47 matches found
Important: Red Hat Security Advisory: Red Hat Migration Toolkit for Containers
A new version of Migration Toolkit for Containers MTC is now available. The Migration Toolkit for Containers MTC enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the kubeClientMiddleware process. An attacker can gain unauthorized access to Kubernetes resources by sending requests with a valid session but insufficient permissions, which are incorrectly forwarded to the...
PT-2026-32006
Name of the Vulnerable Software and Affected Versions Red Hat OpenShift AI odh-dashboard affected versions not specified Description A flaw exists in the odh-dashboard component of Red Hat OpenShift AI RHOAI that allows for the disclosure of Kubernetes Service Account tokens through a NodeJS...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the deprecated host-callback APIs kubernetes/ingresses, kubernetes/namespaces, and kubernetes/services. An attacker can gain unauthorized read access to Ingresses, Namespaces, and Services resources across al...
SUSE CVE-2026-26056
Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller context by injecting a...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the overrides.yoke.cd/flight annotation, which allows a user-supplied URL to be used directly by the controller without validation. An attacker can execute arbitrary code within the controller context by...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the overrides.yoke.cd/flight annotation, which allows a user-supplied URL to be used directly by the controller without validation. An attacker can execute arbitrary code within the controller context by...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the overrides.yoke.cd/flight annotation, which allows a user-supplied URL to be used directly by the controller without validation. An attacker can execute arbitrary code within the controller context by...
CVE-2026-26056
Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller context by injecting a...
yoke 代码注入漏洞
Yoke is a Kubernetes package management tool developed by YokeCD. Versions of Yoke prior to 0.19.0 contained a code injection vulnerability. This vulnerability stemmed from the lack of proper URL validation in the Air Traffic Controller component, allowing users with the authority to create or...
EUVD-2023-0613
Malicious code in bioql PyPI...
EUVD-2022-7511
Malicious code in bioql PyPI...
EUVD-2022-6504
Malicious code in bioql PyPI...
EUVD-2023-1884
Malicious code in bioql PyPI...
EUVD-2024-0727
Malicious code in bioql PyPI...
EUVD-2024-0955
Malicious code in bioql PyPI...
EUVD-2025-7996
Malicious code in bioql PyPI...
EUVD-2022-7524
Malicious code in bioql PyPI...
Important: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.8.7 security and bug fix update
The Migration Toolkit for Containers MTC 1.8.7 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
Cross-Site Scripting (XSS)
github.com/argoproj/argo-cd is vulnerable to cross-site scripting XSS. The vulnerability is due to improper URL protocol filtering on the repository page, allowing attackers to perform actions such as creating, modifying, and deleting Kubernetes resources via the API...