13 matches found
BIT-KYVERNO-2026-23881 Kyverno Denial of Service via Context Variable Amplification in Policy Engine
Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have unbounded memory consumption in Kyverno's policy engine that allows users with policy creation privileges to cause denial of service by crafting policies that exponentially...
GO-2026-4382 Kyverno Denial of Service via Context Variable Amplification in Policy Engine in github.com/kyverno/kyverno
Kyverno Denial of Service via Context Variable Amplification in Policy Engine in github.com/kyverno/kyverno...
Kyverno Denial of Service via Context Variable Amplification in Policy Engine
Summary Unbounded memory consumption in Kyverno's policy engine allows users with policy creation privileges to cause Denial of Serviceby crafting policies that exponentially amplify string data through context variables. Details For example, the random JMESPath function in...
CVE-2026-23881
CVE-2026-23881 affects Kyverno policy engine prior to versions 1.16.3 and 1.15.3, which exhibit unbounded memory consumption that can cause denial of service when policies with context variables are crafted by users with policy-creation privileges. The issue is resolved in 1.16.3 and 1.15.3 by a ...
CVE-2026-23881 Kyverno Denial of Service via Context Variable Amplification in Policy Engine
Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have unbounded memory consumption in Kyverno's policy engine that allows users with policy creation privileges to cause denial of service by crafting policies that exponentially...
CVE-2026-23881 Kyverno Denial of Service via Context Variable Amplification in Policy Engine
Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have unbounded memory consumption in Kyverno's policy engine that allows users with policy creation privileges to cause denial of service by crafting policies that exponentially...
EUVD-2024-2472
Malicious code in bioql PyPI...
CVE-2024-42356
Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the context variable is injected into almost any Twig Template and allows to access to current language, currency information. The context object allows also to switch for a short time the scope of the Context as a...
CVE-2024-42356
Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the context variable is injected into almost any Twig Template and allows to access to current language, currency information. The context object allows also to switch for a short time the scope of the Context as a...
CVE-2024-42356
CVE-2024-42356 affects Shopware (open commerce platform). The issue arises from the Twig context variable, which can be injected into most Twig templates and, via a scoped Context helper, enables calling statically callable PHP functions from Twig. This can leak language/currency context and, wit...
CVE-2024-42356 Shopware vulnerable to Server Side Template Injection in Twig using Context functions
Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the context variable is injected into almost any Twig Template and allows to access to current language, currency information. The context object allows also to switch for a short time the scope of the Context as a...
Branch-names Input Validation Error Vulnerability
branch-names is a tool for retrieving branch or tag names. An input validation error vulnerability exists in branch-names versions prior to 7.0.7, which stems from incorrectly referencing context variables and can be exploited by an attacker to execute arbitrary code...
Denial of service
SystemTap 1.4 and earlier, when unprivileged aka stapusr mode is enabled, allows local users to cause a denial of service divide-by-zero error and OOPS via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs context variable access...