GHSA-FV83-X2XW-2J55 vulnerabilities

Vulnerabilities for packages: tailscale, ingress-nginx-controller, flux-image-automation-controller, flux-source-controller, aws-load-balancer-controller, local-path-provisioner, nodetaint, dkron, secrets-store-csi-driver-provider-aws, actions-runner-controller, flux-notification-controller,...

EUVD-2026-17133

In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator components have an SSRF vulnerability when processing the chartURL field of ResourceComposition resources. The field is only URL-encoded without validating the target address. More critically, when kubeconfiggenerator uses wget to...

CVE-2026-29954

In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator are affected by an SSRF vulnerability via the chartURL field of ResourceComposition resources. The field is only URL-encoded, with no validation of the target address. More critically, kubeconfiggenerator concatenates the chartURL di...

CVE-2026-29954

In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator components have an SSRF vulnerability when processing the chartURL field of ResourceComposition resources. The field is only URL-encoded without validating the target address. More critically, when kubeconfiggenerator uses wget to...

KubePlus 安全漏洞

KubePlus is a Kubernetes multi-tenant application management platform developed by cloud-ark. KubePlus 4.1.4 contains security vulnerabilities, which stem from server-side request forgery and command injection during the processing of the chartURL field by the mutating webhook and...

CVE-2025-47907 vulnerabilities

Vulnerabilities for packages: bazelisk, kube-arangodb, skopeo, nri-postgresql, opentofu, cert-manager-istio-csr, gh, datadog-agent, ini-file, s5cmd, falcosidekick, timescaledb-parallel-copy, apko, minio-operator, newrelic-nri-kube-events, terraform-provider-azapi, opentelemetry-collector, gitness...

CRI-O vulnerable to an arbitrary systemd property injection

Impact On CRI-O, it looks like an arbitrary systemd property can be injected via a Pod annotation: --- apiVersion: v1 kind: Pod metadata: name: poc-arbitrary-systemd-property-injection annotations: I believe that ExecStart with an arbitrary command works here too, but I haven't figured out how to...

GHSA-2CGQ-H8XW-2V5J CRI-O vulnerable to an arbitrary systemd property injection

Impact On CRI-O, it looks like an arbitrary systemd property can be injected via a Pod annotation: --- apiVersion: v1 kind: Pod metadata: name: poc-arbitrary-systemd-property-injection annotations: I believe that ExecStart with an arbitrary command works here too, but I haven't figured out how to...

Information Disclosure

github.com/kubernetes/kubernetes is vulnerable to information disclosure and malicious redirection. If --profiling is enabled on the kube-apiserver, an attacker with a control over a validating or mutating webhook are able to access the kube-apiserver process logs and are able to redirect...

DEBIAN-CVE-2020-8561

A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the lo...

UBUNTU-CVE-2020-8561

A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the lo...