431 matches found
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via apiCall. An attacker can gain unauthorized access to sensitive resources and escalate privileges via malicious urlPath values that cause the system to perform Kubernetes API requests outside the...
GHSA-8P9X-46GM-QFX2 Kyverno Cross-Namespace Privilege Escalation via Policy apiCall
Summary A critical authorization boundary bypass in namespaced Kyverno Policy apiCall. The resolved urlPath is executed using the Kyverno admission controller ServiceAccount, with no enforcement that the request is limited to the policy’s namespace. As a result, any authenticated user with...
CVE-2026-22039
Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have a critical authorization boundary bypass in namespaced Kyverno Policy apiCall. The resolved urlPath is executed using the Kyverno admission controller ServiceAccount, with no...
CVE-2026-22039
Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have a critical authorization boundary bypass in namespaced Kyverno Policy apiCall. The resolved urlPath is executed using the Kyverno admission controller ServiceAccount, with no...
CVE-2026-22039
Kyverno contains a cross-namespace privilege escalation in the Policy apiCall path for versions prior to 1.16.3 and 1.15.3. The vulnerability lets an authenticated user with permission to create a namespaced Policy cause Kyverno’s admission controller to perform Kubernetes API requests using Kyve...
CVE-2017-18433
cPanel before 64.0.21 allows code execution by webmail and demo accounts via a storefilter API call SEC-236...
CVE-2025-67793
An issue was discovered in DriveLock 24.1 through 24.1., 24.2 through 24.2., and 25.1 before 25.1.6. Users with the "Manage roles and permissions" privilege can promote themselves or other DOC users to the Supervisor role through an API call. This privilege is included by default in the...
GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 安全漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Enterprise Edition EE and GitLab Community...
Demystifying Feature Engineering in Malware Analysis of API Call Sequences
Machine learning ML has been widely used to analyze API call sequences in malware analysis, which typically requires the expertise of domain specialists to extract relevant features from raw data. The extracted features play a critical role in malware analysis. Traditional feature extraction is...
CVE-2025-31649
A hard-coded password vulnerability exists in the ControlVault WBDI Driver functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to execute priviledged operation. An attacker can issue an api call...
CVE-2025-32089
A buffer overflow vulnerability exists in the CvManagerSBI functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to a arbitrary code execution. An attacker can issue an api call to trigger this...
CVE-2025-36553
A buffer overflow vulnerability exists in the CvManager functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability...
CVE-2025-31649
A hard-coded password vulnerability exists in the ControlVault WBDI Driver functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to execute priviledged operation. An attacker can issue an api call...
CVE-2025-31649 Dell ControlVault3 ControlVault WBDI Driver hard-coded password vulnerability
A hard-coded password vulnerability exists in the ControlVault WBDI Driver functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to execute priviledged operation. An attacker can issue an api call...
CVE-2025-31649 Dell ControlVault3 ControlVault WBDI Driver hard-coded password vulnerability
A hard-coded password vulnerability exists in the ControlVault WBDI Driver functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to execute priviledged operation. An attacker can issue an api call...
EUVD-2025-197899
A privilege escalation vulnerability exists in the ControlVault WBDI Driver WBIOUSHADDRECORD functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to privilege escalation. An attacker can issue a...
CVE-2025-32089 Dell ControlVault3 CvManager_SBI buffer overflow vulnerability
A buffer overflow vulnerability exists in the CvManagerSBI functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to a arbitrary code execution. An attacker can issue an api call to trigger this...
CVE-2025-36553
Dell ControlVault3 CvManager buffer overflow (CVE-2025-36553) affects ControlVault3 prior to 5.15.14.19 and ControlVault3 Plus prior to 6.2.36.47. A crafted ControlVault API call can lead to memory corruption via a CvManager/command handling path: an attacker-controlled transportLen value passes ...
CVE-2025-36553 Dell ControlVault3 CvManager buffer overflow vulnerability
A buffer overflow vulnerability exists in the CvManager functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability...
CVE-2025-62647
The Restaurant Brands International RBI assistant platform through 2025-09-06 provides the functionality of returning a JWT that can be used to call an API to return a signed AWS upload URL, for any store's path...