Rancher has downstream cluster privilege escalation through cluster and project role template binding (CRTB/PRTB)

Impact An issue was discovered in Rancher versions up to and including 2.5.15 and 2.6.6 where a flaw with authorization logic allows privilege escalation through cluster role template binding CRTB and project role template binding PRTB. This issue does not affect the local cluster, it affects onl...

EUVD-2004-0318

Malware in sbrugna...

EUVD-2025-10231

Malicious code in bioql PyPI...

EUVD-2025-10234

Malicious code in bioql PyPI...

EUVD-2023-1854

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-42343

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Dask distributed package before 2021.10.0 for Python. Single machine Dask clusters started with dask.distributed.LocalCluster or...

CVE-2023-22647

An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted, but their read-level permissions to the secret being preserved. When this...

CVE-2025-25002

Insertion of sensitive information into log file in Azure Local Cluster allows an authorized attacker to disclose information over an adjacent network...

CVE-2025-26628

Insufficiently protected credentials in Azure Local Cluster allows an authorized attacker to disclose information locally...

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure products. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges and gain access to sensitive data. The vulnerability with reference CVE-2025-27489 allows the malicious party, by loading a non-Microsoft DLL...

CVE-2025-25002

Insertion of sensitive information into log file in Azure Local Cluster allows an authorized attacker to disclose information over an adjacent network...

CVE-2025-26628

Insufficiently protected credentials in Azure Local Cluster allows an authorized attacker to disclose information locally...

CVE-2025-25002

Insertion of sensitive information into log file in Azure Local Cluster allows an authorized attacker to disclose information over an adjacent network...

CVE-2025-26628

Insufficiently protected credentials in Azure Local Cluster allows an authorized attacker to disclose information locally...

CVE-2025-26628 Azure Local Cluster Information Disclosure Vulnerability

...

CVE-2025-26628

Technical details about CVE-2025-26628 are not publicly provided in the connected documents; no specific affected product versions, root cause, or fixes are disclosed here. Monitor for updates.

CVE-2025-25002

CVE-2025-25002 affects Azure Local Cluster and involves insertion of sensitive information into log files, enabling an authorized attacker to disclose data over an adjacent network. The connected documents confirm the Azure Local Cluster as the vulnerable component and describe the impact as data...

CVE-2025-25002 Azure Local Cluster Information Disclosure Vulnerability

...

Azure Local Cluster Information Disclosure Vulnerability

Insertion of sensitive information into log file in Azure Local Cluster allows an authorized attacker to disclose information over an adjacent network...

Azure Local Cluster Information Disclosure Vulnerability

Insufficiently protected credentials in Azure Local Cluster allows an authorized attacker to disclose information locally...