Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2022-0936

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00385EPSS
Exploits1References5
RedhatCVE
RedhatCVEadded 2025/02/05 11:17 p.m.4 views

CVE-2022-23652

capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious Connection header to start a privilege escalation attack towards the Kubernetes API Server. This...

8.8CVSS7AI score0.00385EPSS
Exploits1References1
OSV
OSVadded 2024/12/11 6:42 p.m.4 views

GHSA-C7XH-GJV4-4JGV kcp's impersonation allows access to global administrative groups

Impact Impersonation is a feature of the Kubernetes API, allowing to override user information. As downstream project, kcp inherits this feature. As per the linked documentation a specific level of privilege usually assigned to cluster admins is required for impersonation. The vulnerability in kc...

6.4CVSS7AI score
Exploits0References5
Github Security Blog
Github Security Blogadded 2024/12/11 6:42 p.m.15 views

kcp's impersonation allows access to global administrative groups

Impact Impersonation is a feature of the Kubernetes API, allowing to override user information. As downstream project, kcp inherits this feature. As per the linked documentation a specific level of privilege usually assigned to cluster admins is required for impersonation. The vulnerability in kc...

7AI score
Exploits0References5Affected Software1
The Hacker News
The Hacker Newsadded 2024/01/24 2:25 p.m.38 views

Google Kubernetes Misconfig Lets Any Gmail Account Control Your Clusters

Cybersecurity researchers have discovered a loophole impacting Google Kubernetes Engine GKE that could be potentially exploited by threat actors with a Google account to take control of a Kubernetes cluster. The critical shortcoming has been codenamed Sys:All by cloud security firm Orca. As many ...

7.2AI score
Exploits0
Vulnrichment
Vulnrichmentadded 2022/02/22 7:55 p.m.4 views

CVE-2022-23652 Privilege escalation using hop-by-hop Connection header

capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious Connection header to start a privilege escalation attack towards the Kubernetes API Server. This...

8.8CVSS8.9AI score0.00385EPSS
Exploits1References3
Cvelist
Cvelistadded 2022/02/22 7:55 p.m.10 views

CVE-2022-23652 Privilege escalation using hop-by-hop Connection header

capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious Connection header to start a privilege escalation attack towards the Kubernetes API Server. This...

8.8CVSS9.1AI score0.00385EPSS
Exploits1References3
CNNVD
CNNVDadded 2022/02/22 12:0 a.m.1 views

capsule-proxy 授权问题漏洞

The capsule-proxy is designed to allow overcoming the limitations of the Kubernetes API Server in listing the cluster-wide resources it owns, such as Namespace, Ingress and Storage Classes, Nodes, and other resources covered by the Capsule. A security vulnerability in capsule-proxy versions prior...

8.8CVSS7.8AI score0.00385EPSS
Exploits1References5
Rows per page
Query Builder