in use...

8.7CVSS5.8AI score0.00072EPSS
Exploits0References2
Snyk
Snykadded 2026/03/11 12:37 a.m.0 views

Use of Hard-coded Credentials

Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials in the JWKS resolver, which can be exposed if a fetch operation fails. An attacker can obtain private keys by forcing such a failure. Note: The keys are exposed even if RequestAuthentication is in use...

8.7CVSS5.8AI score0.00072EPSS
Exploits0References2
Snyk
Snykadded 2026/03/11 12:37 a.m.0 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in AuthorizeDebugRequest function, which handles requests to the HTTP debug endpoints on port 15014. An attacker can gain unauthorized access to protected services by sending requests with multiple header values...

6.9CVSS5.8AI score0.00037EPSS
Exploits0References2
OSV
OSVadded 2025/11/17 7:11 p.m.3 views

GO-2025-4094 kgateway is missing xDS authorization in github.com/kgateway-dev/kgateway

kgateway is missing xDS authorization in github.com/kgateway-dev/kgateway...

5.3CVSS6.8AI score0.00018EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2025/11/08 7:41 a.m.2 views

CVE-2025-64323

kgateway is a Cloud-Native API and AI Gateway. Versions 2.0.4 and below and 2.1.0-agw-cel-rbac through 2.1.0-rc.2 lack authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive configuration data including certificate data, backend...

5.3CVSS6.8AI score0.00018EPSS
Exploits0References1
NVD
NVDadded 2025/11/07 4:15 a.m.3 views

CVE-2025-64323

kgateway is a Cloud-Native API and AI Gateway. Versions 2.0.4 and below and 2.1.0-agw-cel-rbac through 2.1.0-rc.2 lack authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive configuration data including certificate data, backend...

5.3CVSS0.00018EPSS
Exploits0References4
CVE
CVEadded 2025/11/07 3:18 a.m.6 views

CVE-2025-64323

kgateway’s xDS interface lacks authentication in affected versions (2.0.4 and earlier, and 2.1.0-agw-cel-rbac through 2.1.0-rc.2). An unauthenticated client with unrestricted network access can retrieve sensitive configuration data from the xDS port (certificate data, backend service information,...

5.3CVSS6.3AI score0.00018EPSS
Exploits0References4
Cvelist
Cvelistadded 2025/11/07 3:18 a.m.4 views

CVE-2025-64323 kgateway is missing xDS authorization

kgateway is a Cloud-Native API and AI Gateway. Versions 2.0.4 and below and 2.1.0-agw-cel-rbac through 2.1.0-rc.2 lack authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive configuration data including certificate data, backend...

5.3CVSS0.00018EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2025/11/07 3:18 a.m.0 views

CVE-2025-64323 kgateway is missing xDS authorization

kgateway is a Cloud-Native API and AI Gateway. Versions 2.0.4 and below and 2.1.0-agw-cel-rbac through 2.1.0-rc.2 lack authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive configuration data including certificate data, backend...

5.3CVSS6.4AI score0.00018EPSS
Exploits0References4
Snyk
Snykadded 2025/11/04 6:39 p.m.2 views

Missing Authentication

Overview Affected versions of this package are vulnerable to Missing Authentication in the xDS interface. An attacker can access sensitive configuration data, including certificate information, backend service details, routing rules, and cluster metadata, by connecting to the exposed port without...

6CVSS6.5AI score0.00018EPSS
Exploits0References2
Snyk
Snykadded 2025/11/04 6:39 p.m.0 views

Missing Authentication

Overview Affected versions of this package are vulnerable to Missing Authentication in the xDS interface. An attacker can access sensitive configuration data, including certificate information, backend service details, routing rules, and cluster metadata, by connecting to the exposed port without...

6CVSS6.5AI score0.00018EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2009-4360

Malware in sbrugna...

7.5CVSS6.4AI score0.00366EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2023-58754

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00032EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2023-58753

Malicious code in bioql PyPI...

7.2CVSS6.6AI score0.0015EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2025-6108

Malicious code in bioql PyPI...

7.6CVSS6.6AI score0.00059EPSS
Exploits0References2
Rows per page
Query Builder