CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

74 matches found

CVE•added 2026/03/06 4:13 p.m.•5 views

CVE-2026-29064

Zarf (Airgap Native Packager Manager for Kubernetes) is affected by a path traversal vulnerability in archive extraction from versions 0.54.0 up to before 0.73.1. The issue arises because symlink targets are not validated against the destination directory, enabling a package to create symlinks th...

8.2CVSS5.8AI score0.00029EPSS

Exploits1References2Affected Software1

CNNVD•added 2026/03/06 12:0 a.m.•2 views

Zarf 路径遍历漏洞

Zarf is an open-source Kubernetes offline environment software delivery tool developed by zarf-dev. Versions of Zarf from 0.54.0 to 0.73.1 had a path traversal vulnerability. This vulnerability stemmed from issues with path traversal in archive extraction, which could lead to arbitrary file readi...

8.2CVSS7.4AI score0.00029EPSS

Exploits1References3

Positive Technologies•added 2026/03/06 12:0 a.m.•1 views

PT-2026-23725

Name of the Vulnerable Software and Affected Versions Zarf versions 0.54.0 through 0.73.0 Description Zarf, an Airgap Native Packager Manager for Kubernetes, contains a path traversal flaw in its archive extraction process. A specially designed Zarf package can create symbolic links that point to...

9.9CVSS6.1AI score0.07313EPSS

Exploits68References139

Chainguard•added 2026/02/28 7:17 p.m.•2 views

GHSA-9H8M-3FM2-QJRQ vulnerabilities

Vulnerabilities for packages: zot, jaeger-operator, skaffold, kyverno-fips, op-geth, spicedb-fips, docker-cli-buildx, keda-fips, harbor-fips, azuredisk-csi-fips, opencost-fips, kubescape-server-fips, syft, tekton-chains-fips, fulcio-fips, trillian, pulumi-kubernetes-operator,...

Wolfi•added 2025/08/19 1:48 p.m.•4 views

CVE-2025-8959 vulnerabilities

Vulnerabilities for packages: xeol, trivy-operator, grype, steampipe, k9s, opentofu, zot, tfsec, zarf, kots, terraform, kubescape, rancher-fleet, tflint, wolfictl, syft, conftest, snyk-cli, terragrunt, trivy...

7.5CVSS6AI score0.00051EPSS

Wolfi•added 2025/08/19 1:47 p.m.•4 views

GHSA-WJRX-6529-HCJ3 vulnerabilities

Vulnerabilities for packages: xeol, trivy-operator, grype, steampipe, k9s, opentofu, zot, tfsec, zarf, kots, terraform, kubescape, rancher-fleet, tflint, wolfictl, syft, conftest, snyk-cli, terragrunt, trivy...

Chainguard•added 2025/08/19 1:21 p.m.•5 views

CVE-2025-8959 vulnerabilities

Vulnerabilities for packages: zot, conftest-fips, grype, trivy-fips, tflint, rancher-fleet, terraform, chainctl, opentofu, grype-fips, opentofu-fips, rancher-fleet-fips, zarf, terraform-fips, conftest, cloudbeat-fips, cloudbeat, kots, trivy-operator, xeol-fips, terragrunt, snyk-cli, grype-db,...

7.5CVSS6AI score0.00051EPSS

Chainguard•added 2025/08/19 1:21 p.m.•3 views

GHSA-WJRX-6529-HCJ3 vulnerabilities

Vulnerabilities for packages: zot, conftest-fips, grype, trivy-fips, tflint, rancher-fleet, terraform, chainctl, opentofu, grype-fips, opentofu-fips, rancher-fleet-fips, zarf, terraform-fips, conftest, cloudbeat-fips, cloudbeat, kots, trivy-operator, xeol-fips, terragrunt, snyk-cli, grype-db,...

Wolfi•added 2025/03/20 4:43 a.m.•11 views

GHSA-265R-HFXG-FHMG vulnerabilities

Vulnerabilities for packages: docker-compose, xeol, cluster-api-helm-controller, neuvector-scanner, nerdctl, grype, melange, datadog-agent, k8sgpt, kargo, kaniko, linkerd2, fuse-overlayfs-snapshotter, zot, cilium-cli, eksctl, skaffold, chartmuseum, helm, k3s, spegel, zarf, osv-scanner, kots,...

OSV•added 2024/12/19 1:13 p.m.•4 views

MAL-2024-12066 Malicious code in zarf-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8697bcf4cd06bebdca6e5806069048fc48ce173a5deb372b5992e95df3e0103a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Exploits0References1

OSSF Malicious Packages•added 2024/12/19 1:13 p.m.•2 views

Malicious code in zarf-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8697bcf4cd06bebdca6e5806069048fc48ce173a5deb372b5992e95df3e0103a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Exploits0References1

Chainguard•added 2024/08/30 1:15 p.m.•7 views

CVE-2024-8260 vulnerabilities

Vulnerabilities for packages: spire-server, zot, conftest-fips, k8sgpt, kyverno, gatekeeper-fips, zarf, spire-server-fips, opa, conftest, kots, kyverno-fips, cosign, snyk-cli, datadog-agent-fips, kubescape, datadog-agent, policy-controller, cosign-fips, tfsec, policy-controller-fips, gatekeeper...

7.3CVSS6.9AI score0.00143EPSS

Wolfi•added 2024/08/30 1:15 p.m.•50 views

CVE-2024-8260 vulnerabilities

Vulnerabilities for packages: conftest, snyk-cli, zot, kubescape, policy-controller, tfsec, cosign, zarf, datadog-agent, opa, k8sgpt, kots, spire-server...

7.3CVSS6.9AI score0.00143EPSS

Chainguard•added 2024/06/25 6:31 p.m.•5 views

GHSA-XFHP-JF8P-MH5W vulnerabilities

Vulnerabilities for packages: zot, conftest-fips, grype, trivy-fips, tflint, terraform, opentofu, zarf, conftest, kots, terragrunt, snyk-cli, datadog-agent-fips, kubescape, k9s, datadog-agent, wolfictl, trivy, tfsec...

Wolfi•added 2024/06/25 6:31 p.m.•7 views

GHSA-XFHP-JF8P-MH5W vulnerabilities

Vulnerabilities for packages: conftest, terraform, snyk-cli, zot, kubescape, tfsec, terragrunt, grype, trivy, datadog-agent, tflint, zarf, kots, wolfictl, k9s...

Chainguard•added 2024/06/25 5:15 p.m.•10 views

CVE-2024-6257 vulnerabilities

Vulnerabilities for packages: zot, conftest-fips, grype, trivy-fips, tflint, terraform, opentofu, zarf, conftest, kots, terragrunt, snyk-cli, datadog-agent-fips, kubescape, k9s, datadog-agent, wolfictl, trivy, tfsec...

8.8CVSS7.1AI score0.00393EPSS

Wolfi•added 2024/06/11 5:16 p.m.•88 views

CVE-2024-35255 vulnerabilities

Vulnerabilities for packages: druid, falcoctl, flux-kustomize-controller, sops, trino, bank-vaults, flyte, cosign, hugo-extended, opentelemetry-collector, datadog-agent, grafana-mimir, k8sgpt, external-secrets-operator, grafana-agent-operator, flux-image-reflector-controller, step-ca, rook, corte...

5.5CVSS6.4AI score0.00221EPSS

Wolfi•added 2024/04/11 5:15 p.m.•306 views

GHSA-95PR-FXF5-86GV vulnerabilities

Vulnerabilities for packages: apko, falcoctl, slsa-verifier, vexctl, ko, melange, zot, goreleaser, skaffold, zarf, neuvector-sigstore-interface, tkn, flux-source-controller, gitsign, tekton-chains, aactl, kubescape, wolfictl, falco, policy-controller, spire-server...

Chainguard•added 2024/04/11 5:15 p.m.•11 views

GHSA-95PR-FXF5-86GV vulnerabilities

Vulnerabilities for packages: spire-server, zot, ko-fips, tkn-fips, skaffold, slsa-verifier, tekton-chains, tkn, ko, apko, flux-source-controller, chainctl, zarf, falcoctl-fips, spire-server-fips, falcoctl, neuvector-sigstore-interface, aactl, falco, melange, vexctl, kubescape, wolfictl, gitsign,...

Wolfi•added 2024/04/11 5:5 p.m.•32 views

GHSA-88JX-383Q-W4QC vulnerabilities

Vulnerabilities for packages: apko, falcoctl, slsa-verifier, vexctl, ko, melange, zot, goreleaser, skaffold, zarf, neuvector-sigstore-interface, tkn, flux-source-controller, gitsign, tekton-chains, aactl, kubescape, wolfictl, falco, policy-controller, spire-server...

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by