Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the deprecated host-callback APIs kubernetes/ingresses, kubernetes/namespaces, and kubernetes/services. An attacker can gain unauthorized read access to Ingresses, Namespaces, and Services resources across al...

PT-2026-24144

Name of the Vulnerable Software and Affected Versions Kubewarden versions prior to 1.33.0 Description Kubewarden is a policy engine for Kubernetes. An attacker with privileged "AdmissionPolicy" create permissions could leverage three deprecated host-callback APIs: kubernetes/ingresses,...

PT-2023-24664 · Unknown +1 · Kubernetes +3

Name of the Vulnerable Software and Affected Versions: Kyverno versions prior to 1.10.0 Description: The issue allows resources with the deletionTimestamp field defined to bypass validate, generate, or mutate-existing policies, even when the validationFailureAction field is set to Enforce. This...

HarmonyOS Privilege Bypass Vulnerability

HarmonyOS is a distributed operating system for all scenarios developed by Huawei, a Chinese company. A privilege bypass vulnerability exists in a component API of HarmonyOS 2.0. A local attacker could exploit the vulnerability to repeatedly issue commands that could exhaust system service...

CVE-2021-22294

A component API of the HarmonyOS 2.0 has a permission bypass vulnerability. Local attackers may exploit this vulnerability to issue commands repeatedly, exhausting system service resources...

CVE-2021-22294

HarmonyOS 2.0 contains a component API permission bypass vulnerability that allows a local attacker to issue commands repeatedly, exhausting system service resources. Affected element: HarmonyOS 2.0 component API. Impact: potential resource exhaustion on local access. Root cause described as a pe...