CVE-2025-64432

KubeVirt is a virtual machine management add-on for Kubernetes. Versions 1.5.3 and below, and 1.6.0 contained a flawed implementation of the Kubernetes aggregation layer's authentication flow which could enable bypass of RBAC controls. It was discovered that the virt-api component fails to...

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to the virt-api component failing to validate the CN field in client TLS certificates against allowed values in the extension-apiserver-authentication configmap. An attacker can...

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to the virt-api component failing to validate the CN field in client TLS certificates against allowed values in the extension-apiserver-authentication configmap. An attacker can...

AZL-69890 CVE-2025-64432 affecting package kubevirt for versions less than 0.59.0-33

KubeVirt is a virtual machine management add-on for Kubernetes. Versions 1.5.3 and below, and 1.6.0 contained a flawed implementation of the Kubernetes aggregation layer's authentication flow which could enable bypass of RBAC controls. It was discovered that the virt-api component fails to...

CVE-2025-64432

CVE-2025-64432 affects KubeVirt, specifically the virt-api component, where the mTLS authentication flow fails to validate the CN field in client certificates against the extension-apiserver-authentication config, enabling potential RBAC bypass by communicating directly with the aggregated API se...

CVE-2025-62402

API users via /api/v2/dagReports could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available...

Apache Airflow `/api/v2/dagReports` executes DAG Python in API

API users via /api/v2/dagReports could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available...

CVE-2025-62402

API users via /api/v2/dagReports could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available...

CVE-2025-62402

API users via /api/v2/dagReports could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available...

PT-2025-44368

Name of the Vulnerable Software and Affected Versions API users affected versions not specified Description The API allows code execution within the context of the api-server through the /api/v2/dagReports endpoint. This occurs when the api-server is deployed in an environment where Dag files are...

CVE-2025-59203 Windows State Repository API Server File Information Disclosure Vulnerability

...

CVE-2025-59203

CVE-2025-59203 affects the Windows StateRepository API. The issue is described as an insertion of sensitive information into a log file, enabling local disclosure by an authenticated attacker with local access. The CVSS v3.1 base score is 5.5 (Medium) with Local attack vector and Low attack compl...

EUVD-2019-13726

Malware in sbrugna...

EUVD-2016-6341

Malware in sbrugna...

EUVD-2017-5990

Malware in sbrugna...

EUVD-2018-2081

Malware in sbrugna...

EUVD-2020-3170

Malware in sbrugna...

EUVD-2021-2580

Malware in sbrugna...

EUVD-2021-2608

Malware in sbrugna...

EUVD-2022-27019

Malicious code in bioql PyPI...