Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

97 matches found

RedhatCVE
RedhatCVEadded 2 days ago4 views

CVE-2026-41323

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has n...

9.1CVSS5.4AI score0.0001EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2 days ago3 views

CVE-2026-6389

IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An attacker that compromises the operator or its service account can exfiltrate sensitive credentials,...

8.8CVSS5.5AI score0.00013EPSS
Exploits0References1
CVE
CVEadded 2 days ago10 views

CVE-2025-5088

CVE-2025-5088 affects Arista CloudVision Exchange (CVX) via an authenticated Redis session that could grant full root access to all CVX servers. Exploitation requires network access to the Redis service and the Redis password, and Redis traffic is plaintext (TLS support tracked separately). The i...

8.7CVSS5.5AI score0.00024EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 4 days ago9 views

PT-2026-46096

Summary The environment variables KERNEL XXX used during the rendering of the Kubernetes manifest are vulnerable to Server Side Template Injection SSTI. By including Jinja2 template expressions it is possible to execution Python code and OS Commands in the Enterprise Gateway service. The code can...

10CVSS6.4AI score
Exploits0References3
CVE
CVEadded 2026/05/26 1:14 p.m.21 views

CVE-2026-7374

CVE-2026-7374 describes a vulnerability in KubeVirt’s virt-handler where improper symlink validation during VM console socket connections allows an authenticated OpenShift user with namespace-level edit permissions to hijack virt-handler’s privileged connection. By substituting the console socket...

9.9CVSS5.8AI score0.00121EPSS
Exploits0References12
NVD
NVDadded 2026/04/30 10:16 p.m.2 views

CVE-2026-6389

IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An attacker that compromises the operator or its service account can exfiltrate sensitive credentials,...

8.8CVSS0.00013EPSS
Exploits0References1
CVE
CVEadded 2026/04/30 9:17 p.m.3 views

CVE-2026-6389

IBM Turbonomic Prometurbo agent (application resource management) versions 8.16.0–8.17.6 expose cluster‑wide permissions, including unrestricted read access to all secrets. This enables an attacker with operator/service account access to exfiltrate credentials, escalate privileges, and potentiall...

8.8CVSS5.3AI score0.00013EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/04/30 9:17 p.m.2 views

CVE-2026-6389

IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An attacker that compromises the operator or its service account can exfiltrate sensitive credentials,...

8.8CVSS5.3AI score0.00013EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2026/04/30 9:17 p.m.2 views

EUVD-2026-26446

IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An attacker that compromises the operator or its service account can exfiltrate sensitive credentials,...

8.8CVSS5.3AI score0.00013EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/04/30 9:17 p.m.3 views

CVE-2026-6389 IBM Turbonomic Prometurbo agent used by IBM Turbonomic Application Resource Management is affected by a single vulnerability

IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An attacker that compromises the operator or its service account can exfiltrate sensitive credentials,...

8.8CVSS5.8AI score0.00013EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/04/30 9:17 p.m.30 views

CVE-2026-6389 IBM Turbonomic Prometurbo agent used by IBM Turbonomic Application Resource Management is affected by a single vulnerability

IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An attacker that compromises the operator or its service account can exfiltrate sensitive credentials,...

8.8CVSS0.00013EPSS
Exploits0References1
SUSE CVE
SUSE CVEadded 2026/04/28 1:35 a.m.2 views

SUSE CVE-2026-41323

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has n...

9.1CVSS5.3AI score0.0001EPSS
Exploits1References3
Cvelist
Cvelistadded 2026/04/24 3:21 a.m.24 views

CVE-2026-41323 Kyverno: ServiceAccount token leaked to external servers via apiCall service URL

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has n...

8.1CVSS0.0001EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2026/04/24 3:21 a.m.2 views

CVE-2026-41323 Kyverno: ServiceAccount token leaked to external servers via apiCall service URL

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has n...

8.1CVSS5.2AI score0.0001EPSS
Exploits1References4
EUVD
EUVDadded 2026/04/24 3:21 a.m.2 views

EUVD-2026-25389

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has n...

8.1CVSS5.7AI score0.0001EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/04/24 3:21 a.m.3 views

CVE-2026-41323

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has n...

8.1CVSS5.7AI score0.0001EPSS
Exploits1References5Affected Software1
CVE
CVEadded 2026/04/24 3:21 a.m.5 views

CVE-2026-41323

Summary of CVE-2026-41323 : Kyverno’s ClusterPolicy apiCall feature leaks the admission controller’s ServiceAccount token by attaching it to outgoing HTTP requests without validating the target URL. This allows tokens (e.g., for the kyverno-admission-controller) to be exfiltrated to attacker-cont...

9.1CVSS5.7AI score0.0001EPSS
Exploits1References4Affected Software1
OSV
OSVadded 2026/04/16 9:36 p.m.3 views

GHSA-F9G8-6PPC-PQQ4 Kyverno: ServiceAccount token leaked to external servers via apiCall service URL

Summary Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has no validation — it can point anywhere, including attacker-controlled servers. Since the admission controller SA has permissions ...

8.1CVSS5.8AI score0.0001EPSS
Exploits1References6
NVD
NVDadded 2026/03/10 5:40 p.m.0 views

CVE-2026-30887

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.18, OneUptime allows project members to run custom Playwright/JavaScript code via Synthetic Monitors to test websites. However, the system executes this untrusted user code inside the insecure Node.js vm module. By...

9.9CVSS0.00073EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/03/09 10:40 p.m.2 views

CVE-2026-30887

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.18, OneUptime allows project members to run custom Playwright/JavaScript code via Synthetic Monitors to test websites. However, the system executes this untrusted user code inside the insecure Node.js vm module. By...

9.9CVSS6AI score0.00073EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder