BIT-KYVERNO-2026-41068 Kyverno: Cross-Namespace Read Bypasses RBAC Isolation (CVE-2026-22039 Incomplete Fix)

Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's apiCall context by validating the URLPath field. However, the ConfigMap context loader has the identical vulnerability — the...

CVE-2026-41068 Kyverno: Cross-Namespace Read Bypasses RBAC Isolation (CVE-2026-22039 Incomplete Fix)

Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's apiCall context by validating the URLPath field. However, the ConfigMap context loader has the identical vulnerability — the...

CVE-2021-33057

The QQ application 8.7.1 for Android and iOS does not enforce the permission requirements e.g., android.permission.ACCESSFINELOCATION for determining the device's physical location. An attacker can use qq.createMapContext to create a MapContext object, use MapContext.moveToLocation to move the...

Tencent QQ 安全漏洞

Tencent QQ is a multi-platform instant messaging software from China's Tencent. It supports text, voice and video chatting, as well as file sharing, network hard disk, mailboxes, games, forums, online shopping, renting and job hunting. A security vulnerability exists in Tencent QQ version 8.7.1,...

PT-2022-10197 · Tencent · Qq

Name of the Vulnerable Software and Affected Versions: QQ application version 8.7.1 Description: The issue concerns the QQ application's failure to enforce permission requirements for determining a device's physical location, such as android.permission.ACCESS FINE LOCATION. An attacker can exploi...