EUVD-2025-205855

When system.enableCrossNamespaceCommands is enabled on by default, the Temporal server permits certain workflow task commands e.g. StartChildWorkflowExecution, SignalExternalWorkflowExecution, RequestCancelExternalWorkflowExecution to target a different namespace than the namespace authorized at...

CVE-2023-54276

In the Linux kernel, the following vulnerability has been resolved: nfsd: move init of percpu replycachestats counters back to nfsdinitnet Commit f5f9d4a314da "nfsd: move reply cache initialization into nfsd startup" moved the initialization of the reply cache into nfsd startup, but didn't accoun...

CVE-2025-53710

Due to a product misconfiguration in certain deployment types, it was possible from different pods in the same namespace to communicate with each other. This issue resulted in bypass of access control due to the presence of a vulnerable endpoint in Foundry Container Service that executed...

CVE-2025-53710 Network boundaries not respected in certain Foundry namespaces.

Due to a product misconfiguration in certain deployment types, it was possible from different pods in the same namespace to communicate with each other. This issue resulted in bypass of access control due to the presence of a vulnerable endpoint in Foundry Container Service that executed...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414503)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414503 advisory. A vulnerability was found in the Linux kernels cgroupreleaseagentwrite in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the...

EUVD-2022-15629

Malicious code in bioql PyPI...

EUVD-2025-0134

Malicious code in bioql PyPI...

SUSE SLES15 Security Update : kernel (Live Patch 9 for SLE 15 SP6) (SUSE-SU-2025:03235-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03235-1 advisory. This update for the Linux Kernel 6.4.0-1506002342 fixes several issues. The following security issues were fixed: - CVE-2025-38087: net/sched:...

Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002330 fixes several issues. The following security issues were fixed: CVE-2025-38087: net/sched: fix use-after-free in tapriodevnotifier bsc1245504. CVE-2025-21999: proc: fix UAF in procgetinode bsc1242579. CVE-2025-38001: netsched: hfsc: Address...

Security update for kernel-livepatch-MICRO-6-0_Update_5

This update for kernel-livepatch-MICRO-6-0Update5 fixes the following issues: CVE-2025-38087: net/sched: fix use-after-free in tapriodevnotifier bsc1245505 CVE-2025-21999: proc: fix UAF in procgetinode bsc1242579 CVE-2025-38001: netsched: hfsc: Address reentrant enqueue adding class to eltree twi...

Security update for kernel-livepatch-MICRO-6-0_Update_4

This update for kernel-livepatch-MICRO-6-0Update4 fixes the following issues: CVE-2025-38087: net/sched: fix use-after-free in tapriodevnotifier bsc1245505 CVE-2025-21999: proc: fix UAF in procgetinode bsc1242579 CVE-2025-38001: netsched: hfsc: Address reentrant enqueue adding class to eltree twi...

CVE-2025-55205 Capsule tenant owners with "patch namespace" permission can hijack system namespaces label

Capsule is a multi-tenancy and policy-based framework for Kubernetes. A namespace label injection vulnerability in Capsule v0.10.3 and earlier allows authenticated tenant users to inject arbitrary labels into system namespaces kube-system, default, capsule-system, bypassing multi-tenant isolation...

Linux Distros Unpatched Vulnerability : CVE-2025-37922

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: book3s64/radix : Align section vmemmap start address to PAGESIZE A vmemmap altmap is a...

Breaking the Bulkhead: Demystifying Cross-Namespace Reference Vulnerabilities in Kubernetes Operators

Kubernetes Operators, automated tools designed to manage application lifecycles within Kubernetes clusters, extend the functionalities of Kubernetes, and reduce the operational burden on human engineers. While Operators significantly simplify DevOps workflows, they introduce new security risks. I...

Moderate: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

Red Hat OpenShift GitOps v1.16.2 release An update is now available for Red Hat OpenShift GitOps. Security Fixes: openshift-gitops-operator-container: Namespace Isolation Break gitops-1.16 Bug Fixes: Gitops operator is not accepting regular expression in sourceNamespaces - Application in...

Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.14.4 security update

Errata Advisory for Red Hat OpenShift GitOps v1.14.4 security update. Errata Advisory for Red Hat OpenShift GitOps v1.14.4 security release. Security Fixes: openshift-gitops-argocd-container: Improper URL Sanitization in Argo CD Repository Page Allows Cross-Site Scripting XSS gitops-1.14...

Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.15.2 security update

Errata Advisory for Red Hat OpenShift GitOps 1.15.2 release Errata Advisory for Red Hat OpenShift GitOps 1.15.2 release Security Fixes: openshift-gitops-operator-container: Namespace Isolation Break gitops-1.15 openshift-gitops-argocd-container: Go JOSE's Parsing Vulnerable to Denial of Service...

Privilege Escalation

github.com/rancher/rancher is vulnerable to privilege escalation. The vulnerability is due to improper namespace isolation due to using the project name as the namespace for storing related resources, allowing users to gain access to projects in different clusters...

PT-2025-22184

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, related to the alignment of the section vmemmap start address to PAGE SIZE. This issue could lead to a kernel crash when the sectio...

SUSE CVE-2025-29781

The Bare Metal Operator BMO implements a Kubernetes API for managing bare metal hosts in Metal3. Baremetal Operator enables users to load Secret from arbitrary namespaces upon deployment of the namespace scoped Custom Resource BMCEventSubscription. Prior to versions 0.8.1 and 0.9.1, an adversary...