Lucene search
K

1428 matches found

Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-54784 CoreWCF: SPNEGO SecurityContextToken proof key wrapped without confidentiality

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. In version 1.9.0, CoreWCF SPNEGO SecurityContextToken negotiation can expose the proof key recovered from the RSTR when TransportWithMessageCredential with Windows client credentials and session...

7.4CVSS0.00175EPSS
Exploits0References4
CVE
CVE
added 6 days ago24 views

CVE-2026-54784

CoreWCF CVE-2026-54784 affects CoreWCF 1.9.0 where SPNEGO SecurityContextToken proof key recovered from the RSTR can be observed when using TransportWithMessageCredential with Windows client credentials, enabling impersonation of the Windows principal and decryption/forgery of WS‑SecureConversati...

7.4CVSS6AI score0.00175EPSS
Exploits0References4
OSV
OSV
added 2026/07/06 8:27 p.m.2 views

CVE-2026-54765 Traefik: Gateway HTTPRoute backendRef filters can leak backend context across routes sharing a Service:port

Traefik is an open source HTTP reverse proxy and load balancer. From v3.7.0 prior to v3.7.6, Traefik's Kubernetes Gateway API provider may resolve two accepted HTTPRoutes that target the same backend Service:port but configure different backendRef filters to the same child service and apply only...

6.3CVSS5.9AI score0.00346EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/07/02 12:22 p.m.5 views

CVE-2026-46680

A flaw was found in containerd, an open-source container runtime. Containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username. This vulnerability allows a crafted container image to bypass the Kubernetes runAsNonRoot restrictio...

7.8CVSS5.7AI score0.00221EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/06/30 8:19 p.m.31 views

CVE-2025-36321 Vulnerabilities found in Watson Data Intelligence

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.7CVSS0.00407EPSS
Exploits0References1
Circl
Circl
added 2026/06/26 10:11 p.m.7 views

CVE-2026-53576

creationtimestamp| type| source ---|---|--- 2026-06-26 22:11:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp7xlajhsm2c 2026-06-27 20:00:45+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mpcar4z6g52m 2026-06-29 19:25:26+00:00| seen|...

10CVSS5.8AI score0.00472EPSS
Exploits2References5
OSV
OSV
added 2026/06/25 6:26 p.m.3 views

GO-2026-5072 Argo has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure in github.com/argoproj/argo-workflows

Argo has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure in github.com/argoproj/argo-workflows...

8.1CVSS5.8AI score0.00424EPSS
Exploits2References7
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.9 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Validates the owner of the durable handle upon reconnection. Currently, ksmbd does not verify whether the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows any...

8.8CVSS5.8AI score0.00437EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/10 7:22 p.m.4 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the ValidatePodSpecSafety and ValidateContainerSafety processes. An attacker can gain elevated privileges and modify the system clock across tenant boundaries by adding CAPSYSTIME to the...

8.5CVSS5.8AI score0.00274EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 6:17 p.m.17 views

CVE-2026-50570

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Fission added PodSpec safety validation for tenant-facing Environment and Function CRDs ValidatePodSpecSafety /...

8.5CVSS0.00274EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/10 5:34 p.m.13 views

EUVD-2026-36074

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Fission added PodSpec safety validation for tenant-facing Environment and Function CRDs ValidatePodSpecSafety /...

8.5CVSS5.5AI score0.00274EPSS
Exploits0References3
CVE
CVE
added 2026/06/10 5:34 p.m.21 views

CVE-2026-50570

Fission prior to v1.25.0 allowed tenant-created Function/Environment CRDs to request securityContext.capabilities.add: ["SYS_TIME"] despite a fixed denylist (SYS_ADMIN, NET_ADMIN, SYS_PTRACE, SYS_MODULE, DAC_READ_SEARCH, DAC_OVERRIDE). The validation/merge-layer sanitization did not block CAP_SYS...

8.5CVSS5.5AI score0.00274EPSS
Exploits0References3
CVE
CVE
added 2026/06/10 5:29 p.m.27 views

CVE-2026-50566

Fission prior to v1.24.0 is affected: a tenant with environments.fission.io create/update RBAC could run privileged / allowPrivilegeEscalation / dangerous-capability containers in the Fission function or builder namespace, scheduled under the executor’s high-privilege service account. This enable...

9.9CVSS5.4AI score0.0029EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.18 views

PT-2026-48515

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Fission added PodSpec safety validation for tenant-facing Environment and Function CRDs ValidatePodSpecSafety /...

8.5CVSS5.5AI score0.00274EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/09 1:29 a.m.20 views

krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read

A flaw was found in MIT Kerberos 5 krb5. An unauthenticated remote attacker can exploit an integer underflow and an out-of-bounds read vulnerability by calling gssacceptseccontext on a system with a NegoEx mechanism registered. This can lead to the process terminating, resulting in a Denial of...

7.5CVSS5.5AI score0.00501EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.11 views

CVE-2026-42296

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod...

8.1CVSS5.4AI score0.00424EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.16 views

PT-2026-48902

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.135.Final Netty versions prior to 4.2.15.Final Description Netty is a network application framework used for developing protocol servers and clients. The SimpleTrustManagerFactory.engineGetTrustManagers function and...

7.8CVSS5.3AI score0.00269EPSS
Exploits0References67
Github Security Blog
Github Security Blog
added 2026/06/03 9:37 p.m.12 views

Jupyter Enterprise Gateway: Kubernetes Manifest Injection in Jinja2 Template Rendering

Summary The environment variables used during the rendering of the Kubernetes manifest allow YAML injection, enabling attackers to overwrite existing keys like securityContext and inject multi-document YAML to create additional unintended Kubernetes resources. Details The server interpolates...

6.2AI score0.00062EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.22 views

PT-2026-46126

Name of the Vulnerable Software and Affected Versions jupyter enterprise gateway versions prior to 3.3.0 Description Unsafe Jinja2 template rendering allows for Kubernetes manifest injection. The server interpolates untrusted environment variables such as KERNEL XXX into Kubernetes manifests...

10CVSS6.3AI score0.00062EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2026/05/30 2:12 a.m.11 views

CVE-2026-44543

Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by...

8.7CVSS5.8AI score0.00368EPSS
Exploits0References1
Rows per page
Query Builder