Lucene search
K

6 matches found

Vulnrichment
Vulnrichment
added 2026/04/21 6:22 p.m.5 views

CVE-2026-40868 kyverno apicall servicecall implicit bearer token injection leaks kyverno serviceaccount token

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 1.16.4, kyverno’s apiCall servicecall helper implicitly injects Authorization: Bearer ... using the kyverno controller serviceaccount token when a policy does not explicitly set an Authorization header...

8.1CVSS5.7AI score0.00289EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.10 views

Kyverno 安全漏洞

Kyverno is an open-source strategy engine designed for Kubernetes by Kyverno developers. Versions of Kyverno prior to 1.16.4 contained a security vulnerability. This vulnerability stemmed from the apiCall servicecall assistant implicitly injecting authorization tokens, which could lead to the...

8.1CVSS5.8AI score0.00289EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/03/27 12:0 a.m.3 views

tar-fs 安全漏洞

tar-fs is a tar-stream file system bundle. A security vulnerability exists in tar-fs versions prior to 1.16.4, prior to 2.1.2, and prior to 3.0.8, which originates from path traversal when decompressing a malicious tar file...

7.5CVSS7.5AI score0.02186EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2022/12/02 12:0 a.m.1 views

PT-2022-26513 · Osticket · Osticket

Name of the Vulnerable Software and Affected Versions: osTicket versions prior to 1.16.4 Description: The issue is related to Cross-site Scripting XSS - Reflected, which was found in the GitHub repository osticket/osticket. Recommendations: For versions prior to 1.16.4, update to version 1.16.4 o...

8CVSS6AI score0.00673EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2022/03/10 12:0 a.m.3 views

PT-2022-13517 · Gitea +1 · Gitea +1

Name of the Vulnerable Software and Affected Versions: gitea versions prior to 1.16.4 Description: The issue concerns missing authorization in the gitea repository. This allows for improper authorization, potentially leading to unauthorized access. A patch is available as part of the 1.16.4...

9.8CVSS5.6AI score0.87678EPSS
Exploits11References27
OSV
OSV
added 2021/05/27 1:15 p.m.4 views

DEBIAN-CVE-2021-31525

net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations...

5.9CVSS6.7AI score0.03692EPSS
Exploits0References1
Rows per page
Query Builder