Lucene search
K

272 matches found

RedhatCVE
RedhatCVE
added 2026/07/02 7:10 p.m.6 views

CVE-2026-11769

A flaw was found in the Grafana Operator. This vulnerability allows a malicious user, who can create Dashboard or LibraryPanel resources for a Grafana instance, to exploit a path traversal issue within the jsonnet data templating language. This exploitation can lead to privilege escalation and...

8.8CVSS5.7AI score0.00361EPSS
Exploits0References4
OSV
OSV
added 2026/06/30 6:16 p.m.4 views

GHSA-GC3J-79F2-7VVW Fission: Cross-namespace event leakage via KubernetesWatchTrigger allows persistent tenant surveillance

Summary A low-privilege developer who could create a KubernetesWatchTrigger KWT in their own namespace was able to establish a persistent surveillance channel over any other namespace. Details Two independent flaws compounded: 1. pkg/kubewatcher/kubewatcher.go::createKubernetesWatch used...

7.7CVSS5.8AI score0.00231EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/19 8:51 p.m.12 views

EUVD-2026-36641

Grafana Operator: Privilege escalation from namespace admin to cluster admin via GrafanaDashboard jsonnetLib fileName...

6.4CVSS5.8AI score0.00361EPSS
Exploits0References3
CVE
CVE
added 2026/06/13 4:17 a.m.78 views

CVE-2026-11769

Grafana Operator

8.8CVSS6.1AI score0.00361EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.11 views

EulerOS 2.0 SP11 : kata-containers (EulerOS-SA-2026-2208)

"According to the versions of the kata-containers package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input...

9.1CVSS6.6AI score0.01557EPSS
Exploits1References2
OSV
OSV
added 2026/06/05 4:32 p.m.4 views

GHSA-JJRM-HR5F-673X Source controller: Improper path handling allows traversal

Impact An actor with the ability to influence the contents of a bucket referenced by a Bucket resource can cause source-controller to write fetched object data to paths outside the per-reconciliation working directory. The corruption surface is bounded by source-controller's own and downstream Fl...

5.3CVSS5.6AI score0.00052EPSS
Exploits0References4
Fedora
Fedora
added 2026/06/02 1:11 a.m.20 views

[SECURITY] Fedora 43 Update: unbound-1.25.1-1.fc43

Unbound is a validating, recursive, and caching DNSSEC resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modula...

10CVSS5.8AI score0.01272EPSS
Exploits0
NVD
NVD
added 2026/06/01 7:16 p.m.22 views

CVE-2026-30963

Capsule is a multi-tenancy and policy-based framework for Kubernetes. To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests targeting namespaces. However, in Kubernetes, the namespace/finalize and...

3.9CVSS0.00202EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/01 6:0 p.m.35 views

CVE-2026-30963 Capsule Namespace Hijacking via subresource

Capsule is a multi-tenancy and policy-based framework for Kubernetes. To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests targeting namespaces. However, in Kubernetes, the namespace/finalize and...

3.9CVSS0.00202EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/01 6:0 p.m.18 views

EUVD-2026-33739

Capsule is a multi-tenancy and policy-based framework for Kubernetes. To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests targeting namespaces. However, in Kubernetes, the namespace/finalize and...

3.9CVSS5.8AI score0.00202EPSS
Exploits1References2
OSV
OSV
added 2026/06/01 6:0 p.m.3 views

CVE-2026-30963 Capsule Namespace Hijacking via subresource

Capsule is a multi-tenancy and policy-based framework for Kubernetes. To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests targeting namespaces. However, in Kubernetes, the namespace/finalize and...

3.9CVSS6AI score0.00202EPSS
Exploits1References4
CVE
CVE
added 2026/06/01 6:0 p.m.28 views

CVE-2026-30963

Capsule (a Kubernetes multi-tenancy framework) relied on a webhook to validate namespace updates, but prior to v0.13.0 it did not intercept namespace/status or namespace/finalize subresource changes. This omission enables a tenant with permission to modify those subresources to hijack other names...

3.9CVSS5.8AI score0.00202EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/05/28 5:1 p.m.6 views

GHSA-2WW6-HF35-MFJM Capsule Namespace Hijacking via subresource

Summary To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests targeting namespaces. However, in Kubernetes, the namespace/finalize and namespace/status subresource APIs can also modify various fields of a...

3.9CVSS5.8AI score0.00202EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/05/28 5:1 p.m.20 views

Capsule Namespace Hijacking via subresource

Summary To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests targeting namespaces. However, in Kubernetes, the namespace/finalize and namespace/status subresource APIs can also modify various fields of a...

3.9CVSS5.8AI score0.00202EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.20 views

PT-2026-44722

Name of the Vulnerable Software and Affected Versions Capsule versions prior to 0.13.0 Description Capsule uses a webhook to validate update requests targeting namespaces to prevent namespace hijacking. However, the webhook fails to define interception rules for the 'namespace/finalize' and...

3.9CVSS5.8AI score0.00202EPSS
Exploits1References9
Fedora
Fedora
added 2026/05/26 12:56 a.m.15 views

[SECURITY] Fedora 44 Update: unbound-1.25.1-1.fc44

Unbound is a validating, recursive, and caching DNSSEC resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modula...

10CVSS5.8AI score0.01272EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/08 3:5 p.m.11 views

CVE-2026-41584

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-chain version 6.0.2, Orchard transactions contain a rk field which is a randomized validating key and also an elliptic curve point. The Zcash specification allows the field to be the identity a "zero"...

9.2CVSS5.7AI score0.00268EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/08 3:5 p.m.3 views

CVE-2026-41584 ZEBRA: rk Identity Point Panic in Transaction Verification

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-chain version 6.0.2, Orchard transactions contain a rk field which is a randomized validating key and also an elliptic curve point. The Zcash specification allows the field to be the identity a "zero"...

9.2CVSS5.9AI score0.00268EPSS
Exploits0References3
Amazon
Amazon
added 2026/04/30 12:0 a.m.13 views

Important: rclone

Issue Overview: gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted...

9.1CVSS7.6AI score0.01557EPSS
Exploits1
Snyk
Snyk
added 2026/04/16 9:38 p.m.7 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the jwksUri field of the RequestAuthentication resource. An attacker can access internal network resources by specifying a URL pointing to an internal service, causing the system to make unauthenticat...

7.7CVSS5.8AI score0.00329EPSS
Exploits0References2
Rows per page
Query Builder