23 matches found
CVE-2026-6720
When calicoctl is invoked with --log-level=info or --log-level=debug, the client prints the full contents of its loaded connection-configuration struct to stderr in a single log line. The struct embeds every credential calicoctl uses to talk to the cluster — inline kubeconfig with bearer token,...
CVE-2026-41185
When Calico is configured with the Azure IPAM plugin, the Calico CNI binary mutates the incoming CNI configuration to attach subnet information before delegating to the IPAM plugin. After mutating, the Azure IPAM helper logs the entire unmarshaled configuration map stdinData at INFO level to...
CVE-2026-6720
When calicoctl is invoked with --log-level=info or --log-level=debug, the client prints the full contents of its loaded connection-configuration struct to stderr in a single log line. The struct embeds every credential calicoctl uses to talk to the cluster — inline kubeconfig with bearer token,...
Malicious code in n8n-nodes-pentest-rce (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a813bc4a209e75b50151451de1c2a3c4a7e916b181b314416eafc43492b4eb5 On npm install, the package's postinstall script runs a shell pipeline that reads the Kubernetes service-account token from...
MAL-2026-4617 Malicious code in n8n-nodes-pentest-rce (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a813bc4a209e75b50151451de1c2a3c4a7e916b181b314416eafc43492b4eb5 On npm install, the package's postinstall script runs a shell pipeline that reads the Kubernetes service-account token from...
SUSE-SU-2026:1558-1 Security update for tomcat11
This update for tomcat11 fixes the following issues: Security fixes: - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect bsc1261851. - CVE-2026-29129: TLS cipher order is not preserved bsc1261852. - CVE-2026-29145: OCSP checks...
Apache Tomcat 9.0.92 < 9.0.117 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 9.0.117. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.117security-9 advisory. - Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clusterin...
MGASA-2026-0095 Updated tomcat packages fix security vulnerabilities
Request smuggling via invalid chunk extension. CVE-2026-24880 Occasionally open redirect. CVE-2026-25854 TLS cipher order is not preserved. CVE-2026-29129 OCSP checks sometimes soft-fail even when soft-fail is disabled. CVE-2026-29145 EncryptInterceptor vulnerable to padding oracle attack by...
SUSE CVE-2026-34487
Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116. User...
Linux Distros Unpatched Vulnerability : CVE-2026-34487
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer...
Apache Tomcat vulnerable to Insertion of Sensitive Information into Log File
Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116. User...
CVE-2026-34487
Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116. User...
DEBIAN-CVE-2026-34487
Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116. User...
CVE-2026-34487 Apache Tomcat: Cloud membership for clustering component exposed the Kubernetes bearer token
Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116. User...
CVE-2026-34487
Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116. User...
CVE-2026-34487
Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116. User...
Improper Certificate Validation
Overview apache-airflow-providers-databricks is a Provider package apache-airflow-providers-databricks for Apache Airflow Affected versions of this package are vulnerable to Improper Certificate Validation due to the lack of certificate validation in the K8s Token Exchange. An attacker can...
CVE-2026-32794 Apache Airflow Provider for Databricks: TLS Certificate Verification Disabled in Databricks Provider K8s Token Exchange
Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o...
CVE-2020-13264
Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token...
The vulnerability of the component “koko” in the security audit system for the operation and maintenance of JumpServer, which allows a perpetrator to obtain a cluster token from Kubernetes.
The vulnerability of the koko component in the system for auditing security operations and maintenance of JumpServer is related to improper privilege assignment. Exploiting this vulnerability allows a malicious actor, operating remotely, to obtain a Kubernetes cluster token...