Lucene search
K

47 matches found

RedHat Linux
RedHat Linux
added 2026/06/10 9:42 a.m.16 views

Important: Red Hat Security Advisory: Red Hat Migration Toolkit for Containers

A new version of Migration Toolkit for Containers MTC is now available. The Migration Toolkit for Containers MTC enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the...

10CVSS6.9AI score0.01815EPSS
Exploits12References10
Snyk
Snyk
added 2026/05/14 4:24 p.m.7 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the kubeClientMiddleware process. An attacker can gain unauthorized access to Kubernetes resources by sending requests with a valid session but insufficient permissions, which are incorrectly forwarded to the...

8.1CVSS5.8AI score0.00335EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.7 views

PT-2026-32006

Name of the Vulnerable Software and Affected Versions Red Hat OpenShift AI odh-dashboard affected versions not specified Description A flaw exists in the odh-dashboard component of Red Hat OpenShift AI RHOAI that allows for the disclosure of Kubernetes Service Account tokens through a NodeJS...

8.5CVSS5.8AI score0.00492EPSS
Exploits0References11
Snyk
Snyk
added 2026/03/09 5:28 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the deprecated host-callback APIs kubernetes/ingresses, kubernetes/namespaces, and kubernetes/services. An attacker can gain unauthorized read access to Ingresses, Namespaces, and Services resources across al...

5.3CVSS5.9AI score0.00185EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/03/04 12:26 a.m.2 views

SUSE CVE-2026-26056

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller context by injecting a...

8.8CVSS6.1AI score0.004EPSS
Exploits1References3
Snyk
Snyk
added 2026/02/12 10:6 p.m.3 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the overrides.yoke.cd/flight annotation, which allows a user-supplied URL to be used directly by the controller without validation. An attacker can execute arbitrary code within the controller context by...

8.8CVSS6.2AI score0.004EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/12 10:6 p.m.4 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the overrides.yoke.cd/flight annotation, which allows a user-supplied URL to be used directly by the controller without validation. An attacker can execute arbitrary code within the controller context by...

8.8CVSS6.2AI score0.004EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/12 10:6 p.m.3 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the overrides.yoke.cd/flight annotation, which allows a user-supplied URL to be used directly by the controller without validation. An attacker can execute arbitrary code within the controller context by...

8.8CVSS6.2AI score0.004EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/12 9:11 p.m.4 views

CVE-2026-26056

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller context by injecting a...

8.8CVSS6.1AI score0.004EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.7 views

yoke 代码注入漏洞

Yoke is a Kubernetes package management tool developed by YokeCD. Versions of Yoke prior to 0.19.0 contained a code injection vulnerability. This vulnerability stemmed from the lack of proper URL validation in the Air Traffic Controller component, allowing users with the authority to create or...

8.8CVSS6.2AI score0.004EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.12 views

EUVD-2023-0613

Malicious code in bioql PyPI...

9.1CVSS8.8AI score0.00671EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-7511

Malicious code in bioql PyPI...

7.5CVSS6.9AI score0.00818EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-6504

Malicious code in bioql PyPI...

6.5CVSS7.4AI score0.00843EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-1884

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00897EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-0727

Malicious code in bioql PyPI...

6.4CVSS6.8AI score0.00567EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-0955

Malicious code in bioql PyPI...

9CVSS9AI score0.00654EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-7996

Malicious code in bioql PyPI...

8CVSS5.4AI score0.00317EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-7524

Malicious code in bioql PyPI...

7.5CVSS6.9AI score0.00818EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/06/04 12:26 p.m.13 views

Important: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.8.7 security and bug fix update

The Migration Toolkit for Containers MTC 1.8.7 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

8.7CVSS6.8AI score0.01009EPSS
Exploits1References9
Veracode
Veracode
added 2025/05/29 6:40 p.m.8 views

Cross-Site Scripting (XSS)

github.com/argoproj/argo-cd is vulnerable to cross-site scripting XSS. The vulnerability is due to improper URL protocol filtering on the repository page, allowing attackers to perform actions such as creating, modifying, and deleting Kubernetes resources via the API...

9CVSS8.7AI score0.00411EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder