19 matches found
EUVD-2025-26142
Malicious code in bioql PyPI...
CVE-2025-34160
AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. The endpoint /api/ServiceAgent/startservice accepts user-supplied input via POST and fails to sanitize command-like payloads. An attacker can inject shell syntax that is...
CVE-2025-34160
AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. The endpoint /api/ServiceAgent/startservice accepts user-supplied input via POST and fails to sanitize command-like payloads. An attacker can inject shell syntax that is...
CVE-2025-34160 AnyShare ServiceAgent API Unauthenticated RCE
AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. The endpoint /api/ServiceAgent/startservice accepts user-supplied input via POST and fails to sanitize command-like payloads. An attacker can inject shell syntax that is...
CVE-2025-34160
AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. The endpoint /api/ServiceAgent/startservice accepts user-supplied input via POST and fails to sanitize command-like payloads. An attacker can inject shell syntax that is...
CVE-2025-34160 AnyShare ServiceAgent API Unauthenticated RCE
AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. The endpoint /api/ServiceAgent/startservice accepts user-supplied input via POST and fails to sanitize command-like payloads. An attacker can inject shell syntax that is...
CVE-2025-34160
CVE-2025-34160 affects AnyShare via the ServiceAgent API exposed on port 10250. The endpoint "/api/ServiceAgent/start_service" accepts POST input and fails to sanitize command-like payloads, enabling unauthenticated remote code execution (RCE) when an attacker injects shell syntax that is execute...
PT-2025-34943 · Anyshare · Anyshare
Name of the Vulnerable Software and Affected Versions: AnyShare affected versions not specified Description: AnyShare contains a critical unauthenticated remote code execution issue in the ServiceAgent API exposed on port 10250. The /api/ServiceAgent/start service endpoint accepts user-supplied...
VulnCheck KEV: CVE-2025-34160
AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. The endpoint /api/ServiceAgent/startservice accepts user-supplied input via POST and fails to sanitize command-like payloads. An attacker can inject shell syntax that is...
SUSE CVE-2020-8551
The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on...
GHSA-QHM4-JXV7-J9PQ Allocation of Resources Without Limits or Throttling and Uncontrolled Memory Allocation in Kubernetes
The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on...
CVE-2021-20198
A flaw was found in the OpenShift Installer. During installation of OpenShift Container Platform 4 clusters, bootstrap nodes are provisioned with anonymous authentication enabled on kubelet port 10250. A remote attacker able to reach this port during installation can make unauthenticated /exec...
Red Hat OpenShift Container Platform Access Control Error Vulnerability
Red Hat OpenShift Container Platform is a suite of application platforms from Red Hat, Inc. that enable organizations to develop, deploy, and manage existing container-based applications across physical, virtual, and public cloud infrastructures. An access control error vulnerability exists in Re...
DEBIAN-CVE-2020-8551
The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on...
CVE-2020-8551
The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on...
CVE-2020-8551
The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on...
Denial Of Service (DoS)
github.com/kubernetes/kubernetes is vulnerable to denial of service. A remote attacker is able to crash the application via a malicious request to the unauthenticated HTTP read-only API that is typically served on port 10255, and the authenticated HTTPS API typically served on port 10250...
Kubolt - Utility For Scanning Public Kubernetes Clusters
Kubolt is a simple utility for scanning public unauthinticated kubernetes clusters and run commands inside containers. Why? Sometimes, the kubelet port 10250 is open to unauthorized access and makes it possible to run commands inside the containers using getrun function from kubelet: // getRun...
Kubernetes unprivileged API access
A remote, unauthenticated attacker is able to leverage API calls to execute commands and scripts or gain shell access via port 10250 https %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid110768; scriptversion"1.5";...