SUSE CVE-2026-26055

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send...

SUSE CVE-2026-26056

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller context by injecting a...

CVE-2026-26056

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller context by injecting a...

CVE-2026-26055

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send...

CVE-2026-26055

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send...

Unauthenticated Admission Webhook Endpoints in Yoke ATC

Unauthenticated Admission Webhook Endpoints in Yoke ATC This vulnerability exists in the Air Traffic Controller ATC component of Yoke, a Kubernetes deployment tool. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send...

CVE-2026-26056 Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller context by injecting a...

CVE-2026-26056

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller context by injecting a...

CVE-2026-26055 Unauthenticated Admission Webhook Endpoints in Yoke ATC

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send...

CVE-2026-26055

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send...

PT-2026-7906

Name of the Vulnerable Software and Affected Versions Yoke versions 0.19.0 and earlier Description Yoke's Air Traffic Controller ATC component contains a flaw that allows users with Custom Resource CR create/update permissions to execute arbitrary WASM code. This is achieved by injecting a...

PT-2026-7905

Name of the Vulnerable Software and Affected Versions Yoke versions 0.18.x and earlier Description The Air Traffic Controller ATC component of Yoke lacks proper authentication mechanisms for its webhook endpoints. This allows any pod within the cluster network to send AdmissionReview requests...

yoke 访问控制错误漏洞

Yoke is a Kubernetes package management tool developed by YokeCD. Versions of Yoke prior to 0.19.0 contained an access control vulnerability. This vulnerability stemmed from the lack of proper authentication mechanisms in the Webhook endpoints of the Air Traffic Controller component, allowing any...

yoke 代码注入漏洞

Yoke is a Kubernetes package management tool developed by YokeCD. Versions of Yoke prior to 0.19.0 contained a code injection vulnerability. This vulnerability stemmed from the lack of proper URL validation in the Air Traffic Controller component, allowing users with the authority to create or...

EUVD-2016-3254

Malware in sbrugna...

CVE-2024-38944

An issue in Intelight X-1L Traffic controller Maxtime v.1.9.6 allows a remote attacker to execute arbitrary code via the /cgi-bin/generateForm.cgi?formID=142 component...

Intelight X-1L Traffic controller Maxtime 1.9.6 - Remote Code Execution (RCE)

Exploit Title: Intelight X-1L Traffic controller Maxtime 1.9.6 - Remote Code Execution RCE Google Dork: N/A Date: 07/09/2024 Exploit Author: Andrew Lemon/Red Threat https://redthreatsec.com Vendor Homepage: https://www.q-free.com Software Link: N/A Version: 1.9 Tested on: Intelight x-1 Linux...

CVE-2024-38944

An issue in Intelight X-1L Traffic controller Maxtime v.1.9.6 allows a remote attacker to execute arbitrary code via the /cgi-bin/generateForm.cgi?formID=142 component...

CVE-2024-38944

An issue in Intelight X-1L Traffic controller Maxtime v.1.9.6 allows a remote attacker to execute arbitrary code via the /cgi-bin/generateForm.cgi?formID=142 component...

CVE-2024-38944

CVE-2024-38944 affects Intelight X-1L Traffic Controller Maxtime v1.9.6. A remote attacker can execute arbitrary code through the web-based UI endpoint "/cgi-bin/generateForm.cgi?formID=142". Multiple sources corroborate RCE potential (e.g., ExploitDB report references remote code execution; vend...