CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/06/01 6:0 p.m.•13 views

EUVD-2026-33739

Cvelist•added 2026/06/01 6:0 p.m.•30 views

CVE-2026-30963 Capsule Namespace Hijacking via subresource

3.9CVSS0.00254EPSS

CVE•added 2026/06/01 6:0 p.m.•18 views

CVE-2026-30963

Capsule (a Kubernetes multi-tenancy framework) relied on a webhook to validate namespace updates, but prior to v0.13.0 it did not intercept namespace/status or namespace/finalize subresource changes. This omission enables a tenant with permission to modify those subresources to hijack other names...

Exploits1References2Affected Software1

OSV•added 2026/05/28 5:1 p.m.•5 views

GHSA-2WW6-HF35-MFJM Capsule Namespace Hijacking via subresource

Summary To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests targeting namespaces. However, in Kubernetes, the namespace/finalize and namespace/status subresource APIs can also modify various fields of a...

Github Security Blog•added 2026/05/28 5:1 p.m.•15 views

Exploits1References4

Capsule Namespace Hijacking via subresource

Exploits1References4Affected Software1

Positive Technologies•added 2026/05/28 12:0 a.m.•10 views

PT-2026-44722

Name of the Vulnerable Software and Affected Versions Capsule versions prior to 0.13.0 Description Capsule uses a webhook to validate update requests targeting namespaces to prevent namespace hijacking. However, the webhook fails to define interception rules for the 'namespace/finalize' and...

Snyk•added 2026/02/12 10:6 p.m.•4 views

Exploits1References9

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the overrides.yoke.cd/flight annotation, which allows a user-supplied URL to be used directly by the controller without validation. An attacker can execute arbitrary code within the controller context by...

8.8CVSS6.2AI score0.004EPSS

Snyk•added 2026/02/12 10:6 p.m.•3 views

Arbitrary Code Injection

8.8CVSS6.2AI score0.004EPSS

RedHat Linux•added 2025/03/20 4:53 a.m.•4 views

Important: Red Hat Security Advisory: Gatekeeper v3.18.0

Gatekeeper v3.18.0 Gatekeeper v3.18.0 Gatekeeper is a validating webhook with auditing capabilities that can enforce custom resource definition-based policies that are run with the Open Policy Agent OPA. Gatekeeper is supported through a Red Hat Advanced Cluster Management for Kubernetes...

7.5CVSS6.6AI score0.00868EPSS

Exploits0References8

Github Security Blog•added 2022/08/18 7:2 p.m.•55 views

Duplicate Advisory: KubeVirt arbitrary host file read from the VM

Duplicate Advisory This advisory is a duplicate of GHSA-qv98-3369-g364. This link is maintained to preserve external references. Original Description Summary As part of a Kubevirt audit performed by NCC group, a finding dealing with systemic lack of path sanitization which leads to a path travers...

8.7CVSS7.7AI score0.00356EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2022/08/18 12:0 a.m.•3 views

PT-2022-14121 · Kubevirt +1 · Kubevirt +1

Name of the Vulnerable Software and Affected Versions: KubeVirt versions up to 0.56 KubeVirt version 0.55.1 Description: A path traversal vulnerability in KubeVirt allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are...

9.3CVSS8.8AI score0.02737EPSS

Exploits2References35

Tenable Nessus•added 2022/05/10 12:0 a.m.•43 views

Oracle Linux 7 / 8 : olcne / istio / istio (ELSA-2022-9362)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9362 advisory. - Addresses CVE-2022-24726, CVE-2022-24921 istio Tenable has extracted the preceding description block directly from the Oracle Linux security...

7.5CVSS7.3AI score0.03228EPSS

NVD•added 2022/03/10 9:15 p.m.•23 views

CVE-2022-24726

Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing when the...

7.5CVSS0.01529EPSS

Vulnrichment•added 2022/03/10 8:45 p.m.•6 views

CVE-2022-24726 Unauthenticated control plane denial of service attack in Istio

7.5CVSS7.6AI score0.01529EPSS

Veracode•added 2021/09/21 7:22 a.m.•23 views

Information Disclosure

github.com/kubernetes/kubernetes is vulnerable to information disclosure and malicious redirection. If --profiling is enabled on the kube-apiserver, an attacker with a control over a validating or mutating webhook are able to access the kube-apiserver process logs and are able to redirect...

4.1CVSS4.2AI score0.01953EPSS

Exploits0References4Affected Software1

OSV•added 2021/09/20 5:15 p.m.•3 views

DEBIAN-CVE-2020-8561

A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the lo...

4.1CVSS5AI score0.01953EPSS

Exploits0References1

OSV•added 2021/09/20 5:15 p.m.•2 views

UBUNTU-CVE-2020-8561

4.1CVSS6.6AI score0.01953EPSS