3 matches found
CVE-2026-41068 Kyverno: Cross-Namespace Read Bypasses RBAC Isolation (CVE-2026-22039 Incomplete Fix)
Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's apiCall context by validating the URLPath field. However, the ConfigMap context loader has the identical vulnerability — the...
Prebid-universal-creative latest on npm briefly compromised
Impact Npm users of PUC 1.17.3 or PUC latest were briefly affected by crypto-related malware detailed in the blog post below. This includes the extremely popular jsdelivr hosting of this file. Patches We unpublished the version on npm. Workarounds This has already been unpublished. See Prebid.js ...
Improper Isolation or Compartmentalization
Overview promptflow-core is a Prompt flow core Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization due to improper isolation or compartmentalization in the handling of Jinja templates. Remediation Upgrade promptflow-core to version 1.17.2 or higher...