60 matches found
GHSA-WV8C-6MX2-XF4J Omni: Reader-level users can retrieve imported cluster CA keys via ResourceService
Summary Omni supports importing standalone Talos clusters. During this process, an ImportedClusterSecrets resource is created, which contains the full CA secrets bundle for the cluster being imported. If these secrets are not rotated by the importing actor, an authenticated Omni user with Reader...
PT-2026-46989
Summary Omni supports importing standalone Talos clusters. During this process, an ImportedClusterSecrets resource is created, which contains the full CA secrets bundle for the cluster being imported. If these secrets are not rotated by the importing actor, an authenticated Omni user with Reader...
CVE-2026-6389 IBM Turbonomic Prometurbo agent used by IBM Turbonomic Application Resource Management is affected by a single vulnerability
IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An attacker that compromises the operator or its service account can exfiltrate sensitive credentials,...
PT-2026-24119
Name of the Vulnerable Software and Affected Versions ingress-nginx versions prior to 1.13.7 and 1.14.3 Description A security issue exists in ingress-nginx where the nginx.ingress.kubernetes.io/rewrite-target Ingress annotation can be exploited to inject configuration into nginx. This can result...
CVE-2026-27574 OneUptime: node:vm sandbox escape in probe allows any project member to achieve RCE
OneUptime is a solution for monitoring and managing online services. In versions 9.5.13 and below, custom JavaScript monitor feature uses Node.js's node:vm module explicitly documented as not a security mechanism to execute user-supplied code, allowing trivial sandbox escape via a well-known...
CVE-2026-22549
A vulnerability exists in F5 BIG-IP Container Ingress Services that may allow excessive permissions to read cluster secrets. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-22549
A vulnerability exists in F5 BIG-IP Container Ingress Services that may allow excessive permissions to read cluster secrets. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-22549
A vulnerability exists in F5 BIG-IP Container Ingress Services that may allow excessive permissions to read cluster secrets. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-22549
The CVE-2026-22549 issue affects BIG-IP Container Ingress Services for Kubernetes and OpenShift. Affects CIS components (Kubernetes/OpenShift deployment) with CIS versions 2.0.0–2.20.1 known to be vulnerable; fix introduced in 2.20.2. Root cause: excessive permissions enabling read access to clus...
CVE-2026-22549 BIG-IP Container Ingress Services vulnerability
A vulnerability exists in F5 BIG-IP Container Ingress Services that may allow excessive permissions to read cluster secrets. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-22549 BIG-IP Container Ingress Services vulnerability
A vulnerability exists in F5 BIG-IP Container Ingress Services that may allow excessive permissions to read cluster secrets. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
EUVD-2026-5508
A vulnerability exists in F5 BIG-IP Container Ingress Services that may allow excessive permissions to read cluster secrets. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
K000157960: BIG-IP Container Ingress Services vulnerability CVE-2026-22549
Security Advisory Description A vulnerability exists in F5 BIG-IP Container Ingress Services that may allow excessive permissions to read cluster secrets. CVE-2026-22549 Impact A remote, authenticated attacker with high privilege access to BIG-IP Container Ingress Services may be able to read...
PT-2026-6107
Name of the Vulnerable Software and Affected Versions F5 BIG-IP Container Ingress Services affected versions not specified Description A flaw exists in F5 BIG-IP Container Ingress Services that could permit excessive permissions, potentially allowing unauthorized access to read cluster secrets...
PT-2026-6404
A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to t...
EUVD-2023-2497
Malicious code in bioql PyPI...
EUVD-2023-0987
Malicious code in bioql PyPI...
CVE-2024-32359
An RBAC authorization risk in Carina v0.13.0 and earlier allows local attackers to execute arbitrary code through designed commands to obtain the secrets of the entire cluster and further take over the cluster...
CVE-2023-30617
Kruise provides automated management of large-scale applications on Kubernetes. Starting in version 0.8.0 and prior to versions 1.3.1, 1.4.1, and 1.5.2, an attacker who has gained root privilege of the node that kruise-daemon run can leverage the kruise-daemon pod to list all secrets in the entir...
Kubernetes Ingress NGINX Controller Arbitrary Code Execution
Ingress NGINX Controller for Kubernetes versions before 1.11.5, and 1.12.x before 1.12.1 suffer from a critical remote code execution vulnerability. Successful exploitation allows an unauthenticated attacker with access to the pod network to achieve remote code execution RCE in the controller's...