Kyverno 信息泄露漏洞

Kyverno is an open-source strategy engine designed for Kubernetes. Kyverno has a vulnerability related to information leakage, which stems from the apiCall function’s automatic attachment of ServiceAccount tokens, potentially causing the entire cluster to be compromised. The following versions ar...

EUVD-2026-19690

A flaw was found in Open Cluster Management OCM, the technology underlying Red Hat Advanced Cluster Management ACM. Improper validation of Kubernetes client certificate renewal allows a managed cluster administrator to forge a client certificate that can be approved by the OCM controller. This...

CVE-2026-4740

A flaw was found in Open Cluster Management OCM, the technology underlying Red Hat Advanced Cluster Management ACM. Improper validation of Kubernetes client certificate renewal allows a managed cluster administrator to forge a client certificate that can be approved by the OCM controller. This...

CVE-2025-64709 Typebot May Expose AWS EKS Credentials via Server Side Request Forgery in Webhook Block

Typebot is an open-source chatbot builder. In versions prior to 3.13.1, a Server-Side Request Forgery SSRF vulnerability in the Typebot webhook block HTTP Request component functionality allows authenticated users to make arbitrary HTTP requests from the server, including access to AWS Instance...

Chaos Mesh 访问控制错误漏洞

Chaos Mesh is an open source cloud-native engineering platform from Chaos Mesh Open Source. Chaos Mesh suffers from an Access Control Error vulnerability that stems from an unauthenticated GraphQL debugging server being exposed to the entire Kubernetes cluster, potentially resulting in a...

PT-2025-37473

Name of the Vulnerable Software and Affected Versions Chaos Mesh versions prior to 2.7.3 Description The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster. This server provides an API that allows attackers to kill...

Access Control Bypass

github.com/external-secrets/external-secrets is vulnerable to Access Control Bypass. The vulnerability is due to missing namespace selector in List calls for Secret and SecretStore resources, allowing attackers to exfiltrate secrets across the cluster...

CVE-2025-26521 Apache CloudStack: CKS cluster in project exposes user API keys

When an Apache CloudStack user-account creates a CKS-based Kubernetes cluster in a project, the API key and the secret key of the 'kubeadmin' user of the caller account are used to create the secret config in the CKS-based Kubernetes cluster. A member of the project who can access the CKS-based...

OpenFeature Operator 安全漏洞

OpenFeature Operator is OpenFeature's tool for exposing feature flags to applications. A security vulnerability exists in OpenFeature Operator versions prior to 0.2.32, which stems from a loose privilege configured on open-feature-operator-controller-manager that can be used to escalate the...