GHSA-FV83-X2XW-2J55 vulnerabilities

Vulnerabilities for packages: dkron, flux, flux-image-reflector-controller, ingress-nginx-controller, external-secrets-operator, volume-modifier-for-k8s, flux-operator, kubewatch, fluxcd-kustomize-mutating-webhook, omnibump, gh, nodetaint, dataplaneapi, newrelic-infra-operator,...

EUVD-2026-17133

In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator components have an SSRF vulnerability when processing the chartURL field of ResourceComposition resources. The field is only URL-encoded without validating the target address. More critically, when kubeconfiggenerator uses wget to...

CVE-2026-29954

In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator are affected by an SSRF vulnerability via the chartURL field of ResourceComposition resources. The field is only URL-encoded, with no validation of the target address. More critically, kubeconfiggenerator concatenates the chartURL di...

CVE-2026-29954

In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator components have an SSRF vulnerability when processing the chartURL field of ResourceComposition resources. The field is only URL-encoded without validating the target address. More critically, when kubeconfiggenerator uses wget to...

KubePlus 安全漏洞

KubePlus is a Kubernetes multi-tenant application management platform developed by cloud-ark. KubePlus 4.1.4 contains security vulnerabilities, which stem from server-side request forgery and command injection during the processing of the chartURL field by the mutating webhook and...

CVE-2025-47907 vulnerabilities

Vulnerabilities for packages: flux, crossplane-provider-azure-authorization, gitea, secrets-store-csi-driver-provider-azure, timescaledb-parallel-copy, volume-modifier-for-k8s, db-operator, extism, kind, dask-gateway, docker-machine-driver-harvester, nri-nagios, cosign, cert-manager-istio-csr,...

CRI-O vulnerable to an arbitrary systemd property injection

Impact On CRI-O, it looks like an arbitrary systemd property can be injected via a Pod annotation: --- apiVersion: v1 kind: Pod metadata: name: poc-arbitrary-systemd-property-injection annotations: I believe that ExecStart with an arbitrary command works here too, but I haven't figured out how to...

GHSA-2CGQ-H8XW-2V5J CRI-O vulnerable to an arbitrary systemd property injection

Impact On CRI-O, it looks like an arbitrary systemd property can be injected via a Pod annotation: --- apiVersion: v1 kind: Pod metadata: name: poc-arbitrary-systemd-property-injection annotations: I believe that ExecStart with an arbitrary command works here too, but I haven't figured out how to...

Information Disclosure

github.com/kubernetes/kubernetes is vulnerable to information disclosure and malicious redirection. If --profiling is enabled on the kube-apiserver, an attacker with a control over a validating or mutating webhook are able to access the kube-apiserver process logs and are able to redirect...

DEBIAN-CVE-2020-8561

A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the lo...

UBUNTU-CVE-2020-8561

A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the lo...