Skip to main content

Kubernetes

603 CVEs product

Monthly

CVE-2025-46342 Go HIGH POC PATCH This Week

Kyverno is a policy engine designed for cloud native platform engineering teams. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

Kubernetes Authentication Bypass Kyverno Suse
NVD GitHub
CVSS 3.1
8.5
EPSS
0.3%
CVE-2025-46599 Go MEDIUM PATCH This Month

CNCF K3s 1.32 before 1.32.4-rc1+k3s1 has a Kubernetes kubelet configuration change with the unintended consequence that, in some situations, ReadOnlyPort is set to 10255. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Kubernetes Suse
NVD GitHub
CVSS 3.1
6.8
EPSS
0.4%
CVE-2025-32963 Go MEDIUM PATCH This Month

MinIO Operator STS is a native IAM Authentication for Kubernetes. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kubernetes Suse
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-22021 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: netfilter: socket: Lookup orig tuple for IPv6 SNAT nf_sk_lookup_slow_v4 does the conntrack lookup for IPv4 packets to restore the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Kubernetes Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-32445 Go CRITICAL PATCH Act Now

Argo Events is an event-driven workflow automation framework for Kubernetes. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Privilege Escalation Red Hat Suse
NVD GitHub
CVSS 3.1
9.9
EPSS
0.4%
CVE-2025-32387 Go MEDIUM PATCH This Month

Helm is a package manager for Charts for Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Kubernetes Stack Overflow Helm Red Hat +1
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-24375 MEDIUM This Month

Charmed MySQL K8s operator is a Charmed Operator for running MySQL on Kubernetes. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Python Information Disclosure Kubernetes
NVD GitHub
CVSS 3.1
5.0
EPSS
0.1%
CVE-2025-2842 Go MEDIUM PATCH This Month

Tempo Operator incorrectly grants cluster-monitoring-view ClusterRole permissions to Tempo service accounts when Jaeger UI Monitor Tab is enabled, allowing authenticated users with TempoStack creation and Secret read permissions in a namespace to extract the service account token and gain unauthorized access to all cluster metrics. The vulnerability affects Grafana Tempo Operator and carries a CVSS score of 4.3 with low EPSS exploitation probability (0.21%, 44th percentile), indicating limited real-world attack likelihood despite the information disclosure impact. No public exploit code or active exploitation has been confirmed at time of analysis.

Grafana Kubernetes Docker Privilege Escalation Information Disclosure
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-2786 Go MEDIUM PATCH This Month

Tempo Operator creates overly-permissive ServiceAccount, ClusterRole, and ClusterRoleBinding resources that allow authenticated namespace users to extract the ServiceAccount token and abuse TokenReview and SubjectAccessReview APIs to enumerate other users' RBAC permissions, facilitating reconnaissance for follow-up attacks. While not enabling privilege escalation or impersonation directly, this information disclosure (CWE-200) under low complexity attack conditions affects any organization running Grafana Tempo Operator in multi-tenant or untrusted Kubernetes environments where namespace isolation is relied upon for security boundaries. EPSS exploitation probability is 0.21% (low), no public exploit code has been identified, and upstream remediation via GitHub PR #1145 has been made available by the Grafana Tempo Operator project.

Kubernetes Information Disclosure Docker
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-27095 MEDIUM POC This Month

JumpServer is an open source bastion host and an operation and maintenance security audit system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Authentication Bypass Jumpserver
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-2787 HIGH This Week

KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare ) vulnerability which affects the ingress-nginx component. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Nginx Kubernetes Business Hub
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-24514 Go HIGH POC PATCH THREAT CERT-EU Act Now

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 23.0%.

Nginx RCE Kubernetes Red Hat Suse
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
23.0%
Threat
4.0
CVE-2025-24513 Go MEDIUM PATCH This Month

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Nginx Kubernetes Path Traversal Denial Of Service Red Hat +1
NVD GitHub
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-1974 Go CRITICAL POC PATCH THREAT CERT-EU Act Now

A critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access to achieve arbitrary code execution in the controller context. Dubbed 'IngressNightmare', this flaw exposes cluster Secrets including TLS certificates and service account tokens accessible to the ingress controller.

Nginx RCE Kubernetes Red Hat Suse
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
90.3%
Threat
6.2
CVE-2025-1098 Go HIGH POC PATCH THREAT CERT-EU Act Now

Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress annotations. Attackers can inject arbitrary NGINX configuration directives that lead to code execution in the ingress controller context, exposing cluster Secrets. This is a companion vulnerability to CVE-2025-1974 (IngressNightmare).

Nginx RCE Kubernetes Red Hat Suse
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
49.9%
Threat
4.8
CVE-2025-1097 Go HIGH POC PATCH THREAT CERT-EU Act Now

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 20.8%.

Nginx RCE Kubernetes Red Hat Suse
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
20.8%
CVE-2025-29778 Go MEDIUM POC PATCH This Month

Kyverno is a policy engine designed for cloud native platform engineering teams. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

Authentication Bypass Kubernetes Kyverno Suse
NVD GitHub
CVSS 3.1
5.8
EPSS
0.1%
CVE-2024-53349 HIGH This Week

Insecure permissions in kuadrant v0.11.3 allow attackers to gain access to the service account's token, leading to escalation of privileges via the secretes component in the k8s cluster. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Kubernetes Privilege Escalation Kuadrant
NVD GitHub
CVSS 3.1
7.4
EPSS
0.1%
CVE-2025-29922 Go CRITICAL PATCH Act Now

kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Kubernetes Suse
NVD GitHub
CVSS 3.1
9.6
EPSS
0.1%
CVE-2024-7598 Go LOW Monitor

A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. Rated low severity (CVSS 3.1), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Race Condition Kubernetes
NVD GitHub
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-29781 Go MEDIUM PATCH This Month

The Bare Metal Operator (BMO) implements a Kubernetes API for managing bare metal hosts in Metal3. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Kubernetes Red Hat Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-2241 Go HIGH PATCH This Week

A credential exposure vulnerability in Red Hat Hive, a component of Multicluster Engine (MCE) and Advanced Cluster Management (ACM), allows VCenter credentials to leak into ClusterProvision objects after VSphere cluster provisioning. Users with read access to ClusterProvision objects can extract these credentials without needing direct Kubernetes Secret access, enabling unauthorized VCenter access, cluster manipulation, and privilege escalation. With an EPSS score of 0.13% (32nd percentile), active exploitation is currently assessed as low probability, and no public exploits have been reported.

Red Hat Kubernetes Information Disclosure Privilege Escalation Suse
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-1767 Go MEDIUM PATCH This Month

This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Kubernetes Red Hat Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-27403 Go PATCH This Week

Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment, Ratify can be configured to authenticate to a private Azure Container Registry (ACR). The Azure workload identity and Azure managed identity authentication providers are configured in this setup. Users that configure a private ACR to be used with the Azure ...

Kubernetes
NVD GitHub
EPSS
0.2%
CVE-2025-25294 Go MEDIUM PATCH This Month

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Kubernetes Gateway Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-0426 Go MEDIUM PATCH This Month

A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Kubernetes Denial Of Service Red Hat Suse
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-1146 HIGH This Week

CrowdStrike uses industry-standard TLS (transport layer security) to secure communications from the Falcon sensor to the CrowdStrike cloud. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Information Disclosure Kubernetes Windows
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-26492 HIGH This Week

In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Kubernetes Teamcity
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2025-24319 HIGH This Week

When BIG-IP Next Central Manager is running, undisclosed requests to the BIG-IP Next Central Manager API can cause the BIG-IP Next Central Manager Node's Kubernetes service to terminate. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Kubernetes Big Ip Next Central Manager
NVD
CVSS 4.0
7.1
EPSS
0.8%
CVE-2025-24784 Go MEDIUM PATCH Monitor

kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Kubernetes Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-24376 Go MEDIUM PATCH This Month

kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kubernetes Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-23216 Go MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Kubernetes Argo Cd Red Hat Suse
NVD GitHub
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-24884 Go MEDIUM PATCH This Month

kube-audit-rest is a simple logger of mutation/creation requests to the k8s api. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Kubernetes Suse
NVD GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-24030 Go HIGH PATCH This Month

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Path Traversal Kubernetes Gateway Red Hat Suse
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-23047 Go MEDIUM PATCH This Month

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Kubernetes Cilium Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-23028 Go MEDIUM PATCH This Month

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Kubernetes Denial Of Service Cilium Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-12226 MEDIUM This Month

In affected versions of the Octopus Kubernetes worker or agent, sensitive variables could be written to the Kubernetes script pod log in clear-text. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Kubernetes
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-56514 Go MEDIUM PATCH This Month

Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Path Traversal Suse
NVD GitHub
CVSS 4.0
5.3
EPSS
0.2%
CVE-2024-56513 Go HIGH PATCH This Month

Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Kubernetes Suse
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2024-12582 HIGH This Week

A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Kubernetes
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-11274 HIGH POC This Week

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Open Redirect Kubernetes
NVD
CVSS 3.1
8.7
EPSS
0.5%
CVE-2024-53862 Go MEDIUM POC PATCH This Month

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Kubernetes Argo Workflows
NVD GitHub
CVSS 4.0
6.3
EPSS
0.7%
CVE-2024-10220 Go HIGH PATCH This Week

The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Kubernetes
NVD GitHub
CVSS 3.1
8.1
EPSS
3.0%
CVE-2024-53095 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free of network namespace. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Kubernetes Use After Free Memory Corruption Information Disclosure Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-9693 HIGH This Week

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.0 prior to 17.3.7, starting from 17.4 prior to 17.4.4, and starting from 17.5 prior to 17.5.2, which could have allowed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab Kubernetes
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-45794 Go HIGH POC PATCH This Week

devtron is an open source tool integration platform for Kubernetes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Kubernetes Devtron
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-48921 Go HIGH POC PATCH This Week

Kyverno is a policy engine designed for Kubernetes. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Kubernetes Kyverno
NVD GitHub
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-47827 Go MEDIUM PATCH This Month

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Rated medium severity (CVSS 4.8).

Race Condition Kubernetes Denial Of Service Argo Workflows
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-9594 Go HIGH PATCH This Week

A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process when using the Nutanix, OVA, QEMU or raw. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Kubernetes Image Builder
NVD GitHub
CVSS 3.1
8.1
EPSS
1.6%
CVE-2024-9486 Go CRITICAL PATCH Act Now

A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Kubernetes Image Builder
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2024-7558 Go HIGH POC PATCH This Week

JUJU_CONTEXT_ID is a predictable authentication secret. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Kubernetes Juju
NVD GitHub
CVSS 3.1
8.0
EPSS
0.5%
CVE-2024-6840 MEDIUM This Month

An improper authorization flaw exists in the Ansible Automation Controller. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Privilege Escalation Kubernetes
NVD
CVSS 3.1
6.6
EPSS
0.4%
CVE-2024-45041 Go HIGH PATCH This Week

External Secrets Operator is a Kubernetes operator that integrates external secret management systems. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Kubernetes External Secrets Operator
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-43803 Go MEDIUM PATCH This Month

The Bare Metal Operator (BMO) implements a Kubernetes API for managing bare metal hosts in Metal3. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Kubernetes
NVD GitHub
CVSS 3.1
4.9
EPSS
0.6%
CVE-2024-43403 Go HIGH This Week

Kanister is a data protection workflow management tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Kubernetes
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-42363 HIGH This Week

Prior to 3385, the user-controlled role parameter enters the application in the Kubernetes::RoleVerificationsController. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Kubernetes
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-39690 Go HIGH POC PATCH This Week

Capsule is a multi-tenancy and policy-based framework for Kubernetes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Kubernetes Capsule
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-7646 Go HIGH This Week

A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nginx Kubernetes
NVD GitHub
CVSS 3.1
8.8
EPSS
27.0%
CVE-2024-42480 Go CRITICAL POC PATCH Act Now

Kamaji is the Hosted Control Plane Manager for Kubernetes. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Kubernetes Kamaji
NVD GitHub
CVSS 3.1
9.9
EPSS
0.6%
CVE-2024-7557 HIGH This Week

A critical authentication bypass vulnerability exists in Red Hat OpenShift AI/OpenShift Data Science that allows attackers to escalate privileges and access multiple AI models within the same namespace using credentials from any single authenticated model. The vulnerability stems from ServiceAccount tokens being exposed in the UI, which can be exploited to gain unauthorized access to other models and APIs in the namespace with elevated view privileges. With an EPSS score of 0.10% and no current KEV listing, the vulnerability has relatively low real-world exploitation activity despite its high CVSS score of 8.8.

Authentication Bypass Privilege Escalation Information Disclosure Kubernetes Red Hat
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-36111 MEDIUM This Month

KubePi is a K8s panel. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Kubernetes
NVD GitHub
CVSS 3.1
6.3
EPSS
8.4%
CVE-2024-41666 Go MEDIUM POC PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Kubernetes Argo Cd
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-40634 Go HIGH POC PATCH This Week

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Kubernetes Denial Of Service Argo Cd
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2024-41129 PyPI MEDIUM PATCH This Month

The ops library is a Python framework for developing and testing Kubernetes and machine charms. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Python Information Disclosure Kubernetes
NVD GitHub
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-5321 Go MEDIUM PATCH This Month

A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and NT AUTHORITY\Authenticated Users may be able to modify container. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Kubernetes Microsoft
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-40629 CRITICAL Act Now

JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Kubernetes Jumpserver
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-40628 CRITICAL Act Now

JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Kubernetes Jumpserver
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2024-40632 Go LOW PATCH Monitor

Linkerd is an open source, ultralight, security-first service mesh for Kubernetes. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF Kubernetes
NVD GitHub
CVSS 3.1
3.7
EPSS
0.4%
CVE-2024-22263 HIGH This Week

Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Kubernetes File Upload
NVD
CVSS 3.1
8.8
EPSS
17.5%
CVE-2024-37152 Go HIGH POC PATCH This Week

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Kubernetes Argo Cd
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2024-36106 Go MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Kubernetes Argo Cd
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-35182 Go HIGH POC PATCH This Week

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Kubernetes Meshery
NVD GitHub
CVSS 3.1
8.1
EPSS
1.6%
CVE-2024-35181 Go HIGH POC PATCH This Week

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Kubernetes Meshery
NVD GitHub
CVSS 3.1
8.1
EPSS
1.6%
CVE-2024-31989 Go CRITICAL POC PATCH Act Now

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Redis Kubernetes Argo Cd
NVD GitHub
CVSS 3.1
9.0
EPSS
1.5%
CVE-2024-31216 Go MEDIUM PATCH This Month

The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kubernetes Microsoft
NVD GitHub
CVSS 3.1
5.1
EPSS
0.2%
CVE-2024-32476 Go MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Kubernetes Denial Of Service Argo Cd
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2024-33522 Go MEDIUM PATCH This Month

In vulnerable versions of Calico (v3.27.2 and below), Calico Enterprise (v3.19.0-1, v3.18.1, v3.17.3 and below), and Calico Cloud (v19.2.0 and below), an attacker who has local access to the. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Kubernetes
NVD GitHub
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-3177 Go LOW PATCH Monitor

A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Kubernetes
NVD GitHub
CVSS 3.1
2.7
EPSS
2.2%
CVE-2024-31990 Go MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Kubernetes Argo Cd
NVD GitHub
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-31391 Go MEDIUM PATCH This Month

Insertion of Sensitive Information into Log File vulnerability in the Apache Solr Operator.3.0 through 0.8.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Kubernetes Solr Operator
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-29990 CRITICAL Act Now

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Kubernetes Microsoft Azure Kubernetes Service Confidential Containers
NVD
CVSS 3.1
9.0
EPSS
18.0%
CVE-2024-28917 MEDIUM This Month

Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Kubernetes Microsoft Azure Arc Extension Microsoft Azstackhci Operator Azure Arc Extension Microsoft Azure Hybridnetwork +5
NVD
CVSS 3.1
6.2
EPSS
0.9%
CVE-2024-25699 HIGH This Week

There is a difficult‑to‑exploit improper authentication issue in the Home application for Esri Portal for ArcGIS versions 11.2 and below on Windows and Linux, and ArcGIS Enterprise versions 11.1 and. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Kubernetes Microsoft Portal For Arcgis Arcgis Enterprise
NVD
CVSS 3.1
8.5
EPSS
0.7%
CVE-2024-29893 Go MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Kubernetes Denial Of Service Argo Cd
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2024-29031 Go HIGH POC PATCH This Week

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Kubernetes Meshery
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-29037 CRITICAL Act Now

datahub-helm provides the Kubernetes Helm charts for deploying Datahub and its dependencies on a Kubernetes cluster. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kubernetes Datahub Helm
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-21662 Go CRITICAL POC PATCH Act Now

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Kubernetes Argo Cd
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2024-21661 Go HIGH POC PATCH This Week

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Kubernetes Denial Of Service Memory Corruption Argo Cd
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-21652 Go CRITICAL PATCH Act Now

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Denial Of Service Argo Cd
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-28175 Go MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Kubernetes Argo Cd
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
EPSS 0% CVSS 8.5
HIGH POC PATCH This Week

Kyverno is a policy engine designed for cloud native platform engineering teams. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

Kubernetes Authentication Bypass Kyverno +1
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

CNCF K3s 1.32 before 1.32.4-rc1+k3s1 has a Kubernetes kubelet configuration change with the unintended consequence that, in some situations, ReadOnlyPort is set to 10255. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Kubernetes Suse
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

MinIO Operator STS is a native IAM Authentication for Kubernetes. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kubernetes Suse
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: netfilter: socket: Lookup orig tuple for IPv6 SNAT nf_sk_lookup_slow_v4 does the conntrack lookup for IPv4 packets to restore the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Kubernetes +3
NVD
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Argo Events is an event-driven workflow automation framework for Kubernetes. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Privilege Escalation Red Hat +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Helm is a package manager for Charts for Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Kubernetes Stack Overflow +3
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM This Month

Charmed MySQL K8s operator is a Charmed Operator for running MySQL on Kubernetes. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Python Information Disclosure Kubernetes
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Tempo Operator incorrectly grants cluster-monitoring-view ClusterRole permissions to Tempo service accounts when Jaeger UI Monitor Tab is enabled, allowing authenticated users with TempoStack creation and Secret read permissions in a namespace to extract the service account token and gain unauthorized access to all cluster metrics. The vulnerability affects Grafana Tempo Operator and carries a CVSS score of 4.3 with low EPSS exploitation probability (0.21%, 44th percentile), indicating limited real-world attack likelihood despite the information disclosure impact. No public exploit code or active exploitation has been confirmed at time of analysis.

Grafana Kubernetes Docker +2
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Tempo Operator creates overly-permissive ServiceAccount, ClusterRole, and ClusterRoleBinding resources that allow authenticated namespace users to extract the ServiceAccount token and abuse TokenReview and SubjectAccessReview APIs to enumerate other users' RBAC permissions, facilitating reconnaissance for follow-up attacks. While not enabling privilege escalation or impersonation directly, this information disclosure (CWE-200) under low complexity attack conditions affects any organization running Grafana Tempo Operator in multi-tenant or untrusted Kubernetes environments where namespace isolation is relied upon for security boundaries. EPSS exploitation probability is 0.21% (low), no public exploit code has been identified, and upstream remediation via GitHub PR #1145 has been made available by the Grafana Tempo Operator project.

Kubernetes Information Disclosure Docker
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC This Month

JumpServer is an open source bastion host and an operation and maintenance security audit system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Authentication Bypass Jumpserver
NVD GitHub
EPSS 0% CVSS 8.7
HIGH This Week

KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare ) vulnerability which affects the ingress-nginx component. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Nginx +2
NVD
EPSS 23% 4.0 CVSS 8.8
HIGH POC PATCH THREAT Act Now

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 23.0%.

Nginx RCE Kubernetes +2
NVD GitHub Exploit-DB
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Nginx Kubernetes Path Traversal +3
NVD GitHub
EPSS 90% 6.2 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

A critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access to achieve arbitrary code execution in the controller context. Dubbed 'IngressNightmare', this flaw exposes cluster Secrets including TLS certificates and service account tokens accessible to the ingress controller.

Nginx RCE Kubernetes +2
NVD GitHub Exploit-DB
EPSS 50% 4.8 CVSS 8.8
HIGH POC PATCH THREAT Act Now

Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress annotations. Attackers can inject arbitrary NGINX configuration directives that lead to code execution in the ingress controller context, exposing cluster Secrets. This is a companion vulnerability to CVE-2025-1974 (IngressNightmare).

Nginx RCE Kubernetes +2
NVD GitHub Exploit-DB
EPSS 21% CVSS 8.8
HIGH POC PATCH THREAT Act Now

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 20.8%.

Nginx RCE Kubernetes +2
NVD GitHub Exploit-DB
EPSS 0% CVSS 5.8
MEDIUM POC PATCH This Month

Kyverno is a policy engine designed for cloud native platform engineering teams. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

Authentication Bypass Kubernetes Kyverno +1
NVD GitHub
EPSS 0% CVSS 7.4
HIGH This Week

Insecure permissions in kuadrant v0.11.3 allow attackers to gain access to the service account's token, leading to escalation of privileges via the secretes component in the k8s cluster. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Kubernetes Privilege Escalation Kuadrant
NVD GitHub
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Kubernetes Suse
NVD GitHub
EPSS 0% CVSS 3.1
LOW Monitor

A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. Rated low severity (CVSS 3.1), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Race Condition Kubernetes
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

The Bare Metal Operator (BMO) implements a Kubernetes API for managing bare metal hosts in Metal3. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Kubernetes Red Hat +1
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

A credential exposure vulnerability in Red Hat Hive, a component of Multicluster Engine (MCE) and Advanced Cluster Management (ACM), allows VCenter credentials to leak into ClusterProvision objects after VSphere cluster provisioning. Users with read access to ClusterProvision objects can extract these credentials without needing direct Kubernetes Secret access, enabling unauthorized VCenter access, cluster manipulation, and privilege escalation. With an EPSS score of 0.13% (32nd percentile), active exploitation is currently assessed as low probability, and no public exploits have been reported.

Red Hat Kubernetes Information Disclosure +2
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Kubernetes Red Hat +1
NVD GitHub
EPSS 0%
PATCH This Week

Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment, Ratify can be configured to authenticate to a private Azure Container Registry (ACR). The Azure workload identity and Azure managed identity authentication providers are configured in this setup. Users that configure a private ACR to be used with the Azure ...

Kubernetes
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Kubernetes Gateway +2
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Kubernetes Denial Of Service Red Hat +1
NVD GitHub
EPSS 0% CVSS 8.1
HIGH This Week

CrowdStrike uses industry-standard TLS (transport layer security) to secure communications from the Falcon sensor to the CrowdStrike cloud. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Information Disclosure Kubernetes +1
NVD
EPSS 0% CVSS 7.7
HIGH This Week

In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Kubernetes Teamcity
NVD
EPSS 1% CVSS 7.1
HIGH This Week

When BIG-IP Next Central Manager is running, undisclosed requests to the BIG-IP Next Central Manager API can cause the BIG-IP Next Central Manager Node's Kubernetes service to terminate. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Kubernetes Big Ip Next Central Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Kubernetes Suse
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kubernetes Suse
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Kubernetes Argo Cd +2
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

kube-audit-rest is a simple logger of mutation/creation requests to the k8s api. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Kubernetes +1
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Month

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Path Traversal Kubernetes Gateway +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Kubernetes Cilium +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Kubernetes Denial Of Service Cilium +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

In affected versions of the Octopus Kubernetes worker or agent, sensitive variables could be written to the Kubernetes script pod log in clear-text. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Kubernetes
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Path Traversal Suse
NVD GitHub
EPSS 0% CVSS 8.7
HIGH PATCH This Month

Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Kubernetes Suse
NVD GitHub
EPSS 0% CVSS 7.1
HIGH This Week

A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Kubernetes
NVD GitHub
EPSS 0% CVSS 8.7
HIGH POC This Week

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Open Redirect Kubernetes
NVD
EPSS 1% CVSS 6.3
MEDIUM POC PATCH This Month

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Kubernetes Argo Workflows
NVD GitHub
EPSS 3% CVSS 8.1
HIGH PATCH This Week

The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Kubernetes
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free of network namespace. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Kubernetes Use After Free Memory Corruption +3
NVD
EPSS 0% CVSS 8.8
HIGH This Week

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.0 prior to 17.3.7, starting from 17.4 prior to 17.4.4, and starting from 17.5 prior to 17.5.2, which could have allowed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab Kubernetes
NVD
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

devtron is an open source tool integration platform for Kubernetes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Kubernetes Devtron
NVD GitHub
EPSS 1% CVSS 8.7
HIGH POC PATCH This Week

Kyverno is a policy engine designed for Kubernetes. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Kubernetes Kyverno
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Rated medium severity (CVSS 4.8).

Race Condition Kubernetes Denial Of Service +1
NVD GitHub
EPSS 2% CVSS 8.1
HIGH PATCH This Week

A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process when using the Nutanix, OVA, QEMU or raw. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Kubernetes Image Builder
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Kubernetes Image Builder
NVD GitHub
EPSS 1% CVSS 8.0
HIGH POC PATCH This Week

JUJU_CONTEXT_ID is a predictable authentication secret. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Kubernetes Juju
NVD GitHub
EPSS 0% CVSS 6.6
MEDIUM This Month

An improper authorization flaw exists in the Ansible Automation Controller. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Privilege Escalation Kubernetes
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

External Secrets Operator is a Kubernetes operator that integrates external secret management systems. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Kubernetes External Secrets Operator
NVD GitHub
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

The Bare Metal Operator (BMO) implements a Kubernetes API for managing bare metal hosts in Metal3. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Kubernetes
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Kanister is a data protection workflow management tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Kubernetes
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Prior to 3385, the user-controlled role parameter enters the application in the Kubernetes::RoleVerificationsController. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Kubernetes
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Capsule is a multi-tenancy and policy-based framework for Kubernetes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Kubernetes Capsule
NVD GitHub
EPSS 27% CVSS 8.8
HIGH This Week

A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nginx Kubernetes
NVD GitHub
EPSS 1% CVSS 9.9
CRITICAL POC PATCH Act Now

Kamaji is the Hosted Control Plane Manager for Kubernetes. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Kubernetes Kamaji
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

A critical authentication bypass vulnerability exists in Red Hat OpenShift AI/OpenShift Data Science that allows attackers to escalate privileges and access multiple AI models within the same namespace using credentials from any single authenticated model. The vulnerability stems from ServiceAccount tokens being exposed in the UI, which can be exploited to gain unauthorized access to other models and APIs in the namespace with elevated view privileges. With an EPSS score of 0.10% and no current KEV listing, the vulnerability has relatively low real-world exploitation activity despite its high CVSS score of 8.8.

Authentication Bypass Privilege Escalation Information Disclosure +2
NVD GitHub
EPSS 8% CVSS 6.3
MEDIUM This Month

KubePi is a K8s panel. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Kubernetes
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Kubernetes Argo Cd
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Kubernetes Denial Of Service Argo Cd
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

The ops library is a Python framework for developing and testing Kubernetes and machine charms. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Python Information Disclosure Kubernetes
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and NT AUTHORITY\Authenticated Users may be able to modify container. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Kubernetes Microsoft
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Kubernetes +1
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL Act Now

JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Kubernetes +1
NVD GitHub
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Linkerd is an open source, ultralight, security-first service mesh for Kubernetes. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF Kubernetes
NVD GitHub
EPSS 18% CVSS 8.8
HIGH This Week

Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Kubernetes File Upload
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Kubernetes Argo Cd
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Kubernetes Argo Cd
NVD GitHub
EPSS 2% CVSS 8.1
HIGH POC PATCH This Week

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Kubernetes Meshery
NVD GitHub
EPSS 2% CVSS 8.1
HIGH POC PATCH This Week

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Kubernetes Meshery
NVD GitHub
EPSS 1% CVSS 9.0
CRITICAL POC PATCH Act Now

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Redis Kubernetes +1
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kubernetes Microsoft
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Kubernetes Denial Of Service Argo Cd
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

In vulnerable versions of Calico (v3.27.2 and below), Calico Enterprise (v3.19.0-1, v3.18.1, v3.17.3 and below), and Calico Cloud (v19.2.0 and below), an attacker who has local access to the. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Kubernetes
NVD GitHub
EPSS 2% CVSS 2.7
LOW PATCH Monitor

A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Kubernetes
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Kubernetes Argo Cd
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Insertion of Sensitive Information into Log File vulnerability in the Apache Solr Operator.3.0 through 0.8.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Kubernetes +1
NVD
EPSS 18% CVSS 9.0
CRITICAL Act Now

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Kubernetes Microsoft +1
NVD
EPSS 1% CVSS 6.2
MEDIUM This Month

Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Kubernetes Microsoft +7
NVD
EPSS 1% CVSS 8.5
HIGH This Week

There is a difficult‑to‑exploit improper authentication issue in the Home application for Esri Portal for ArcGIS versions 11.2 and below on Windows and Linux, and ArcGIS Enterprise versions 11.1 and. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Kubernetes Microsoft +2
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Kubernetes Denial Of Service Argo Cd
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Kubernetes Meshery
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL Act Now

datahub-helm provides the Kubernetes Helm charts for deploying Datahub and its dependencies on a Kubernetes cluster. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kubernetes Datahub Helm
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL POC PATCH Act Now

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Kubernetes Argo Cd
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Kubernetes Denial Of Service +2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Denial Of Service Argo Cd
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Kubernetes Argo Cd
NVD GitHub
Prev Page 4 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy