Rancher has downstream cluster privilege escalation through cluster and project role template binding (CRTB/PRTB)

Impact An issue was discovered in Rancher versions up to and including 2.5.15 and 2.6.6 where a flaw with authorization logic allows privilege escalation through cluster role template binding CRTB and project role template binding PRTB. This issue does not affect the local cluster, it affects onl...

EUVD-2004-0318

Malware in sbrugna...

EUVD-2025-10231

Malicious code in bioql PyPI...

EUVD-2025-10234

Malicious code in bioql PyPI...

EUVD-2023-1854

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-42343

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Dask distributed package before 2021.10.0 for Python. Single machine Dask clusters started with dask.distributed.LocalCluster or...

CVE-2023-22647

An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted, but their read-level permissions to the secret being preserved. When this...

CVE-2025-25002

Insertion of sensitive information into log file in Azure Local Cluster allows an authorized attacker to disclose information over an adjacent network...

CVE-2025-26628

Insufficiently protected credentials in Azure Local Cluster allows an authorized attacker to disclose information locally...

The vulnerability of the Kubernetes cluster deployment and management software on Azure Local Cluster infrastructure lies in the exposure of password values in log files, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the Kubernetes cluster deployment and management software on Azure Local Cluster infrastructure is related to the disclosure of password values in log files. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information from ...

The vulnerability of the Kubernetes cluster deployment and management software on Azure Local Cluster infrastructure lies in the insufficient protection of registration data, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the Kubernetes cluster deployment and management software on Azure Local Cluster infrastructure is related to insufficient protection for registration data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure products. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges and gain access to sensitive data. The vulnerability with reference CVE-2025-27489 allows the malicious party, by loading a non-Microsoft DLL...

CVE-2025-25002

Insertion of sensitive information into log file in Azure Local Cluster allows an authorized attacker to disclose information over an adjacent network...

CVE-2025-26628

Insufficiently protected credentials in Azure Local Cluster allows an authorized attacker to disclose information locally...

CVE-2025-25002

Insertion of sensitive information into log file in Azure Local Cluster allows an authorized attacker to disclose information over an adjacent network...

CVE-2025-26628

Insufficiently protected credentials in Azure Local Cluster allows an authorized attacker to disclose information locally...

CVE-2025-26628

Technical details about CVE-2025-26628 are not publicly provided in the connected documents; no specific affected product versions, root cause, or fixes are disclosed here. Monitor for updates.

CVE-2025-26628 Azure Local Cluster Information Disclosure Vulnerability

...

CVE-2025-25002 Azure Local Cluster Information Disclosure Vulnerability

...

CVE-2025-25002

CVE-2025-25002 affects Azure Local Cluster and involves insertion of sensitive information into log files, enabling an authorized attacker to disclose data over an adjacent network. The connected documents confirm the Azure Local Cluster as the vulnerable component and describe the impact as data...