On-Premises API Security on Kubernetes: What It Actually Looks Like in Practice

Let’s Talk About Where Your APIs Actually Run Quick answer: On-premises API security keeps API discovery, detection, and enforcement inside your own perimeter instead of a third-party cloud—the model regulated industries need. Deploying it natively on Kubernetes sidecar sensors → a discovery...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: scs: A wrong parameter was fixed in scsmagic. The scsmagic function requires a void variable, but a struct taskstruct is provided instead. taskscstsk represents the starting address of the task’s shadow call stack, and...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: habanalabs: fixed a possible memory leak in MMU DR fini. This patch corrects what appears to be a copy-paste error. A memory leak will occur if the host-resident shadow is NULL which is likely to happen since the DR and HR are no...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Only warnings are issued when overwriting a shadow-present SPTE, specifically when it occurs in direct MMUs. The sanity check of KVM is adjusted to only apply to direct MMUs, i.e., only to MMUs that do not have...

Astra Linux – Vulnerability in Linux 5.15

In the efirtasmwrapper of efi-rt-wrapper.S, there is a possible way to bypass shadow stack protection due to a logical error in the code. This could result in a local escalation of privileges without the need for additional execution privileges. User interaction is not required for exploitation...

CVE-2026-47833

setupBpmLogs follows symlink for bpm.log open and chown — container-to-host privilege escalation via /etc/shadow. A compromised process inside a bpm container can cause root to chown an arbitrary host file to vcap and append bpm JSON log lines to it. The chown alone lets the attacker take ownersh...

CVE-2026-47833

The CVE-2026-47833 issue affects bpm-release (all versions prior to v1.4.30). A compromised process inside a bpm container can trigger setupBpmLogs to follow a symlink for bpm.log, then perform chown on a host file to the user vcap, enabling container-to-host privilege escalation via the host’s /...

EUVD-2026-37929

setupBpmLogs follows symlink for bpm.log open and chown — container-to-host privilege escalation via /etc/shadow. A compromised process inside a bpm container can cause root to chown an arbitrary host file to vcap and append bpm JSON log lines to it. The chown alone lets the attacker take ownersh...

CVE-2026-42488

Some shadow paging errors paths will switch the page-tables without updating the currently running vCPU reference. This causes a mismatch between the loaded page-tables and the mapcache metadata which can lead to corruption of the mapcache...

CVE-2026-42488

CVE-2026-42488 concerns the Xen hypervisor. Some shadow paging error paths can switch page-tables without updating the running vCPU reference, causing a mismatch between loaded page-tables and mapcache metadata and potentially leading to mapcache corruption. Affected products/versions are implied...

CVE-2026-42488 x86: mismatched mapcache metadata

Some shadow paging errors paths will switch the page-tables without updating the currently running vCPU reference. This causes a mismatch between the loaded page-tables and the mapcache metadata which can lead to corruption of the mapcache...

EUVD-2026-37891

Some shadow paging errors paths will switch the page-tables without updating the currently running vCPU reference. This causes a mismatch between the loaded page-tables and the mapcache metadata which can lead to corruption of the mapcache...

CVE-2026-42488

Some shadow paging errors paths will switch the page-tables without updating the currently running vCPU reference. This causes a mismatch between the loaded page-tables and the mapcache metadata which can lead to corruption of the mapcache...

CVE-2026-42488

Some shadow paging errors paths will switch the page-tables without updating the currently running vCPU reference. This causes a mismatch between the loaded page-tables and the mapcache metadata which can lead to corruption of the mapcache...

CVE-2026-47833 - Symlink vulnerability in setupBpmLogs allows container-to-host privilege escalation via /etc/shadow | Cloud Foundry

Medium CVSS score: 6.8 Medium CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/S:U/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N Vendor Cloud Foundry Foundation Versions Affected Severity is Medium unless otherwise noted. bpm-release – All versions prior to v1.4.30 Description setupBpmLogs follows symlink for bpm.log open and...

NTLM Relay to Self (HTTP to LDAP) - Post Exploitation

This module performs an NTLM relay-to-self privilege escalation attack. It starts an HTTP-to-LDAP relay server on the compromised host, then triggers the WebClient service via an ETW event allowing a low-privilege user to start it, and coerces the local machine account to authenticate via...

Linux Kernel __ptrace_may_access() Exit Race chage File Disclosure

This module exploits a race condition in the Linux kernel doexit teardown path affecting ptracemayaccess. During process termination, privileged file descriptors may remain accessible through pidfdgetfd after task-mm becomes NULL, allowing sensitive file disclosure from privileged SUID binaries...

GHSA-RP9W-3FW7-7CWQ DOMPurify IN_PLACE Sanitization Bypass via Attached Shadow Root Inside <template>.content

If the HTML you give it contains a element, and inside that template there's an element with a shadow DOM attached to it, DOMPurify quietly skips over the shadow contents. Whatever the attacker put in there - an image with an onerror handler, a link with a javascript: URL, even a full script -...

DOMPurify IN_PLACE Sanitization Bypass via Attached Shadow Root Inside <template>.content

If the HTML you give it contains a element, and inside that template there's an element with a shadow DOM attached to it, DOMPurify quietly skips over the shadow contents. Whatever the attacker put in there - an image with an onerror handler, a link with a javascript: URL, even a full script -...

DOMPurify: Cross-realm IN_PLACE sanitization leaves executable markup intact via realm-bound `instanceof` checks

Cross-realm INPLACE sanitization leaves executable markup intact via realm-bound instanceof checks CWE: CWE-79 XSS — Improper Neutralization of Input During Web Page Generation via CWE-693 Protection Mechanism Failure — realm-bound instanceof checks fail-open on foreign-realm DOM nodes and CWE-50...