Dragonfly2 < 2.1.0-beta.1 - Hardcoded JWT Secret

Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation CNCF as an Incubating Level Project. Dragonfly uses JWT to verify user. However, the secret key for JWT, "Secret Key", is hard coded, which leads to...

zero2shell-50

ZeroToShell-50 🚀 A highly curated, containerized training g...

CVE-2026-35255

Vulnerability in the Oracle Cloud Native Environment Command Line Interface product of Oracle Open Source Projects. The supported versions that is affected is v2.3.2. Easily exploitable vulnerability allows unauthenticated attacker to compromise Oracle Cloud Native Environment Command Line...

Mimecast Incydr 安全漏洞

Mimecast Incydr is a cloud-native internal risk management and data protection platform developed by Mimecast Corporation in the United States. Versions of Mimecast Incydr prior to version 2.6.0 contained security vulnerabilities that could lead to arbitrary file access...

waf-engine

WAF & SOAR Engine A cloud-native Web Application Firewall and...

Extending EOL/EOS Software Intelligence Across Containers, Kubernetes, and Modern Workloads

Key Takeaways Unsupported software increasingly exists inside container images and Kubernetes workloads, not just traditional infrastructure. Lifecycle risk extends beyond CVEs because unsupported software eventually stops receiving patches and vendor maintenance. Outdated base images and runtime...

CVE-2026-44477

CVE-2026-44477 affects CloudNativePG prior to 1.29.1 and 1.28.3. The metrics exporter opens a PostgreSQL connection as the superuser and demotes to pg_monitor with SET ROLE, but the session_user remains postgres. Any SQL in the scrape session can call RESET ROLE to recover superuser privileges, t...

CloudNativePG 代码问题漏洞

CloudNativePG is an open-source platform developed by CloudNativePG for managing the entire lifecycle of PostgreSQL databases on Kubernetes. Versions of CloudNativePG prior to 1.29.1 and 1.28.3 contained code vulnerabilities. These vulnerabilities stemmed from the metric exporter using the pod’s...

Exploit for Improper Input Validation in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

log4j-vuln-demo Intentionally vulnerable demo image for Sys...

When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps

In this article 1. Background 2. What is an exploitable misconfiguration? 3. Exploitable misconfigurations in popular AI applications 4. Minimizing the risk: Practical deployment guidance 5. How Microsoft Defender for Cloud helps detect exposures in Kubernetes 6. Learn more AI and agentic...

Privilege Dropping / Lowering Errors

Overview Affected versions of this package are vulnerable to Privilege Dropping / Lowering Errors in the metrics exporter. An attacker can gain PostgreSQL superuser privileges and execute arbitrary OS commands as the postgres user inside the primary pod by exploiting the ability to plant shadow...

CloudNativePG's metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE

Impact The CloudNativePG metrics exporter opens its PostgreSQL connection as the postgres superuser via the pod-local Unix socket, then demotes the session with SET ROLE pgmonitor. SET ROLE changes only currentuser; sessionuser remains postgres. That residual superuser identity is the foothold fo...

EUVD-2026-27550

Vulnerability in the Oracle Cloud Native Environment Command Line Interface product of Oracle Open Source Projects. The supported versions that is affected is v2.3.2. Easily exploitable vulnerability allows unauthenticated attacker to compromise Oracle Cloud Native Environment Command Line...

CVE-2026-35255

Vulnerability in the Oracle Cloud Native Environment Command Line Interface product of Oracle Open Source Projects. The supported versions that is affected is v2.3.2. Easily exploitable vulnerability allows unauthenticated attacker to compromise Oracle Cloud Native Environment Command Line...

CVE-2026-35255

Vulnerability in the Oracle Cloud Native Environment Command Line Interface product of Oracle Open Source Projects. The supported versions that is affected is v2.3.2. Easily exploitable vulnerability allows unauthenticated attacker to compromise Oracle Cloud Native Environment Command Line...

Oracle Cloud Native Environment Command Line Interface 代码注入漏洞

Oracle Cloud Native Environment Command Line Interface is a command-line tool for managing cloud-native environment clusters provided by Oracle Corporation. Version 2.3.2 of Oracle Cloud Native Environment Command Line Interface contains a code injection vulnerability. This vulnerability could...

PT-2026-37373

Vulnerability in the Oracle Cloud Native Environment Command Line Interface product of Oracle Open Source Projects. The supported versions that is affected is v2.3.2. Easily exploitable vulnerability allows unauthenticated attacker to compromise Oracle Cloud Native Environment Command Line...

PT-2026-37356

Name of the Vulnerable Software and Affected Versions Argo CD versions 3.2.0 through 3.2.10 Argo CD versions 3.3.0 through 3.3.8 Description A missing authorization and data-masking gap exists in the '/application.ApplicationService/ServerSideDiff' endpoint. This allows an attacker with read-only...

EUVD-2026-25392

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.17.2 and 1.16.4, an unchecked type assertion in the forEach mutation handler allows any user with permission to create a Policy or ClusterPolicy to crash the cluster-wide background controller int...

PT-2026-34846

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has n...