VYPR
Vendor

Kubernetes Sigs

Products
5
CVEs
5
Across products
5
Status
Private

Products

5

Recent CVEs

5
  • CVE-2025-53542HigJul 10, 2025
    risk 0.43cvss 7.7epss 0.01

    Headlamp is an extensible Kubernetes web UI. A command injection vulnerability was discovered in the codeSign.js script used in the macOS packaging workflow of the Kubernetes Headlamp project. This issue arises due to the improper use of Node.js's execSync() function with…

  • CVE-2025-7445MedSep 5, 2025
    risk 0.42cvss 6.5epss 0.00

    Kubernetes secrets-store-sync-controller in versions before 0.0.2 discloses service account tokens in logs.

  • CVE-2026-6437MedApr 17, 2026
    risk 0.35cvss 6.5epss 0.00

    Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver (aws-efs-csi-driver) before v3.0.1 allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via comma injection. To…

  • CVE-2024-3744MedMay 15, 2024
    risk 0.35cvss 6.5epss 0.00

    A security issue was discovered in azure-file-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens…

  • CVE-2025-48710MedJun 4, 2025
    risk 0.20cvss 4.1epss 0.00

    kro (Kube Resource Orchestrator) 0.1.0 before 0.2.1 allows users (with permission to create or modify ResourceGraphDefinition resources) to supply arbitrary container images. This can lead to a confused-deputy scenario where kro's controllers deploy and run attacker-controlled…