CVE-2026-10280 horizon921 mcpilot MCP API Call Endpoint route.ts server-side request forgery

A security flaw has been discovered in horizon921 mcpilot 0.1.0. The impacted element is an unknown function of the file client/src/app/api/mcp/call/route.ts of the component MCP API Call Endpoint. The manipulation of the argument serverBaseUrl results in server-side request forgery. The attack c...

IBM Aspera Faspex <=4.4.2 PL1 - Remote Code Execution

IBM Aspera Faspex through 4.4.2 Patch Level 1 is susceptible to remote code execution via a YAML deserialization flaw. This can allow an attacker to send a specially crafted obsolete API call and thereby execute arbitrary code, obtain sensitive data, and/or execute other unauthorized operations...

CVE-2026-37525

AGL app-framework-binder afb-daemon through v19.90.0 contains a privilege escalation vulnerability in the supervision Do command. The onsupervisioncall function in src/afb-supervision.c explicitly nullifies the request credentials by calling afbcontextchangecred&xreq-context, NULL before...

SeqShield: A Behavioral Analysis Approach to Uncover Rootkits

Rootkits are among the most elusive types of malware, capable of bypassing traditional static analysis methods due to their metamorphic behavior. Signature-based detection techniques struggle against these threats, necessitating a shift toward dynamic analysis approaches. We propose SeqShield, a...

PT-2026-34843

Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's apiCall context by validating the URLPath field. However, the ConfigMap context loader has the identical vulnerability — the...

BIT-KYVERNO-2026-40868 kyverno apicall servicecall implicit bearer token injection leaks kyverno serviceaccount token

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 1.16.4, kyverno’s apiCall servicecall helper implicitly injects Authorization: Bearer ... using the kyverno controller serviceaccount token when a policy does not explicitly set an Authorization header...

CVE-2026-40868

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 1.16.4, kyverno’s apiCall servicecall helper implicitly injects Authorization: Bearer ... using the kyverno controller serviceaccount token when a policy does not explicitly set an Authorization header...

CVE-2026-40868

Kyverno pre-1.16.4 apiCall serviceCall implicitly injects the Authorization: Bearer token from the kyverno serviceaccount when a policy omits an Authorization header. Since context.apiCall.service.url is policy-controlled, this can leak the serviceaccount token to attacker-controlled endpoints (c...

CVE-2026-6580

The CVE describes a vulnerability in liangliangyy DjangoBlog (up to 2.1.0.0) affecting an unknown function in owntracks/views.py within the Amap API Call Handler. The issue arises from manipulation of the argument key that causes the use of a hard-coded cryptographic key. It can be exploited remo...

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the apiCall executor. An attacker can obtain sensitive credentials by sending crafted HTTP requests to endpoints controlled by the attacker, causing the automatic forwarding of the ServiceAccount...

Kyverno apiCall automatically forwards ServiceAccount token to external endpoints (credential leak)

Summary Kyverno's apiCall service mode automatically attaches the admission controller's ServiceAccount SA token to outbound HTTP requests. This results in unintended credential exposure when requests are sent to external or attacker-controlled endpoints. The behavior is insecure-by-default and n...

Unintended Proxy or Intermediary ('Confused Deputy')

Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via the apiCall servicecall helper. An attacker can obtain sensitive service account tokens by crafting a policy that triggers an outbound request without an explicit Authorization...

GHSA-Q93Q-V844-JRQP kyverno apicall servicecall implicit bearer token injection leaks kyverno serviceaccount token

kyverno’s apiCall servicecall helper implicitly injects Authorization: Bearer ... using the kyverno controller serviceaccount token when a policy does not explicitly set an Authorization header. because context.apiCall.service.url is policy-controlled, this can send the kyverno serviceaccount tok...

kyverno apicall servicecall implicit bearer token injection leaks kyverno serviceaccount token

kyverno’s apiCall servicecall helper implicitly injects Authorization: Bearer ... using the kyverno controller serviceaccount token when a policy does not explicitly set an Authorization header. because context.apiCall.service.url is policy-controlled, this can send the kyverno serviceaccount tok...

GHSA-FMQP-4WFC-W3V7 Kyverno APICall SSRF Vulnerability Leading to Multi-Tenant Isolation Breach

Summary Kyverno's APICall feature contains a Server-Side Request Forgery SSRF vulnerability that allows users with Policy creation permissions to access arbitrary internal resources through Kyverno's high-privilege ServiceAccount. In multi-tenant Kubernetes environments, this constitutes a classi...

PT-2026-30230

Name of the Vulnerable Software and Affected Versions versions affected versions not specified Description An authenticated user can access other user profiles by manipulating the id number within an API call. This occurs through a specific API endpoint. Recommendations At the moment, there is no...

CVE-2026-30862 Critical Stored XSS & Privilege Escalation in Appsmith

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.96, a Critical Stored XSS vulnerability exists in the Table Widget TableWidgetV2. The root cause is a lack of HTML sanitization in the React component rendering pipeline, allowing malicious attributes to be...

CVE-2026-22039

Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have a critical authorization boundary bypass in namespaced Kyverno Policy apiCall. The resolved urlPath is executed using the Kyverno admission controller ServiceAccount, with no...

Kyverno Cross-Namespace Privilege Escalation via Policy apiCall

Summary A critical authorization boundary bypass in namespaced Kyverno Policy apiCall. The resolved urlPath is executed using the Kyverno admission controller ServiceAccount, with no enforcement that the request is limited to the policy’s namespace. As a result, any authenticated user with...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via apiCall. An attacker can gain unauthorized access to sensitive resources and escalate privileges via malicious urlPath values that cause the system to perform Kubernetes API requests outside the...