Lucene search
K

4 matches found

EUVD
EUVD
added 2026/04/24 3:14 a.m.6 views

EUVD-2026-25382

Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's apiCall context by validating the URLPath field. However, the ConfigMap context loader has the identical vulnerability — the...

9.9CVSS7.5AI score0.00516EPSS
Exploits2References2
Snyk
Snyk
added 2026/04/14 8:6 p.m.9 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the APICall feature. An attacker can access sensitive internal resources and exfiltrate confidential data by supplying arbitrary URLs to the APICall feature, which are executed with elevated privilege...

7.7CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 8:6 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the APICall feature. An attacker can access sensitive internal resources and exfiltrate confidential data by supplying arbitrary URLs to the APICall feature, which are executed with elevated privilege...

7.7CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 8:6 p.m.7 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the APICall feature. An attacker can access sensitive internal resources and exfiltrate confidential data by supplying arbitrary URLs to the APICall feature, which are executed with elevated privilege...

7.7CVSS5.9AI score
Exploits0References2
Rows per page
Query Builder