CVE-2026-50566

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a tenant with environments.fission.io create/update RBAC can run privileged / allowPrivilegeEscalation / dangerous-capability...

CVE-2026-50564

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Environment CRD exposes spec.runtime.podSpec and spec.builder.podSpec, which are merged into the Kubernetes pod specs fo...

CVE-2026-50566

Fission prior to v1.24.0 is affected: a tenant with environments.fission.io create/update RBAC could run privileged / allowPrivilegeEscalation / dangerous-capability containers in the Fission function or builder namespace, scheduled under the executor’s high-privilege service account. This enable...

CVE-2026-50566 Fission: Environment Runtime.Container and Builder.Container SecurityContext bypass allows privileged pod creation

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a tenant with environments.fission.io create/update RBAC can run privileged / allowPrivilegeEscalation / dangerous-capability...

EUVD-2026-36102

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a tenant with environments.fission.io create/update RBAC can run privileged / allowPrivilegeEscalation / dangerous-capability...

LXD: Importing a crafted backup leads to project restriction bypass

Summary LXD instance backup import validates project restrictions against backup/index.yaml embedded in the tar archive, but creates the actual instance from backup/container/backup.yaml extracted to the storage volume. Because these are separate, independently attacker-controlled files within th...

GHSA-Q96J-3FMM-7FV4 LXD: Importing a crafted backup leads to project restriction bypass

Summary LXD instance backup import validates project restrictions against backup/index.yaml embedded in the tar archive, but creates the actual instance from backup/container/backup.yaml extracted to the storage volume. Because these are separate, independently attacker-controlled files within th...

Improper Validation of Consistency within Input

Overview Affected versions of this package are vulnerable to Improper Validation of Consistency within Input through the internalImportFromBackup process in lxd/apiinternal.go. An attacker can create a backup archive with a benign backup/index.yaml and a malicious backup/container/backup.yaml, th...

GO-2026-4590 Rancher's restricted PodSecurityPolicy does not prevent containers from running as a privileged user in github.com/rancher/rancher

Rancher's restricted PodSecurityPolicy does not prevent containers from running as a privileged user in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

MiracleLinux 7 : podman-1.6.4-29.el7 (AXSA:2021-1611:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1611:02 advisory. podman: container users permissions are not respected in privileged containers CVE-2021-20188 Tenable has extracted the preceding description block directly...

MiracleLinux 8 : container-tools:2.0 (AXSA:2021-1557:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1557:01 advisory. podman: container users permissions are not respected in privileged containers CVE-2021-20188 Tenable has extracted the preceding description block directly...

MiracleLinux 8 : container-tools:1.0 (AXSA:2021-1556:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1556:01 advisory. podman: container users permissions are not respected in privileged containers CVE-2021-20188 Tenable has extracted the preceding description block directly...

EUVD-2021-1027

Malware in sbrugna...

EUVD-2024-54979

Malicious code in bioql PyPI...

CVE-2024-47120

IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 could allow a privileged user to escalate their privileges and attack surface on the host due to the containers running with unnecessary privileges...

IBM Security Verify Information Queue 安全漏洞

IBM Security Verify Information Queue is a microservices architecture integration platform that leverages Kafka technology and a publish/subscribe model to integrate data between IBMSecurity products, acting as a cross-product data exchange hub. An elevation of privilege vulnerability exists in I...

SUSE CVE-2024-48921

Kyverno is a policy engine designed for Kubernetes. A kyverno ClusterPolicy, ie. "disallow-privileged-containers," can be overridden by the creation of a PolicyException in a random namespace. By design, PolicyExceptions are consumed from any namespace. Administrators may not recognize that this...

GHSA-QJVC-P88J-J9RM Kyverno's PolicyException objects can be created in any namespace by default

Summary A kyverno ClusterPolicy, ie. "disallow-privileged-containers," can be overridden by the creation of a PolicyException in a random namespace. Details By design, PolicyExceptions are consumed from any namespace. Administrators may not recognize that this allows users with privileges to...

Kyverno's PolicyException objects can be created in any namespace by default

Summary A kyverno ClusterPolicy, ie. "disallow-privileged-containers," can be overridden by the creation of a PolicyException in a random namespace. Details By design, PolicyExceptions are consumed from any namespace. Administrators may not recognize that this allows users with privileges to...

CVE-2024-48921 Kyverno's PolicyException objects can be created in any namespace by default

Kyverno is a policy engine designed for Kubernetes. A kyverno ClusterPolicy, ie. "disallow-privileged-containers," can be overridden by the creation of a PolicyException in a random namespace. By design, PolicyExceptions are consumed from any namespace. Administrators may not recognize that this...