44 matches found
CVE-2026-41323 Kyverno: ServiceAccount token leaked to external servers via apiCall service URL
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has n...
CVE-2026-41323 Kyverno: ServiceAccount token leaked to external servers via apiCall service URL
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has n...
CVE-2026-41323
Summary of CVE-2026-41323 : Kyverno’s ClusterPolicy apiCall feature leaks the admission controller’s ServiceAccount token by attaching it to outgoing HTTP requests without validating the target URL. This allows tokens (e.g., for the kyverno-admission-controller) to be exfiltrated to attacker-cont...
GHSA-F9G8-6PPC-PQQ4 Kyverno: ServiceAccount token leaked to external servers via apiCall service URL
Summary Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has no validation — it can point anywhere, including attacker-controlled servers. Since the admission controller SA has permissions ...
EUVD-2026-22943
Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the application when the...
CVE-2026-30624
Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the application when the...
CVE-2026-30624
Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the application when the...
This Week in Spring - February 10th, 2026
Hi, Spring fans! Welcome to another installment of This Week in Spring! It's February 10th, 2026, as I write this from lovely London, UK. I spoke at the local Java User Group here last night, had a wonderful time. Tomorrow, I'm going home. It's been fun, but it's time to conclude this roller...
CVE-2021-28910
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 contains basic SSRF vulnerability. It allow unauthenticated attackers to request to any internal and external server...
TencentOS Server 4: netavark (TSSA-2025:0782)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0782 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
EUVD-2025-22934
Malicious code in bioql PyPI...
The Cybersecurity of a Humanoid Robot
The rapid advancement of humanoid robotics presents unprecedented cybersecurity challenges that existing theoretical frameworks fail to adequately address. This report presents a comprehensive security assessment of a production humanoid robot platform, bridging the gap between abstract security...
PT-2025-36901
Name of the Vulnerable Software and Affected Versions: Lexmark devices affected versions not specified Description: A Server-Side Request Forgery SSRF vulnerability exists in the embedded web server of Lexmark devices. An attacker can exploit this issue to make the device send an arbitrary HTTP...
SUSE CVE-2025-8283
A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be us...
GHSA-RPCF-RMH6-42XR Netavark Has Possible DNS Resolve Confusion
A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be us...
Netavark Has Possible DNS Resolve Confusion
A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be us...
CVE-2025-8283
A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be us...
CVE-2025-8283
A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be us...
PT-2025-31142
Name of the Vulnerable Software and Affected Versions netavark affected versions not specified Description A vulnerability exists in the netavark package, a network stack for containers used with Podman. Due to the removal of the dns.podman search domain, netavark may return external servers if a...
CVE-2021-39362
An XSS issue was discovered in ReCaptcha Solver 5.7. A response from Anti-Captcha.com, RuCaptcha.com, 2captcha.com, DEATHbyCAPTCHA.com, ImageTyperz.com, or BestCaptchaSolver.com in setCaptchaCode is inserted into the DOM as HTML, resulting in full control over the user's browser by these servers...