VYPR
Vendor

Karmada Io

Products
2
CVEs
4
Across products
4
Status
Private

Products

2

Recent CVEs

4
  • CVE-2024-33396HigMay 2, 2024
    risk 0.55cvss 8.4epss 0.00

    An issue in karmada-io karmada v1.9.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.

  • CVE-2025-62714HigOct 24, 2025
    risk 0.50cvss epss 0.01

    Karmada Dashboard is a general-purpose, web-based control panel for Karmada which is a multi-cluster management project. Prior to version 0.2.0, there is an authentication bypass vulnerability in the Karmada Dashboard API. The backend API endpoints (e.g., /api/v1/secret,…

  • CVE-2024-56513HigJan 3, 2025
    risk 0.50cvss epss 0.00

    Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, the PULL mode clusters registered with the `karmadactl register` command have excessive privileges to access…

  • CVE-2024-56514MedJan 3, 2025
    risk 0.28cvss epss 0.01

    Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, both in karmadactl and karmada-operator, it is possible to supply a filesystem path, or an HTTP(s) URL to…