CVE-2026-4810

A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit ADK versions 1.7.0 and 2.0.0a1 through 1.28.1 and 2.0.0a2 on Python OSS, Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance. This...

EUVD-2026-21900

A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit ADK versions 1.7.0 and 2.0.0a1 through 1.28.1 and 2.0.0a2 on Python OSS, Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance. This...

CVE-2026-4810 Remote Code Execution in Google Agent Development Kit (ADK)

A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit ADK versions 1.7.0 and 2.0.0a1 through 1.28.1 and 2.0.0a2 on Python OSS, Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance. This...

CVE-2026-33726

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is...

EUVD-2022-5867

Malicious code in bioql PyPI...

EUVD-2022-5660

Malicious code in bioql PyPI...

Google Kubernetes Misconfig Lets Any Gmail Account Control Your Clusters

Cybersecurity researchers have discovered a loophole impacting Google Kubernetes Engine GKE that could be potentially exploited by threat actors with a Google account to take control of a Kubernetes cluster. The critical shortcoming has been codenamed Sys:All by cloud security firm Orca. As many ...

GSD-2022-1002525 IP address filtering in Google Cloud Platform (GCP) version All versions as of 2022-06-07 and later (unfixed as of yet)

In Google Cloud Platform GCP, all versions as of 2022-06-07 and later unfixed as of yet an IP address filtering vulnerability exists in the Kubernetes control plane that can be attacked via other systems within Google Cloud Engine's network filtering is only applied to external IP addresses...

RCE vulnerability in Google Kubernetes Engine Plugin

Google Kubernetes Engine Plugin 0.8.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types. This results in a remote code execution vulnerability exploitable by users able to provide YAML input files to Google Kubernetes Engine Plugin’s build step. Google...

Missing permission checks in Google Kubernetes Engine Jenkins Plugin

A missing permission check in Jenkins Google Kubernetes Engine Plugin Prior to version 0.7.1 allows attackers with Overall/Read permission to obtain limited information about the scope of a credential with an attacker-specified credentials ID. This issue is patched in version 0.7.1...

GHSA-WWR4-79JV-297R Missing permission checks in Google Kubernetes Engine Jenkins Plugin

A missing permission check in Jenkins Google Kubernetes Engine Plugin Prior to version 0.7.1 allows attackers with Overall/Read permission to obtain limited information about the scope of a credential with an attacker-specified credentials ID. This issue is patched in version 0.7.1...

Jenkins Google Kubernetes Engine Plugin vulnerable to Exposure of Resource to Wrong Sphere

Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a temporary file named .kube…config containing a temporary access token in the project workspace, where it could be accessed by users with Job/Read permission. This temporary file is now created outside the regular project workspac...

GHSA-XW4C-9434-3F7P Jenkins Google Kubernetes Engine Plugin vulnerable to Exposure of Resource to Wrong Sphere

Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a temporary file named .kube…config containing a temporary access token in the project workspace, where it could be accessed by users with Job/Read permission. This temporary file is now created outside the regular project workspac...

Remote code execution

Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...

CVE-2020-2121

Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...

PT-2020-15328 · Jenkins · Jenkins Google Kubernetes Engine Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Google Kubernetes Engine Plugin versions 0.8.0 and earlier Description: The issue is related to the configuration of the YAML parser in the Jenkins Google Kubernetes Engine Plugin, which does not prevent the instantiation of arbitrary...

CloudBees Jenkins Google Kubernetes Engine Plugin Permission Check Missing Vulnerability

CloudBees Jenkins is a set of Java-based development of continuous integration tools . CloudBees Jenkins Google Kubernetes Engine Plugin suffers from a security vulnerability that allows remote attackers to exploit the vulnerability by submitting a special request that can be used to obtain...

CVE-2019-10445

A missing permission check in Jenkins Google Kubernetes Engine Plugin 0.7.0 and earlier allowed attackers with Overall/Read permission to obtain limited information about the scope of a credential with an attacker-specified credentials ID...

CVE-2019-10445

A missing permission check in Jenkins Google Kubernetes Engine Plugin 0.7.0 and earlier allowed attackers with Overall/Read permission to obtain limited information about the scope of a credential with an attacker-specified credentials ID...

CVE-2019-10445

A missing permission check in Jenkins Google Kubernetes Engine Plugin 0.7.0 and earlier allowed attackers with Overall/Read permission to obtain limited information about the scope of a credential with an attacker-specified credentials ID...