Kyverno policy-reporter-ui has XSS via Stored Property Values in PropertyCard Component

Summary Vue 3's v-html directive is the framework-documented mechanism for injecting raw HTML, and it intentionally disables the auto-escaping that interpolation provides. The PropertyCard.vue component uses v-html for the else branch of the URL check, meaning any non-URL string value flows...

GHSA-47M2-4CR7-MHCW vulnerabilities

Vulnerabilities for packages: k8sgateway, k3s, kubernetes-dns-node-cache, kargo, caddy, traefik, spegel, q, ipfs-cluster, dkron, kyverno-policy-reporter-ui, frp, teleport, kubo...

CVE-2025-59530 vulnerabilities

Vulnerabilities for packages: caddy, rke2-runtime, spegel-fips, caddy-fips, kargo, kubernetes-dns-node-cache, kyverno-policy-reporter-ui, kubo-fips, k3s, kubo, eks-distro-fips, ipfs-cluster, traefik, dkron-fips, q, k8sgateway, teleport, ipfs-cluster-fips, syncthing, coredns,...