Lucene search
K

102 matches found

CVE
CVE
added 3 days ago18 views

CVE-2026-61459

Affected software: MCP Server Kubernetes before 3.9.0. Vulnerability: Argument injection in structured tools (kubectl_get, kubectl_describe, kubectl_delete) that bypasses the assertNoDangerousFlags check by using leading dashes for resourceType/name. This allows injection of the --server flag to ...

9.8CVSS6.1AI score0.00421EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 3 days ago8 views

PT-2026-57272

Name of the Vulnerable Software and Affected Versions MCP Server Kubernetes versions prior to 3.9.0 Description An argument injection flaw exists in structured tools, specifically within the kubectl get, kubectl describe, and kubectl delete functions. By providing the resourceType and name...

9.8CVSS6.1AI score0.00421EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/06/10 5:29 p.m.41 views

CVE-2026-50566 Fission: Environment Runtime.Container and Builder.Container SecurityContext bypass allows privileged pod creation

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a tenant with environments.fission.io create/update RBAC can run privileged / allowPrivilegeEscalation / dangerous-capability...

9.9CVSS0.0029EPSS
Exploits0References3
CVE
CVE
added 2026/06/10 5:29 p.m.27 views

CVE-2026-50566

Fission prior to v1.24.0 is affected: a tenant with environments.fission.io create/update RBAC could run privileged / allowPrivilegeEscalation / dangerous-capability containers in the Fission function or builder namespace, scheduled under the executor’s high-privilege service account. This enable...

9.9CVSS5.4AI score0.0029EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.12 views

CVE-2026-41323

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has n...

9.1CVSS5.4AI score0.0056EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.10 views

CVE-2026-6389

IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An attacker that compromises the operator or its service account can exfiltrate sensitive credentials,...

8.8CVSS5.5AI score0.00106EPSS
Exploits0References1
CVE
CVE
added 2026/06/05 3:58 p.m.18 views

CVE-2025-5088

CVE-2025-5088 affects Arista CloudVision Exchange (CVX) via an authenticated Redis session that could grant full root access to all CVX servers. Exploitation requires network access to the Redis service and the Redis password, and Redis traffic is plaintext (TLS support tracked separately). The i...

8.7CVSS5.5AI score0.00323EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.13 views

PT-2026-46096

Summary The environment variables KERNEL XXX used during the rendering of the Kubernetes manifest are vulnerable to Server Side Template Injection SSTI. By including Jinja2 template expressions it is possible to execution Python code and OS Commands in the Enterprise Gateway service. The code can...

10CVSS6.4AI score
Exploits0References3
CVE
CVE
added 2026/05/26 1:14 p.m.42 views

CVE-2026-7374

CVE-2026-7374 describes a vulnerability in KubeVirt’s virt-handler where improper symlink validation during VM console socket connections allows an authenticated OpenShift user with namespace-level edit permissions to hijack virt-handler’s privileged connection. By substituting the console socket...

9.9CVSS5.8AI score0.00596EPSS
Exploits0References13
NVD
NVD
added 2026/04/30 10:16 p.m.6 views

CVE-2026-6389

IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An attacker that compromises the operator or its service account can exfiltrate sensitive credentials,...

8.8CVSS0.00106EPSS
Exploits0References1
CVE
CVE
added 2026/04/30 9:17 p.m.11 views

CVE-2026-6389

IBM Turbonomic Prometurbo agent (application resource management) versions 8.16.0–8.17.6 expose cluster‑wide permissions, including unrestricted read access to all secrets. This enables an attacker with operator/service account access to exfiltrate credentials, escalate privileges, and potentiall...

8.8CVSS5.3AI score0.00106EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/04/30 9:17 p.m.6 views

EUVD-2026-26446

IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An attacker that compromises the operator or its service account can exfiltrate sensitive credentials,...

8.8CVSS5.3AI score0.00106EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/30 9:17 p.m.6 views

CVE-2026-6389 IBM Turbonomic Prometurbo agent used by IBM Turbonomic Application Resource Management is affected by a single vulnerability

IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An attacker that compromises the operator or its service account can exfiltrate sensitive credentials,...

8.8CVSS5.8AI score0.00106EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/30 9:17 p.m.4 views

CVE-2026-6389

IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An attacker that compromises the operator or its service account can exfiltrate sensitive credentials,...

8.8CVSS5.3AI score0.00106EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/30 9:17 p.m.38 views

CVE-2026-6389 IBM Turbonomic Prometurbo agent used by IBM Turbonomic Application Resource Management is affected by a single vulnerability

IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An attacker that compromises the operator or its service account can exfiltrate sensitive credentials,...

8.8CVSS0.00106EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/04/28 1:35 a.m.6 views

SUSE CVE-2026-41323

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has n...

9.1CVSS5.3AI score0.0056EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/24 3:21 a.m.4 views

CVE-2026-41323 Kyverno: ServiceAccount token leaked to external servers via apiCall service URL

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has n...

8.1CVSS5.2AI score0.0056EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/24 3:21 a.m.7 views

CVE-2026-41323

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has n...

8.1CVSS5.7AI score0.0056EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/04/24 3:21 a.m.6 views

EUVD-2026-25389

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has n...

8.1CVSS5.7AI score0.0056EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/24 3:21 a.m.30 views

CVE-2026-41323 Kyverno: ServiceAccount token leaked to external servers via apiCall service URL

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has n...

8.1CVSS0.0056EPSS
Exploits1References4
Rows per page
Query Builder