CVE-2025-5187

A vulnerability was found in the kube-apiserver's NodeRestriction admission controller, where node users can delete their corresponding node object by setting their own OwnerReference to a cluster-scoped resource. This flaw allows an attacker to delete and recreate its node object, leading to the...

PT-2025-33265

Name of the Vulnerable Software and Affected Versions: kube-apiserver versions 1.31.11 and earlier kube-apiserver versions 1.32.7 and earlier kube-apiserver versions 1.33.3 and earlier Description: Compromised nodes can delete themselves and relabel via OwnerReferences. An attacker who has gained...

Malicious code in @takamol/qiwa-api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ca7ba01a4644646c8bbbd516eff9a3c51df7457629561f446c37ab76f428bf6a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Kubernetes: Node Validation Admission does not observe all oldObject fields

Summary: The Validating Admission webhook for Node Objects is passing oldObject fields incorrectly on AdmissionReview.Request. It was identified initially in metadata.labels, but a list of impacted fields follows below: oldNode.Spec.PodCIDRs oldNode.Spec.ProviderID oldNode.Spec.ConfigSource...