CVE-2026-41485

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.17.2 and 1.16.4, an unchecked type assertion in the forEach mutation handler allows any user with permission to create a Policy or ClusterPolicy to crash the cluster-wide background controller int...

CVE-2026-41485

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.17.2 and 1.16.4, an unchecked type assertion in the forEach mutation handler allows any user with permission to create a Policy or ClusterPolicy to crash the cluster-wide background controller int...

Security Bulletin: Due to the use of helm, IBM Kubecost Self Hosted is affected by stack overflow and memory exhaustion

Summary helm is used by IBM Kubecost Self Hosted as part of the cluster-controller component CVE-2025-32387, CVE-2025-32386 Vulnerability Details CVEID:CVE-2025-32387 DESCRIPTION: Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply...

EUVD-2024-17612

Malicious code in bioql PyPI...

EUVD-2022-3694

Malicious code in bioql PyPI...

CVE-2024-31989 ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It has been discovered that an unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Despite having installed the latest version of the VPC CNI plugin on the EKS...

CVE-2024-1889

Cross-Site Request Forgery vulnerability in SMA Cluster Controller, affecting version 01.05.01.R. This vulnerability could allow an attacker to send a malicious link to an authenticated user to perform actions with these user permissions on the affected device...

CVE-2024-1889

Cross-Site Request Forgery vulnerability in SMA Cluster Controller, affecting version 01.05.01.R. This vulnerability could allow an attacker to send a malicious link to an authenticated user to perform actions with these user permissions on the affected device...

Cross site request forgery (csrf)

Cross-Site Request Forgery vulnerability in SMA Cluster Controller, affecting version 01.05.01.R. This vulnerability could allow an attacker to send a malicious link to an authenticated user to perform actions with these user permissions on the affected device...

CVE-2024-1889 Cross-Site Request Forgery vulnerability in SMA Cluster Controller

Cross-Site Request Forgery vulnerability in SMA Cluster Controller, affecting version 01.05.01.R. This vulnerability could allow an attacker to send a malicious link to an authenticated user to perform actions with these user permissions on the affected device...

CVE-2024-1889

CVE-2024-1889 affects SMA Cluster Controller (version 01.05.01.R). The vulnerability is a Cross-Site Request Forgery (CSRF) that can be triggered when an authenticated user visits a malicious link, allowing actions with the user’s permissions on the affected device. Impact is described as high fo...

CVE-2024-1889 Cross-Site Request Forgery vulnerability in SMA Cluster Controller

Cross-Site Request Forgery vulnerability in SMA Cluster Controller, affecting version 01.05.01.R. This vulnerability could allow an attacker to send a malicious link to an authenticated user to perform actions with these user permissions on the affected device...

SMA Solar Technology AG Cluster Controller Cross-Site Request Forgery Vulnerability

The SMA Solar Technology AG Cluster Controller is a cluster controller from SMA Solar Technology AG, Germany, used to manage and monitor clusters of multiple solar inverters to optimize energy yield and system performance. A cross-site request forgery vulnerability exists in the SMA Solar...

VMware Aria Operations for Logs Cluster Controller Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware Aria Operations for Logs. Authentication is not required to exploit this vulnerability. The specific flaw exists within the InternalClusterController class. The issue results from the lack of...

Eucalyptus Unauthorized Access to CC/NC Log Files

The gather log service in Eucalyptus before 3.3.1 allows remote attackers to read log files via an unspecified request to the 1 Cluster Controller CC or 2 Node Controller NC component...

[SECURITY] Fedora 18 Update: eucalyptus-3.2.2-1.fc18

Eucalyptus is a service overlay that implements elastic computing using existing resources. The goal of Eucalyptus is to allow sites with existing clusters and server infrastructure to co-host an elastic computing service that is interface-compatible with Amazon AWS. This package contains the...

CVE-2013-4766

The gather log service in Eucalyptus before 3.3.1 allows remote attackers to read log files via an unspecified request to the 1 Cluster Controller CC or 2 Node Controller NC component...

CVE-2013-4766

The gather log service in Eucalyptus before 3.3.1 allows remote attackers to read log files via an unspecified request to the 1 Cluster Controller CC or 2 Node Controller NC component...