PT-2026-51058

Name of the Vulnerable Software and Affected Versions containerd versions prior to 2.1.9 containerd versions prior to 2.2.5 containerd versions prior to 2.3.2 Description The CRI implementation improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image...

PT-2026-46091

Summary The environment variables used during the rendering of the Kubernetes manifest allow YAML injection, enabling attackers to overwrite existing keys like securityContext and inject multi-document YAML to create additional unintended Kubernetes resources. Details The server interpolates...

CVE-2026-10533

A flaw was found in OpenShift Container Platform. Completed pods with restartPolicy: Never do not count toward ResourceQuota pod limits, and Kubernetes events are not quota-scoped. A non-privileged user who can create pods in a namespace can exploit this to generate a large volume of events that...

Externally Controlled Reference to a Resource in Another Sphere

Overview Affected versions of this package are vulnerable to Externally Controlled Reference to a Resource in Another Sphere via the Build resource creation. An attacker can gain unauthorized control over pod generation in arbitrary Kubernetes namespaces, including the operator namespace, by...

Apache Camel K 安全漏洞

Apache Camel K is an integration and runtime platform for Kubernetes and cloud-native environments developed by the Apache Foundation. Vulnerabilities exist in versions of Apache Camel K from 2.0.0 to 2.8.1, as well as in versions 2.9.0 to 2.9.2 and 2.10.0 to 2.10.1. These vulnerabilities stem fr...

EUVD-2022-1081

Malicious code in bioql PyPI...

EUVD-2025-18894

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-4563

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the...

Privilege Escalation

k8s.io/kubernetes is vulnerable to Privilege escalation. The vulnerability is due to missing authorization checks during pod creation for dynamic resource claims, allowing a compromised node to create mirror pods that access unauthorized resources...

SUSE CVE-2025-4563

A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the DynamicResourceAllocation feature gate is enabled, the controller properly validates resource claim statuses during pod status updates but fails to...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the NodeRestriction admission controller process. An attacker can access unauthorized dynamic resources by creating mirror pods during pod creation when the DynamicResourceAllocation feature gate is enabled...

DEBIAN-CVE-2025-4563

A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the DynamicResourceAllocation feature gate is enabled, the controller properly validates resource claim statuses during pod status updates but fails to...

UBUNTU-CVE-2025-4563

A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the DynamicResourceAllocation feature gate is enabled, the controller properly validates resource claim statuses during pod status updates but fails to...

Unauthorised Access

k8s.io/kubernetes is vulnerable to Unauthorized Access. The vulnerability is due to improper isolation of gitRepo volumes, which allows users with pod creation permissions to access git repositories from other pods on the same node...

SUSE CVE-2023-3676

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes...

SUSE CVE-2023-3955

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes...

PT-2024-39837 · Unknown +1 · Open Cluster Management +1

Name of the Vulnerable Software and Affected Versions: Open Cluster Management OCM affected versions not specified Description: A flaw was found in Open Cluster Management OCM when a user has access to the worker nodes which contain the cluster-manager or klusterlet deployments. The cluster-manag...

CVE-2023-5528

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes...

SUSE CVE-2023-3893

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes running kubernetes-csi-proxy...

DEBIAN-CVE-2023-3893

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes running kubernetes-csi-proxy...