Lucene search
K

47 matches found

SUSE CVE
SUSE CVE
added 2026/03/04 12:26 a.m.4 views

SUSE CVE-2026-26055

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send...

7.5CVSS6AI score0.0041EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/04 12:26 a.m.3 views

SUSE CVE-2026-26056

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller context by injecting a...

8.8CVSS6.1AI score0.004EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/02/14 1:26 a.m.4 views

CVE-2026-26056

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller context by injecting a...

8.8CVSS6.1AI score0.004EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/14 1:26 a.m.4 views

CVE-2026-26055

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send...

7.5CVSS5.9AI score0.0041EPSS
Exploits1References1
NVD
NVD
added 2026/02/12 10:16 p.m.6 views

CVE-2026-26055

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send...

7.5CVSS0.0041EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/02/12 10:6 p.m.9 views

Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC

Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC This vulnerability exists in the Air Traffic Controller ATC component of Yoke, a Kubernetes deployment tool. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller...

8.8CVSS6.9AI score0.004EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/12 10:6 p.m.5 views

Unauthenticated Admission Webhook Endpoints in Yoke ATC

Unauthenticated Admission Webhook Endpoints in Yoke ATC This vulnerability exists in the Air Traffic Controller ATC component of Yoke, a Kubernetes deployment tool. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send...

7.5CVSS6.4AI score0.0041EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/02/12 9:11 p.m.28 views

CVE-2026-26056 Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller context by injecting a...

8.8CVSS0.004EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/12 9:11 p.m.4 views

CVE-2026-26056

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller context by injecting a...

8.8CVSS6.1AI score0.004EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/02/12 9:11 p.m.14 views

CVE-2026-26056

CVE-2026-26056 affects Yoke ATC in 0.19.0 and earlier. A vulnerability in the ATC controller allows users with create/update permissions to inject a malicious URL via the overrides.yoke.cd/flight annotation, causing the ATC controller to download and execute an arbitrary WASM module without prope...

8.8CVSS6.1AI score0.004EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/12 9:7 p.m.3 views

CVE-2026-26055

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send...

7.5CVSS5.9AI score0.0041EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/02/12 9:7 p.m.24 views

CVE-2026-26055 Unauthenticated Admission Webhook Endpoints in Yoke ATC

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send...

7.5CVSS0.0041EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.9 views

yoke 代码注入漏洞

Yoke is a Kubernetes package management tool developed by YokeCD. Versions of Yoke prior to 0.19.0 contained a code injection vulnerability. This vulnerability stemmed from the lack of proper URL validation in the Air Traffic Controller component, allowing users with the authority to create or...

8.8CVSS6.2AI score0.004EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.6 views

yoke 访问控制错误漏洞

Yoke is a Kubernetes package management tool developed by YokeCD. Versions of Yoke prior to 0.19.0 contained an access control vulnerability. This vulnerability stemmed from the lack of proper authentication mechanisms in the Webhook endpoints of the Air Traffic Controller component, allowing any...

7.5CVSS5.9AI score0.0041EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.15 views

PT-2026-7905

Name of the Vulnerable Software and Affected Versions Yoke versions 0.18.x and earlier Description The Air Traffic Controller ATC component of Yoke lacks proper authentication mechanisms for its webhook endpoints. This allows any pod within the cluster network to send AdmissionReview requests...

9.9CVSS6AI score0.27661EPSS
Exploits45References119
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.16 views

PT-2026-7906

Name of the Vulnerable Software and Affected Versions Yoke versions 0.19.0 and earlier Description Yoke's Air Traffic Controller ATC component contains a flaw that allows users with Custom Resource CR create/update permissions to execute arbitrary WASM code. This is achieved by injecting a...

9.9CVSS6.5AI score0.27661EPSS
Exploits45References118
Packet Storm News
Packet Storm News
added 2026/01/20 12:0 a.m.4 views

A Survey of Security Challenges and Solutions for Advanced Air Mobility and EVTOL Aircraft

This survey reviews the existing and envisioned security vulnerabilities and defense mechanisms relevant to Advanced Air Mobility AAM systems, with a focus on electric vertical takeoff and landing eVTOL aircraft. Drawing from vulnerabilities in the avionics in commercial aviation and the automate...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/17 12:0 a.m.4 views

Hybrid IDS Using Signature-Based and Anomaly-Based Detection

Intrusion detection systems IDS are essential for protecting computer systems and networks against a wide range of cyber threats that continue to evolve over time. IDS are commonly categorized into two main types, each with its own strengths and limitations, such as difficulty in detecting...

5.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/11/07 1:46 p.m.4 views

CVE-2025-61956

Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, potentially manipulating active runway settings and misleading air traffic control ATC and pilots...

10CVSS7.1AI score0.0071EPSS
Exploits0References1
OSV
OSV
added 2025/11/04 5:16 p.m.6 views

CVE-2025-61956

Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, potentially manipulating active runway settings and misleading air traffic control ATC and pilots...

9.8CVSS5.8AI score0.0071EPSS
Exploits0References2
Rows per page
Query Builder