EUVD-2026-25382

Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's apiCall context by validating the URLPath field. However, the ConfigMap context loader has the identical vulnerability — the...

CVE-2026-6388

A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates ...

CVE-2026-6388

The CVE describes a vulnerability in ArgoCD Image Updater where a user with rights to create/modify an ImageUpdater in a multi-tenant environment can bypass namespace boundaries due to insufficient validation. This leads to cross-namespace privilege escalation and unauthorized image updates on ap...

CVE-2026-6388 Argocd-image-updater: argocd image updater: cross-namespace privilege escalation via insufficient namespace validation

A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates ...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the varlink process. An attacker can gain elevated privileges by leveraging access to the root namespace. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Advisor...

GO-2026-4381 Kyverno Cross-Namespace Privilege Escalation via Policy apiCall in github.com/kyverno/kyverno

Kyverno Cross-Namespace Privilege Escalation via Policy apiCall in github.com/kyverno/kyverno...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.1.1.1)

The version of AOS installed on the remote host is prior to 7.1.1.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.1.1.1 advisory. - Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-10.3.1.1)

The version of AHV installed on the remote host is prior to AHV-10.3.1.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-10.3.1.1 advisory. - A vulnerability has been identified in the libarchive library, specifically within the archivereadformatrarseekdata...

EUVD-2014-9524

Malware in sbrugna...

CVE-2025-54996 OpenBao Root Namespace Operator May Elevate Token Privileges

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, accounts with access to highly-privileged identity entity systems in root namespaces were able to increase their scope directly to...

PT-2021-23416 · Hashicorp +1 · Hashicorp Consul Enterprise +1

Name of the Vulnerable Software and Affected Versions: HashiCorp Consul Enterprise versions prior to 1.8.17 HashiCorp Consul Enterprise versions 1.9.x prior to 1.9.11 HashiCorp Consul Enterprise versions 1.10.x prior to 1.10.4 Description: The issue concerns Incorrect Access Control, where an ACL...

Cross Namespace Escalation

github.com/kubernetes/kubernetes is vulnerable to cross namespace escalation attacks. A malicious user can submit a HPA request against another namespace that they have no permissions on and use it to manipulate resources...