Lucene search
K

77 matches found

OSV
OSV
added 2026/06/11 12:37 a.m.8 views

CLEANSTART-2026-KV53168 Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU

Security vulnerability affects the kyverno-policy-reporter-kyverno-plugin package. Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...

9.8CVSS5.5AI score0.0056EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.12 views

CVE-2026-41323

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has n...

9.1CVSS5.4AI score0.0056EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.11 views

CVE-2026-41485

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.17.2 and 1.16.4, an unchecked type assertion in the forEach mutation handler allows any user with permission to create a Policy or ClusterPolicy to crash the cluster-wide background controller int...

7.7CVSS5.5AI score0.00369EPSS
Exploits1References1
Chainguard
Chainguard
added 2026/06/04 7:17 p.m.13 views

CVE-2026-40898 vulnerabilities

Vulnerabilities for packages: kubedock-fips, kyverno-policy-reporter-fips, coredns-fips, teleport-operator-fips, ipfs-cluster-fips, kube-metrics-adapter-fips, k3s, k8sgateway-fips, spegel-fips, kubo, kyverno-policy-reporter, q, eks-distro, syncthing, k8sgateway, traefik-fips, mediamtx-fips,...

7.5CVSS6.1AI score0.00279EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/04 7:17 p.m.8 views

GHSA-VVGJ-X9JQ-8CJ9 vulnerabilities

Vulnerabilities for packages: kubedock-fips, kyverno-policy-reporter-fips, coredns-fips, teleport-operator-fips, ipfs-cluster-fips, kube-metrics-adapter-fips, k3s, k8sgateway-fips, spegel-fips, kubo, kyverno-policy-reporter, q, eks-distro, syncthing, k8sgateway, traefik-fips, mediamtx-fips,...

6.1AI score
Exploits0
OSV
OSV
added 2026/05/18 1:44 p.m.16 views

CLEANSTART-2026-GB46352 Security fixes for CVE-2025-0913, CVE-2025-4673, CVE-2025-47907, CVE-2026-25679, CVE-2026-26958, CVE-2026-27139, CVE-2026-27141, CVE-2026-27142, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33186, CVE-2026-33810, CVE-2026-34986, CVE-2026-39883, ghsa-2464-8j7c-4cjm, ghsa-78h2-9frx-2jm8, ghsa-fw7p-63qq-7hpr, ghsa-hfvc-g4fc-pqhx, ghsa-p77j-4mvh-x3m3, ghsa-xmrv-pmrh-hhx2 applied in versions: 3.3.2-r0, 3.5.0-r0, 3.7.2-r0, 3.7.3-r0, 3.7.3-r1, 3.7.3-r2, 3.7.4-r0

Multiple security vulnerabilities affect the kyverno-policy-reporter-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS6.9AI score0.01557EPSS
Exploits2References41
Wolfi
Wolfi
added 2026/05/16 1:48 p.m.14 views

GHSA-GXHX-2686-5H9G vulnerabilities

Vulnerabilities for packages: atlantis, argo-events, kubernetes-event-exporter, kubewatch, argo-cd, kyverno-policy-reporter, goreleaser, argo-rollouts, bento...

6.1AI score
Exploits0
CVE
CVE
added 2026/05/12 10:46 p.m.23 views

CVE-2026-44245

CVE-2026-44245 affects Kyverno’s policy-reporter-ui where the PropertyCard.vue component uses Vue.js v-html to render non-URL strings, bypassing escaping and allowing stored HTML payloads from Kubernetes PolicyReport.results[].properties to flow into the DOM. The isURL() guard only filters http/h...

6.1CVSS5.9AI score0.00183EPSS
Exploits1References1Affected Software1
Chainguard
Chainguard
added 2026/05/09 7:17 p.m.8 views

GHSA-PMWQ-PJRM-6P5R vulnerabilities

Vulnerabilities for packages: slsa-verifier, dagger, chainloop-cli, zarf, buildkitd-fips, docker-compose, vexctl, falcoctl-fips, chainctl-fips, cloudbeat-fips, kyverno-policy-reporter-plugins-kyverno, kyverno, trivy, spire-server, docker-cli-buildx-fips, falcoctl, policy-controller-fips,...

6.1AI score
Exploits0
Cvelist
Cvelist
added 2026/04/24 3:27 a.m.31 views

CVE-2026-41485 Kyverno Controller Denial of Service via forEach Mutation Panic

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.17.2 and 1.16.4, an unchecked type assertion in the forEach mutation handler allows any user with permission to create a Policy or ClusterPolicy to crash the cluster-wide background controller int...

7.7CVSS0.00369EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/24 3:21 a.m.7 views

CVE-2026-41323

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has n...

8.1CVSS5.7AI score0.0056EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/04/21 7:16 p.m.6 views

CVE-2026-40868

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 1.16.4, kyverno’s apiCall servicecall helper implicitly injects Authorization: Bearer ... using the kyverno controller serviceaccount token when a policy does not explicitly set an Authorization header...

8.1CVSS0.00289EPSS
Exploits1References1
OSV
OSV
added 2026/04/16 1:2 a.m.13 views

CLEANSTART-2026-WB12909 During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions

Multiple security vulnerabilities affect the kyverno-policy-reporter-kyverno-plugin-fips package. During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions. See references for individual vulnerabili...

9.8CVSS7.1AI score0.01557EPSS
Exploits5References70
OSV
OSV
added 2026/04/16 1:1 a.m.16 views

CLEANSTART-2026-UQ68343 During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions

Multiple security vulnerabilities affect the kyverno-policy-reporter-kyverno-plugin-fips package. During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions. See references for individual vulnerabili...

9.8CVSS7.1AI score0.01945EPSS
Exploits6References41
OSV
OSV
added 2026/04/16 1:1 a.m.5 views

CLEANSTART-2026-CR55131 During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions

Multiple security vulnerabilities affect the kyverno-policy-reporter-kyverno-plugin-fips package. During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions. See references for individual vulnerabili...

9.8CVSS7.1AI score0.01945EPSS
Exploits2References27
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.12 views

PT-2026-34846

Name of the Vulnerable Software and Affected Versions Kyverno versions prior to 1.18.0 Kyverno versions prior to 1.17.2 Kyverno versions prior to 1.16.4 Description The apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP request...

9.1CVSS5.9AI score0.0056EPSS
Exploits1References11
Chainguard
Chainguard
added 2026/04/11 2:18 a.m.7 views

CVE-2026-33810 vulnerabilities

Vulnerabilities for packages: grafana-operator-fips, nemo, omnibump, victoriametrics-cluster-fips, rabbitmq-messaging-topology-operator-fips, aws-network-policy-agent, smarter-device-manager, karma-fips, aws-privateca-issuer-fips, nodetaint, secrets-store-csi-driver-provider-aws, karpenter,...

8.8CVSS7AI score0.0034EPSS
Exploits0
Chainguard
Chainguard
added 2026/04/11 2:18 a.m.8 views

GHSA-FV83-X2XW-2J55 vulnerabilities

Vulnerabilities for packages: grafana-operator-fips, nemo, omnibump, victoriametrics-cluster-fips, rabbitmq-messaging-topology-operator-fips, aws-network-policy-agent, smarter-device-manager, karma-fips, aws-privateca-issuer-fips, nodetaint, secrets-store-csi-driver-provider-aws, karpenter,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/04/11 2:18 a.m.12 views

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: nemo, knative-operator-fips, victoriametrics-cluster-fips, beats-fips, nri-consul, quic-go, aws-network-policy-agent, nodetaint, kafkaexporter-fips, atlantis-fips, logstash-exporter, jupyterhub-k8s-image-awaiter-fips, karpenter, kubernetes,...

7.5CVSS6.9AI score0.00621EPSS
Exploits0
OSV
OSV
added 2026/04/10 12:56 a.m.6 views

CLEANSTART-2026-MU81308 gRPC-Go is the Go language implementation of gRPC

Multiple security vulnerabilities affect the kyverno-policy-reporter-fips package. gRPC-Go is the Go language implementation of gRPC. See references for individual vulnerability details...

9.8CVSS6.8AI score0.01557EPSS
Exploits1References22
Rows per page
Query Builder