Lucene search
K

1149 matches found

EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42392

HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This...

4.2CVSS6AI score0.0016EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 3:10 p.m.34 views

CVE-2026-58026 $wgNonincludableNamespaces can be bypassed by embedding redirect in other namespaces

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Parser/Parser.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...

0.00369EPSS
Exploits0References1
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-373 LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs

Summary A serialization injection vulnerability exists in LangChain's dumps and dumpd functions. The functions do not escape dictionaries with 'lc' keys when serializing free-form dictionaries. The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data...

9.3CVSS7.8AI score0.1383EPSS
Exploits5References11
ATTACKERKB
ATTACKERKB
added 2026/06/28 1:32 a.m.9 views

CVE-2026-58053

Gitea actrunner with the Docker backend through act 0.262.0 passes a workflow's container.options string to the Docker job container's HostConfig and, when configured with privileged: false, forces only the Privileged flag off while merging options such as --pid=host, --cap-add, and --security-op...

9.9CVSS5.8AI score0.00265EPSS
Exploits0References2
CVE
CVE
added 2026/06/28 1:32 a.m.59 views

CVE-2026-58053

Gitea act_runner (Docker backend) up to act 0.262.0 is vulnerable: the workflow.container.options are merged into the Docker job container HostConfig, and if privileged is set to false, only the Privileged flag is disabled while options such as --pid=host, --cap-add, and --security-opt remain. A ...

9.9CVSS5.8AI score0.00265EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/26 4:11 p.m.9 views

CVE-2026-53077

A flaw was found in the Linux kernel's Reliable Datagram Sockets over InfiniBand RDS/IB component. This vulnerability allowed the use of RDS/IB in network namespaces other than the initial one, where the existing code would not function correctly. This improper operation could lead to unexpected...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2026/06/26 1:57 p.m.24 views

New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries

A flaw in the Linux kernel's traffic-control subsystem can let a local unprivileged user gain root on affected systems. CVE-2026-46331, nicknamed "pedit COW ," is an out-of-bounds write in the packet-editing action actpedit that corrupts shared page-cache memory. A public, working exploit appeare...

6.1AI score0.00321EPSS
Exploits11
Cvelist
Cvelist
added 2026/06/25 2:39 p.m.31 views

CVE-2026-57438 Nokogiri: Possible Use-After-Free in XInclude Processing

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, XInclude substitution performed by Nokogiri::XML::Nodedoxinclude replaced each in place, freeing the include node along with its children such as and its descendants and any namespaces declared on...

5.9CVSS0.00093EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 4:30 p.m.9 views

CVE-2026-53077

The vulnerability CVE-2026-53077 affects the Linux kernel RDS/IB code: it restricted usage to the initial network namespace, with the non-initial namespaces not supported and the existing code likely malfunctioning. Multiple advisories note the issue has been resolved/patched (e.g., Debian/Ubuntu...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: AppArmor: Fix: Limit the number of levels of policy namespaces. Currently, the number of policy namespaces is not bounded, relying on the user namespace limit. However, policy namespaces are not strictly tied to user namespaces,...

5.5CVSS5.8AI score0.00181EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/23 7:15 p.m.4 views

CVE-2026-54761

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlis...

6CVSS5.9AI score0.00318EPSS
Exploits2References4Affected Software1
CVE
CVE
added 2026/06/23 7:15 p.m.49 views

CVE-2026-54761

Traefik vulnerability CVE-2026-54761 affects the Kubernetes Gateway provider: prior to 3.6.21 and 3.7.5, the crossProviderNamespaces allowlist is checked against backendRef.namespace instead of the HTTPRoute’s own namespace, enabling an attacker in a non-allowlisted namespace to reference interna...

7.1CVSS5.9AI score0.00318EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2026/06/23 7:15 p.m.1 views

CVE-2026-54761 Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlis...

6CVSS6AI score0.00318EPSS
Exploits2References5
Cvelist
Cvelist
added 2026/06/23 7:15 p.m.36 views

CVE-2026-54761 Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlis...

6CVSS0.00318EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2026/06/22 1:54 p.m.8 views

CVE-2026-52909

A flaw was found in the Linux kernel, specifically within the IPv6 Virtual Tunnel Interface ip6vti component. This vulnerability occurs because a critical flag, netnsimmutable, is not properly set on a specific network device ip6vti0 when it is initialized. This oversight could allow the device t...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References4
OSV
OSV
added 2026/06/19 9:42 p.m.6 views

GHSA-MWR2-WMGP-CRJ6 OpenBao's System Backend allows Unauthorized Management of the containing Namespace

Summary A user that is granted namespace management /sys/namespaces capabilities within a non-root namespace "the victim namespace" can abuse special handling of the literal path "root" in namespace path canonicalization to manage the victim namespace itself. Details Several endpoints under...

2.3CVSS6AI score
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.10 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net/sched: actct: fix ref leak when switching zones When switching zones or network namespaces without performing a ct clear between them, a reference to the old ct entry is still leaked. This occurs because tcfctskbnfctcached...

5.5CVSS6.1AI score0.00252EPSS
Exploits0References1
OSV
OSV
added 2026/06/17 6:14 p.m.4 views

GHSA-GWXR-7H77-7777 Capsule: Incomplete fix of CVE-2026-30963: singular/plural typo leaves namespaces/finalize unprotected

Summary Capsule v0.13.2 webhook rules contain namespace/finalize singular instead of namespaces/finalize plural. K8s requires plural. The finalize defense from CVE-2026-30963 fix is absent. Details PUT to /api/v1/namespaces//finalize has resource=namespaces plural. The singular rule never matches...

5.7CVSS5.4AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/17 2:1 p.m.14 views

Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services

Summary There is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlist against the target backendRef.namespace instead of the route's own...

7.1CVSS5.2AI score0.00318EPSS
Exploits2References4Affected Software3
OSV
OSV
added 2026/06/17 2:1 p.m.8 views

GHSA-3G6V-2R68-PRFC Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services

Summary There is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlist against the target backendRef.namespace instead of the route's own...

6CVSS5.2AI score0.00318EPSS
Exploits2References4
Rows per page
Query Builder