Red Hat OpenShift GitOps 安全漏洞

Red Hat OpenShift GitOps is an automated deployment service provided by the American company Red Hat. Red Hat OpenShift GitOps has a security vulnerability, which stems from insufficient validation. This vulnerability could allow attackers to bypass namespace boundaries, triggering cross-namespac...

Kyverno has SSRF via CEL http.Get/http.Post in NamespacedValidatingPolicy allows cross-namespace data access

Summary A Server-Side Request Forgery SSRF vulnerability in Kyverno's CEL HTTP library pkg/cel/libs/http/ allows users with namespace-scoped policy creation permissions to make arbitrary HTTP requests from the Kyverno admission controller. This enables unauthorized access to internal services in...

GHSA-RGGM-JJMC-3394 Kyverno has SSRF via CEL http.Get/http.Post in NamespacedValidatingPolicy allows cross-namespace data access

Summary A Server-Side Request Forgery SSRF vulnerability in Kyverno's CEL HTTP library pkg/cel/libs/http/ allows users with namespace-scoped policy creation permissions to make arbitrary HTTP requests from the Kyverno admission controller. This enables unauthorized access to internal services in...

Arbitrary Argument Injection

Overview mcp-server-kubernetes is a MCP server for interacting with Kubernetes clusters via kubectl Affected versions of this package are vulnerable to Arbitrary Argument Injection through the startPortForward function in src/tools/portforward.ts. An attacker can inject additional kubectl flags b...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the APICall feature. An attacker can access sensitive internal resources and exfiltrate confidential data by supplying arbitrary URLs to the APICall feature, which are executed with elevated privilege...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the APICall feature. An attacker can access sensitive internal resources and exfiltrate confidential data by supplying arbitrary URLs to the APICall feature, which are executed with elevated privilege...

GHSA-4P64-V8F5-R2GX Multiple security fixes in justhtml

Summary justhtml 1.16.0 fixes multiple security issues in sanitization, serialization, and programmatic DOM handling. Most of these issues affected one of these advanced paths rather than ordinary parsed HTML with the default safe settings: - programmatic DOM input to sanitize or sanitizedom -...

SUSE CVE-2026-40224

In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace...

CVE-2026-40224

A flaw was found in systemd-machined, a component of systemd. A local attacker can exploit a vulnerability related to how varlink interacts with the root namespace. This can lead to local privilege escalation, allowing the attacker to gain elevated access on the system...

CVE-2026-39961

Aiven Operator allows you to provision and manage Aiven Services from your Kubernetes cluster. From 0.31.0 to before 0.37.0, a developer with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate secrets from any other namespace — production database credentials, API keys...

EUVD-2026-21396

In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace...

GHSA-99J8-WV67-4C72 Aiven Operator has cross-namespace secret exfiltration via ClickhouseUser connInfoSecretSource

Impact A developer with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate secrets from any other namespace — production database credentials, API keys, service tokens — with a single kubectl apply. The operator reads the victim's secret using its ClusterRole and write...

EUVD-2026-20965

Aiven Operator has cross-namespace secret exfiltration via ClickhouseUser connInfoSecretSource...

Aiven Operator has cross-namespace secret exfiltration via ClickhouseUser connInfoSecretSource

Impact A developer with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate secrets from any other namespace — production database credentials, API keys, service tokens — with a single kubectl apply. The operator reads the victim's secret using its ClusterRole and write...

DEBIAN-CVE-2026-40224

In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace...

CVE-2026-40224

In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace...

CVE-2026-40224

In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace...

UBUNTU-CVE-2026-40224

In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the varlink process. An attacker can gain elevated privileges by leveraging access to the root namespace. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Advisor...

CVE-2026-40224

In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace...