| 0 |
| url |
VCID-2ej9-nn86-7bet |
| vulnerability_id |
VCID-2ej9-nn86-7bet |
| summary |
Kubernetes kubectl cp Vulnerable to Symlink Attack
The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-11251 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03448 |
| scoring_system |
epss |
| scoring_elements |
0.87523 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.03448 |
| scoring_system |
epss |
| scoring_elements |
0.87521 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.03448 |
| scoring_system |
epss |
| scoring_elements |
0.87506 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.03448 |
| scoring_system |
epss |
| scoring_elements |
0.8751 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.03448 |
| scoring_system |
epss |
| scoring_elements |
0.87514 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.03448 |
| scoring_system |
epss |
| scoring_elements |
0.87503 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.03448 |
| scoring_system |
epss |
| scoring_elements |
0.87496 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.03448 |
| scoring_system |
epss |
| scoring_elements |
0.87452 |
| published_at |
2026-04-01T12:55:00Z |
|
| 8 |
| value |
0.03448 |
| scoring_system |
epss |
| scoring_elements |
0.87477 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.03448 |
| scoring_system |
epss |
| scoring_elements |
0.87476 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.03448 |
| scoring_system |
epss |
| scoring_elements |
0.87462 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-11251 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-11251, GHSA-6qfg-8799-r575
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2ej9-nn86-7bet |
|
| 1 |
| url |
VCID-57ar-astn-b7eu |
| vulnerability_id |
VCID-57ar-astn-b7eu |
| summary |
Kubernetes Unsafe Cacheing
In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by `--cache-dir` (defaulting to `$HOME/.kube/http-cache`), written with world-writeable permissions (`rw-rw-rw-`). If `--cache-dir` is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-11244 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00097 |
| scoring_system |
epss |
| scoring_elements |
0.2677 |
| published_at |
2026-04-09T12:55:00Z |
|
| 1 |
| value |
0.00097 |
| scoring_system |
epss |
| scoring_elements |
0.26614 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00097 |
| scoring_system |
epss |
| scoring_elements |
0.26681 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00097 |
| scoring_system |
epss |
| scoring_elements |
0.26672 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00097 |
| scoring_system |
epss |
| scoring_elements |
0.26729 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00097 |
| scoring_system |
epss |
| scoring_elements |
0.26782 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.00097 |
| scoring_system |
epss |
| scoring_elements |
0.26826 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00097 |
| scoring_system |
epss |
| scoring_elements |
0.26865 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00097 |
| scoring_system |
epss |
| scoring_elements |
0.26651 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00097 |
| scoring_system |
epss |
| scoring_elements |
0.26719 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.00097 |
| scoring_system |
epss |
| scoring_elements |
0.26774 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.00097 |
| scoring_system |
epss |
| scoring_elements |
0.26654 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-11244 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-11244, GHSA-2575-pghm-6qqx
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-57ar-astn-b7eu |
|
| 2 |
| url |
VCID-6nk9-wkwg-ukeh |
| vulnerability_id |
VCID-6nk9-wkwg-ukeh |
| summary |
Information Exposure in Kubernetes
Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-7528 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58624 |
| published_at |
2026-04-11T12:55:00Z |
|
| 1 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58608 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58602 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58559 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58601 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58623 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58618 |
| published_at |
2026-04-16T12:55:00Z |
|
| 7 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58585 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58605 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.5855 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58579 |
| published_at |
2026-04-04T12:55:00Z |
|
| 11 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58474 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-7528 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2015-7528 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.0 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:N/C:P/I:N/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2015-7528 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-7528, GHSA-mqf3-28j7-3mj6
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6nk9-wkwg-ukeh |
|
| 3 |
| url |
VCID-cjth-qqvy-hqhk |
| vulnerability_id |
VCID-cjth-qqvy-hqhk |
| summary |
Kubelet Incorrect Privilege Assignment
In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit `runAsUser` attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If the pod specified `mustRunAsNonRoot: true`, the kubelet will refuse to start the container as root. If the pod did not specify `mustRunAsNonRoot: true`, the kubelet will run the container as uid 0. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-11245 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00154 |
| scoring_system |
epss |
| scoring_elements |
0.36146 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00154 |
| scoring_system |
epss |
| scoring_elements |
0.36197 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00154 |
| scoring_system |
epss |
| scoring_elements |
0.36213 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00154 |
| scoring_system |
epss |
| scoring_elements |
0.36171 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00154 |
| scoring_system |
epss |
| scoring_elements |
0.36196 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00154 |
| scoring_system |
epss |
| scoring_elements |
0.36233 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00154 |
| scoring_system |
epss |
| scoring_elements |
0.36228 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00154 |
| scoring_system |
epss |
| scoring_elements |
0.3621 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00154 |
| scoring_system |
epss |
| scoring_elements |
0.36098 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.00154 |
| scoring_system |
epss |
| scoring_elements |
0.3616 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.00154 |
| scoring_system |
epss |
| scoring_elements |
0.36326 |
| published_at |
2026-04-04T12:55:00Z |
|
| 11 |
| value |
0.00154 |
| scoring_system |
epss |
| scoring_elements |
0.36293 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-11245 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2019-11245 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.6 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:L/AC:L/Au:N/C:P/I:P/A:P |
|
| 1 |
| value |
4.9 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
|
| 2 |
| value |
7.8 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 3 |
| value |
4.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
|
| 4 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2019-11245 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-11245, GHSA-r76g-g87f-vw8f
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cjth-qqvy-hqhk |
|
| 4 |
| url |
VCID-dxej-zg13-63ff |
| vulnerability_id |
VCID-dxej-zg13-63ff |
| summary |
Kubernetes did not effectively clear service account credentials
In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not effectively clear service account credentials loaded using rest.InClusterConfig() |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-11243 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00238 |
| scoring_system |
epss |
| scoring_elements |
0.4699 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00238 |
| scoring_system |
epss |
| scoring_elements |
0.46918 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00238 |
| scoring_system |
epss |
| scoring_elements |
0.46935 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00238 |
| scoring_system |
epss |
| scoring_elements |
0.46882 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00238 |
| scoring_system |
epss |
| scoring_elements |
0.46936 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00238 |
| scoring_system |
epss |
| scoring_elements |
0.46959 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00238 |
| scoring_system |
epss |
| scoring_elements |
0.46932 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00238 |
| scoring_system |
epss |
| scoring_elements |
0.46939 |
| published_at |
2026-04-21T12:55:00Z |
|
| 8 |
| value |
0.00238 |
| scoring_system |
epss |
| scoring_elements |
0.46995 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.00238 |
| scoring_system |
epss |
| scoring_elements |
0.46881 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-11243 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-11243, GHSA-gc2p-g4fg-29vh
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dxej-zg13-63ff |
|
| 5 |
| url |
VCID-eztq-5cu5-7yfd |
| vulnerability_id |
VCID-eztq-5cu5-7yfd |
| summary |
Kubernetes Arbitrary Command Injection
In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection.
### Specific Go Packages Affected
k8s.io/kubernetes/pkg/util/mount |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1002101 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0085 |
| scoring_system |
epss |
| scoring_elements |
0.74903 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.0085 |
| scoring_system |
epss |
| scoring_elements |
0.74825 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.0085 |
| scoring_system |
epss |
| scoring_elements |
0.74827 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.0085 |
| scoring_system |
epss |
| scoring_elements |
0.74855 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.0085 |
| scoring_system |
epss |
| scoring_elements |
0.74829 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.0085 |
| scoring_system |
epss |
| scoring_elements |
0.74861 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.0085 |
| scoring_system |
epss |
| scoring_elements |
0.74875 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.0085 |
| scoring_system |
epss |
| scoring_elements |
0.74899 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.0085 |
| scoring_system |
epss |
| scoring_elements |
0.74878 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.0085 |
| scoring_system |
epss |
| scoring_elements |
0.74868 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.0085 |
| scoring_system |
epss |
| scoring_elements |
0.74905 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.0085 |
| scoring_system |
epss |
| scoring_elements |
0.74912 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1002101 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-1002101, GHSA-wqwf-x5cj-rg56
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-eztq-5cu5-7yfd |
|
| 6 |
| url |
VCID-fmcb-kpgu-5fcg |
| vulnerability_id |
VCID-fmcb-kpgu-5fcg |
| summary |
Authorization bypass in Openshift
Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-1906 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02541 |
| scoring_system |
epss |
| scoring_elements |
0.85461 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.02541 |
| scoring_system |
epss |
| scoring_elements |
0.85486 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.02541 |
| scoring_system |
epss |
| scoring_elements |
0.8549 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.02541 |
| scoring_system |
epss |
| scoring_elements |
0.85485 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.02541 |
| scoring_system |
epss |
| scoring_elements |
0.85388 |
| published_at |
2026-04-01T12:55:00Z |
|
| 5 |
| value |
0.02541 |
| scoring_system |
epss |
| scoring_elements |
0.854 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.02541 |
| scoring_system |
epss |
| scoring_elements |
0.8542 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.02541 |
| scoring_system |
epss |
| scoring_elements |
0.85423 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.02541 |
| scoring_system |
epss |
| scoring_elements |
0.85444 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.02541 |
| scoring_system |
epss |
| scoring_elements |
0.85452 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.02541 |
| scoring_system |
epss |
| scoring_elements |
0.85467 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.02541 |
| scoring_system |
epss |
| scoring_elements |
0.85465 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-1906 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2016-1906 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
10.0 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:N/C:C/I:C/A:C |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2016-1906 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-1906, GHSA-m3fm-h5jp-q79p
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fmcb-kpgu-5fcg |
|
| 7 |
| url |
VCID-humx-y4h8-pbeb |
| vulnerability_id |
VCID-humx-y4h8-pbeb |
| summary |
kubernetes: Incomplete fix for CVE-2019-1002101 allows for arbitrary file write via `kubectl cp` |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-11246 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01482 |
| scoring_system |
epss |
| scoring_elements |
0.80938 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.01482 |
| scoring_system |
epss |
| scoring_elements |
0.81035 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.01482 |
| scoring_system |
epss |
| scoring_elements |
0.81006 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.01482 |
| scoring_system |
epss |
| scoring_elements |
0.80998 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.01482 |
| scoring_system |
epss |
| scoring_elements |
0.81036 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.01482 |
| scoring_system |
epss |
| scoring_elements |
0.81037 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.01482 |
| scoring_system |
epss |
| scoring_elements |
0.80947 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.01482 |
| scoring_system |
epss |
| scoring_elements |
0.8097 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.01482 |
| scoring_system |
epss |
| scoring_elements |
0.80968 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.01482 |
| scoring_system |
epss |
| scoring_elements |
0.80996 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.01482 |
| scoring_system |
epss |
| scoring_elements |
0.81003 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.01482 |
| scoring_system |
epss |
| scoring_elements |
0.81019 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-11246 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-11246
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-humx-y4h8-pbeb |
|
| 8 |
| url |
VCID-k31a-cbd1-wkh5 |
| vulnerability_id |
VCID-k31a-cbd1-wkh5 |
| summary |
Access Restriction Bypass in kubernetes
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.
### Specific Go Packages Affected
github.com/kubernetes/kubernetes/pkg/apiserver |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-1905 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00236 |
| scoring_system |
epss |
| scoring_elements |
0.4651 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00236 |
| scoring_system |
epss |
| scoring_elements |
0.46538 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00236 |
| scoring_system |
epss |
| scoring_elements |
0.46591 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00236 |
| scoring_system |
epss |
| scoring_elements |
0.46594 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.00236 |
| scoring_system |
epss |
| scoring_elements |
0.46537 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00236 |
| scoring_system |
epss |
| scoring_elements |
0.46528 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00236 |
| scoring_system |
epss |
| scoring_elements |
0.4653 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00236 |
| scoring_system |
epss |
| scoring_elements |
0.46556 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00236 |
| scoring_system |
epss |
| scoring_elements |
0.46472 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.00236 |
| scoring_system |
epss |
| scoring_elements |
0.46533 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.00236 |
| scoring_system |
epss |
| scoring_elements |
0.46478 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-1905 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2016-1905 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.0 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:S/C:N/I:P/A:N |
|
| 1 |
| value |
7.7 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N |
|
| 2 |
| value |
7.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2016-1905 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-1905, GHSA-xx8c-m748-xr4j
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-k31a-cbd1-wkh5 |
|
| 9 |
| url |
VCID-m3n6-yj6t-y7eq |
| vulnerability_id |
VCID-m3n6-yj6t-y7eq |
| summary |
kubernetes: Incorrect default access permissions for Persistent Volumes |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-1002100 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.5013 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50211 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50235 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50237 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50175 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50203 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50153 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50207 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50201 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50229 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50202 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50191 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-1002100 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-1002100
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-m3n6-yj6t-y7eq |
|
| 10 |
| url |
VCID-qpg5-h1k8-yydt |
| vulnerability_id |
VCID-qpg5-h1k8-yydt |
| summary |
Directory Traversal in Kubernetes
Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5305 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51735 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51751 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51773 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51724 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51728 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51687 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51761 |
| published_at |
2026-04-21T12:55:00Z |
|
| 7 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51781 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51775 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51673 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51713 |
| published_at |
2026-04-04T12:55:00Z |
|
| 11 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51636 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5305 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-5305, GHSA-jp32-vmm6-3vf5
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qpg5-h1k8-yydt |
|
| 11 |
| url |
VCID-qxw4-2hry-uuf4 |
| vulnerability_id |
VCID-qxw4-2hry-uuf4 |
| summary |
Kubernetes Improper Input Validation vulnerability
A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-5528 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.18507 |
| scoring_system |
epss |
| scoring_elements |
0.95259 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.18507 |
| scoring_system |
epss |
| scoring_elements |
0.95257 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.18507 |
| scoring_system |
epss |
| scoring_elements |
0.95254 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.18507 |
| scoring_system |
epss |
| scoring_elements |
0.95246 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.18507 |
| scoring_system |
epss |
| scoring_elements |
0.95243 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.18507 |
| scoring_system |
epss |
| scoring_elements |
0.95242 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.18507 |
| scoring_system |
epss |
| scoring_elements |
0.95237 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.18507 |
| scoring_system |
epss |
| scoring_elements |
0.95233 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.18507 |
| scoring_system |
epss |
| scoring_elements |
0.95226 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.18507 |
| scoring_system |
epss |
| scoring_elements |
0.95222 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.18507 |
| scoring_system |
epss |
| scoring_elements |
0.9522 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-5528 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-5528, GHSA-hq6q-c2x6-hmch
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qxw4-2hry-uuf4 |
|
| 12 |
| url |
VCID-srhm-91w1-k3h7 |
| vulnerability_id |
VCID-srhm-91w1-k3h7 |
| summary |
kubelet: runAsNonRoot logic bypass for Windows containers |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-25749 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11474 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11601 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11523 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.1154 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.114 |
| published_at |
2026-04-18T12:55:00Z |
|
| 5 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11659 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11447 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11532 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11592 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11602 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11566 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-25749 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-25749
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-srhm-91w1-k3h7 |
|
| 13 |
| url |
VCID-sur2-ewj3-8bgx |
| vulnerability_id |
VCID-sur2-ewj3-8bgx |
| summary |
Kubernetes allows Command Injection affecting Windows nodes via nodes/*/logs/query API
A security vulnerability has been discovered in Kubernetes windows nodes that could allow a user with the ability to query a node's '/logs' endpoint to execute arbitrary commands on the host. This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-9042 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00345 |
| scoring_system |
epss |
| scoring_elements |
0.57154 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00345 |
| scoring_system |
epss |
| scoring_elements |
0.57131 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00345 |
| scoring_system |
epss |
| scoring_elements |
0.57151 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00345 |
| scoring_system |
epss |
| scoring_elements |
0.57172 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00345 |
| scoring_system |
epss |
| scoring_elements |
0.5716 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00345 |
| scoring_system |
epss |
| scoring_elements |
0.57107 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00345 |
| scoring_system |
epss |
| scoring_elements |
0.5713 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00345 |
| scoring_system |
epss |
| scoring_elements |
0.57108 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.00345 |
| scoring_system |
epss |
| scoring_elements |
0.57158 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.00355 |
| scoring_system |
epss |
| scoring_elements |
0.57832 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-9042 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-9042, GHSA-vv39-3w5q-974q
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sur2-ewj3-8bgx |
|
| 14 |
| url |
VCID-u8h6-kbws-8fbp |
| vulnerability_id |
VCID-u8h6-kbws-8fbp |
| summary |
Sensitive Information leak via Log File in Kubernetes
In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects < v1.19.3. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-8563 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00075 |
| scoring_system |
epss |
| scoring_elements |
0.22591 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00075 |
| scoring_system |
epss |
| scoring_elements |
0.2264 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00075 |
| scoring_system |
epss |
| scoring_elements |
0.22643 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00075 |
| scoring_system |
epss |
| scoring_elements |
0.22627 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00075 |
| scoring_system |
epss |
| scoring_elements |
0.22684 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00075 |
| scoring_system |
epss |
| scoring_elements |
0.22723 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00075 |
| scoring_system |
epss |
| scoring_elements |
0.22705 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00075 |
| scoring_system |
epss |
| scoring_elements |
0.22654 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00075 |
| scoring_system |
epss |
| scoring_elements |
0.2257 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.00075 |
| scoring_system |
epss |
| scoring_elements |
0.22578 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.00075 |
| scoring_system |
epss |
| scoring_elements |
0.22787 |
| published_at |
2026-04-04T12:55:00Z |
|
| 11 |
| value |
0.00075 |
| scoring_system |
epss |
| scoring_elements |
0.22743 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-8563 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-8563, GHSA-5xfg-wv98-264m
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u8h6-kbws-8fbp |
|
| 15 |
| url |
VCID-vctf-a4t5-q7a2 |
| vulnerability_id |
VCID-vctf-a4t5-q7a2 |
| summary |
Unverified Ownership in Kubernetes
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-8554 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.24784 |
| scoring_system |
epss |
| scoring_elements |
0.96163 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.24784 |
| scoring_system |
epss |
| scoring_elements |
0.96159 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.24784 |
| scoring_system |
epss |
| scoring_elements |
0.9615 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.24784 |
| scoring_system |
epss |
| scoring_elements |
0.96148 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.24784 |
| scoring_system |
epss |
| scoring_elements |
0.96146 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.24784 |
| scoring_system |
epss |
| scoring_elements |
0.96142 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.25265 |
| scoring_system |
epss |
| scoring_elements |
0.96157 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.25265 |
| scoring_system |
epss |
| scoring_elements |
0.96175 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.25265 |
| scoring_system |
epss |
| scoring_elements |
0.96172 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.25265 |
| scoring_system |
epss |
| scoring_elements |
0.96208 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.25265 |
| scoring_system |
epss |
| scoring_elements |
0.96165 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-8554 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-8554, GHSA-j9wf-vvm6-4r9w
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vctf-a4t5-q7a2 |
|
| 16 |
| url |
VCID-vj7p-66bc-7yam |
| vulnerability_id |
VCID-vj7p-66bc-7yam |
| summary |
Symlink Attack in kubectl cp
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. The untar function can both create and follow symbolic links. The issue is resolved in kubectl v1.11.9, v1.12.7, v1.13.5, and v1.14.0. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-1002101 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.49274 |
| scoring_system |
epss |
| scoring_elements |
0.97759 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.49274 |
| scoring_system |
epss |
| scoring_elements |
0.97765 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.49274 |
| scoring_system |
epss |
| scoring_elements |
0.97783 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.49274 |
| scoring_system |
epss |
| scoring_elements |
0.97789 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.49274 |
| scoring_system |
epss |
| scoring_elements |
0.97792 |
| published_at |
2026-04-18T12:55:00Z |
|
| 5 |
| value |
0.49274 |
| scoring_system |
epss |
| scoring_elements |
0.9779 |
| published_at |
2026-04-21T12:55:00Z |
|
| 6 |
| value |
0.49274 |
| scoring_system |
epss |
| scoring_elements |
0.97782 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.49274 |
| scoring_system |
epss |
| scoring_elements |
0.9778 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.49274 |
| scoring_system |
epss |
| scoring_elements |
0.97777 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.49274 |
| scoring_system |
epss |
| scoring_elements |
0.97774 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.49274 |
| scoring_system |
epss |
| scoring_elements |
0.97769 |
| published_at |
2026-04-07T12:55:00Z |
|
| 11 |
| value |
0.49274 |
| scoring_system |
epss |
| scoring_elements |
0.97767 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-1002101 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2019-1002101 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.8 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:N/C:N/I:P/A:P |
|
| 1 |
| value |
5.5 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
|
| 2 |
| value |
6.4 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H |
|
| 3 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
|
| 4 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2019-1002101 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-1002101, GHSA-34jx-wx69-9x8v
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vj7p-66bc-7yam |
|
| 17 |
| url |
VCID-w9b7-vajk-3kdq |
| vulnerability_id |
VCID-w9b7-vajk-3kdq |
| summary |
Kube-proxy may unintentionally forward traffic
Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (`spec.ports[*].port`) as a LoadBalancer Service when the LoadBalancer controller does not set the `status.loadBalancer.ingress[].ip` field. Clusters
where the LoadBalancer controller sets the `status.loadBalancer.ingress[].ip` field are unaffected. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-25736 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0008 |
| scoring_system |
epss |
| scoring_elements |
0.23684 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.0008 |
| scoring_system |
epss |
| scoring_elements |
0.23729 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.0008 |
| scoring_system |
epss |
| scoring_elements |
0.23846 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.0008 |
| scoring_system |
epss |
| scoring_elements |
0.23887 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.0008 |
| scoring_system |
epss |
| scoring_elements |
0.23674 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.0008 |
| scoring_system |
epss |
| scoring_elements |
0.23744 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.0008 |
| scoring_system |
epss |
| scoring_elements |
0.23791 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.0008 |
| scoring_system |
epss |
| scoring_elements |
0.23806 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.0008 |
| scoring_system |
epss |
| scoring_elements |
0.23762 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.0008 |
| scoring_system |
epss |
| scoring_elements |
0.23705 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.0008 |
| scoring_system |
epss |
| scoring_elements |
0.23716 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.0008 |
| scoring_system |
epss |
| scoring_elements |
0.23706 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-25736 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-25736, GHSA-35c7-w35f-xwgh
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w9b7-vajk-3kdq |
|
| 18 |
| url |
VCID-xcss-tfeh-w7a6 |
| vulnerability_id |
VCID-xcss-tfeh-w7a6 |
| summary |
kubernetes: Incomplete fixes for CVE-2019-1002101 and CVE-2019-11246, kubectl cp potential directory traversal |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-11249 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02819 |
| scoring_system |
epss |
| scoring_elements |
0.86087 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.02819 |
| scoring_system |
epss |
| scoring_elements |
0.86166 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.02819 |
| scoring_system |
epss |
| scoring_elements |
0.86156 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.02819 |
| scoring_system |
epss |
| scoring_elements |
0.86152 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.02819 |
| scoring_system |
epss |
| scoring_elements |
0.86169 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.02819 |
| scoring_system |
epss |
| scoring_elements |
0.86175 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.02819 |
| scoring_system |
epss |
| scoring_elements |
0.86097 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.02819 |
| scoring_system |
epss |
| scoring_elements |
0.86113 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.02819 |
| scoring_system |
epss |
| scoring_elements |
0.86112 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.02819 |
| scoring_system |
epss |
| scoring_elements |
0.86131 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.02819 |
| scoring_system |
epss |
| scoring_elements |
0.86143 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.02819 |
| scoring_system |
epss |
| scoring_elements |
0.86157 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-11249 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-11249
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xcss-tfeh-w7a6 |
|
| 19 |
| url |
VCID-zexe-7ywv-cbcf |
| vulnerability_id |
VCID-zexe-7ywv-cbcf |
| summary |
Kubernetes sets incorrect permissions on Windows containers logs
A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and NT AUTHORITY\Authenticated Users may be able to modify container logs. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-5321 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21579 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21609 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21602 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21604 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21661 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.217 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21688 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.2163 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21553 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21802 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21747 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-5321 |
|
| 2 |
| reference_url |
https://github.com/kubernetes/kubernetes |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/kubernetes/kubernetes |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/kubernetes/kubernetes/issues/126161 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T19:30:40Z/ |
|
|
| url |
https://github.com/kubernetes/kubernetes/issues/126161 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-5321, GHSA-82m2-cv7p-4m75
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zexe-7ywv-cbcf |
|