CVE Database

A series of critical vulnerabilities has been uncovered in the Common Unix Printing System (CUPS), specifically in the cups-browsed component and related libraries. This vulnerability chain allows remote, unauthenticated attackers to potentially execute arbitrary code with root privileges on affected systems...

A Kubernetes vulnerability which demands immediate attention from security professionals and DevOps teams. CVE-2024-7646, affect the popular ingress-nginx controller and allows malicious actors to bypass annotation validation and potentially gain unauthorized access to sensitive cluster resources...

March 29, 2024 - Red Hat disclosed CVE-2024-3094 (a.k.a XZ vulnerability) scoring a critical CVSS rating of 10. Stemming from a supply chain compromise it affects the latest iterations of XZ tools and libraries. The CVE was identified by a software engineer following the discovery of...

Oct 27, 2023 - Three security issues were reported by the Kubernetes security community, all of them related to the popular NGINX ingress component. CVE-2023-5043, CVE-2023-5044 and CVE-2022-4886 can be exploited by attacker to steal secret credentials from the cluster.

Aug 23, 2023 - The Kubernetes Security Response Committee disclosed three interrelated vulnerabilities affecting the Windows versions of Kubelet and the Kubernetes CSI proxy. These vulnerabilities pose a significant risk, allowing even users with limited permissions to escalate...

Dec 21, 2022 - The vulnerability enables an attacker who is either running a malicious container image registry or is able to act as a proxy between the registry and Kyverno, to inject unsigned images into the protected cluster, bypassing the image verification policy.