Lucene search
+L

980 matches found

OSV
OSV
added 2026/06/25 6:43 p.m.9 views

GO-2026-5337 Kyverno: Cross-Namespace Read Bypasses RBAC Isolation (CVE-2026-22039 Incomplete Fix) in github.com/kyverno/kyverno

Kyverno: Cross-Namespace Read Bypasses RBAC Isolation CVE-2026-22039 Incomplete Fix in github.com/kyverno/kyverno...

7.7CVSS5.8AI score0.00266EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2026/06/24 8:38 p.m.11 views

CVE-2026-13201

A flaw was found in KubeVirt's safepath package used by virt-handler. The OpenAtNoFollow function uses OPATH|ONOFOLLOW to obtain a file descriptor to a path leaf, but downstream operations resolve the path via /proc/self/fd/N using link-following syscalls. When the leaf is a symlink, the kernel...

7.3CVSS6AI score0.00122EPSS
Exploits0References3
NVD
NVD
added 2026/06/19 2:16 p.m.14 views

CVE-2026-44046

Use of Less Trusted Source vulnerability in Apache APISIX. Attacker can take advantage of wolf-rbac plugin under default configuration to potentially pollute logs with spoofed identity information and exploit IP based access control rules. This issue affects Apache APISIX: from 1.2.0 through...

5.8CVSS0.00314EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 1:9 p.m.13 views

EUVD-2026-38014

Use of Less Trusted Source vulnerability in Apache APISIX. Attacker can take advantage of wolf-rbac plugin under default configuration to potentially pollute logs with spoofed identity information and exploit IP based access control rules. This issue affects Apache APISIX: from 1.2.0 through...

2.3CVSS5.8AI score0.00314EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 1:9 p.m.41 views

CVE-2026-44046

Apache APISIX is affected by CVE-2026-44046 due to a Less Trusted Source issue in the wolf-rbac plugin under default configuration. Affected versions: 1.2.0 through 3.16.0. Exploitation can allow spoofed identity information to be logged and potentially bypass or abuse IP-based access controls. T...

5.8CVSS5.8AI score0.00314EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/19 1:9 p.m.4 views

CVE-2026-44046 Apache APISIX: wolf-rbac plugin Identity Spoofing

Use of Less Trusted Source vulnerability in Apache APISIX. Attacker can take advantage of wolf-rbac plugin under default configuration to potentially pollute logs with spoofed identity information and exploit IP based access control rules. This issue affects Apache APISIX: from 1.2.0 through...

2.3CVSS5.9AI score0.00314EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/19 3:54 a.m.13 views

CVE-2026-55226

When deploying only the Topic Operator or only the User Operator via the Kafka custom resource, the Entity Operator's ServiceAccount retains RBAC rights for both operators rather than scoping permissions to the one actually deployed. This allows the ServiceAccount to access KafkaUser custom...

5.4CVSS5.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.22 views

PT-2026-50883

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 1.2.0 through 3.16.0 Description A Use of Less Trusted Source issue exists where an attacker can leverage the wolf-rbac plugin under default configuration. This allows for the potential pollution of logs with spoofed...

5.8CVSS5.9AI score0.00314EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/18 11:13 a.m.13 views

CVE-2026-55225

When the Strimzi cluster operator is deployed with watchAnyNamespace=true or a multi-namespace list, any namespace editor can set Kafka.spec.entityOperator.userOperator.watchedNamespace or topicOperator.watchedNamespace to an arbitrary namespace. The cluster operator then creates a Role granting...

8CVSS5.5AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.15 views

PT-2026-50604

Name of the Vulnerable Software and Affected Versions Capsule version 0.13.2 Description A typo in the webhook rules of the software causes a failure in the defense mechanism for the namespaces/finalize subresource. The configuration uses the singular namespace/finalize instead of the plural...

5.7CVSS5.9AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.10 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : OpenStack Keystone vulnerabilities (USN-8433-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8433-1 advisory. It was discovered that OpenStack Keystone allowed restricted application credentials to create EC2 credentials. An...

8.8CVSS5.9AI score0.00456EPSS
Exploits6References8
Ubuntu
Ubuntu
added 2026/06/16 1:45 p.m.12 views

USN-8433-1: OpenStack Keystone vulnerabilities

It was discovered that OpenStack Keystone allowed restricted application credentials to create EC2 credentials. An authenticated attacker with only a reader role could possibly use this issue to bypass the role restrictions imposed on the application credential. CVE-2026-33551 It was discovered...

8.8CVSS5.8AI score0.00456EPSS
Exploits6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 6:9 a.m.20 views

Malicious code in rbac-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfd069b5aee6494b5fb19754ecc7a98fd39d282a9ea458c46e0bd7045e2c19cb The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/06/16 6:9 a.m.17 views

MAL-2026-5873 Malicious code in rbac-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfd069b5aee6494b5fb19754ecc7a98fd39d282a9ea458c46e0bd7045e2c19cb The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References3
EUVD
EUVD
added 2026/06/11 6:35 p.m.10 views

EUVD-2026-36287

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectlgeneric tool in mcp-server-kubernetes passes user-supplied flags directly to kubectl without any allowlist, enabling a privilege escalation attack within Kubernetes...

6.1CVSS5.3AI score0.00267EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/11 6:35 p.m.37 views

CVE-2026-47250 mcp-server-kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectlgeneric tool in mcp-server-kubernetes passes user-supplied flags directly to kubectl without any allowlist, enabling a privilege escalation attack within Kubernetes...

6.1CVSS0.00267EPSS
Exploits0References2
OSV
OSV
added 2026/06/11 6:35 p.m.3 views

CVE-2026-47250 mcp-server-kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectlgeneric tool in mcp-server-kubernetes passes user-supplied flags directly to kubectl without any allowlist, enabling a privilege escalation attack within Kubernetes...

6.1CVSS5.9AI score0.00267EPSS
Exploits0References4
OSV
OSV
added 2026/06/08 7:9 p.m.3 views

CVE-2026-46484 Headplane: Path Traversal + RBAC Bypass in renameNode allows authenticated OIDC users to expire or rename any node/user

Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable to a path traversal / authorization bypass in the Headscale API client used by node and user rename operations. This issue has been patched in versions 0.6.3 and 0.7.0-beta.3...

8.1CVSS5.9AI score0.00374EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/05 8:35 p.m.22 views

Shopper: Authorization bypass and RBAC privilege escalation in team settings

Impact Two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system: - Settings/Team/Index had no mount authorization. Any authenticated user could load the page and use its public actions to create new roles and delete other users,...

9.9CVSS5.7AI score0.00321EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/04 12:13 a.m.15 views

CVE-2026-42999

A flaw was found in OpenStack Keystone. This vulnerability allows an authenticated user to bypass Role-Based Access Control RBAC checks by injecting arbitrary policy target attributes into the request body. This enables the user to perform unauthorized operations on resources belonging to other...

8.8CVSS5.9AI score0.00329EPSS
Exploits1References5
Rows per page
Query Builder