Improper Input Validation

github.com/kcp-dev/kcp is vulnerable to improper input validation. The vulnerability is due to missing UPDATE validation in the initializingworkspaces virtual workspace, which allows an attacker with access to run arbitrary patches on the status field of LogicalCluster objects...

GO-2025-3985 kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace in github.com/kcp-dev/kcp

kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace in github.com/kcp-dev/kcp...

EUVD-2025-31346

Malicious code in bioql PyPI...

GHSA-Q6HV-WCJR-WP8H kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace

Impact Because UPDATE validation is not being applied, it is possible for an actor with access to an instance of the initializingworkspaces virtual workspace to run arbitrary patches on the status field of LogicalCluster objects while the workspace is initializing. This allows to add or remove an...

kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace

Impact Because UPDATE validation is not being applied, it is possible for an actor with access to an instance of the initializingworkspaces virtual workspace to run arbitrary patches on the status field of LogicalCluster objects while the workspace is initializing. This allows to add or remove an...

SUSE CVE-2025-29922

kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.26.3, the identified vulnerability allows creating or deleting an object via the APIExport VirtualWorkspace in any arbitrary target workspace for pre-existing resources. By...

GO-2025-3538 kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace in github.com/kcp-dev/kcp

kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace in github.com/kcp-dev/kcp...

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization through the APIExport VirtualWorkspace. An attacker can create and delete objects in arbitrary target workspaces without the necessary permissions by exploiting this vulnerability. Workaround This vulnerability ca...

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization through the APIExport VirtualWorkspace. An attacker can create and delete objects in arbitrary target workspaces without the necessary permissions by exploiting this vulnerability. Workaround This vulnerability ca...

CVE-2025-29922 kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace

kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.26.3, the identified vulnerability allows creating or deleting an object via the APIExport VirtualWorkspace in any arbitrary target workspace for pre-existing resources. By...

CVE-2025-29922 kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace

kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.26.3, the identified vulnerability allows creating or deleting an object via the APIExport VirtualWorkspace in any arbitrary target workspace for pre-existing resources. By...

PT-2025-12365

Name of the Vulnerable Software and Affected Versions kcp versions prior to 0.26.3 Description The issue allows creating or deleting an object via the APIExport VirtualWorkspace in any arbitrary target workspace for pre-existing resources, even if there is no APIBinding in that workspace or the...

kcp 授权问题漏洞

kcp is kcp-dev open source a Kubernetes-like control plane for Kubernetes and containers. An authorization issue vulnerability exists in kcp versions prior to 0.26.3, which stems from APIExport VirtualWorkspace allowing objects to be created or deleted in an arbitrary target workspace, potentiall...

Checkpoint Abra - Vulnerabilities

Check Point Abra Vulnerabilities Vendor: Check Point Software Technologies Ltd Product web page: http://rus.checkpoint.com/products/abra/index.html; http://www.checkpoint.com/products/go/ Platforms: Windows XP, Vista, 7 32 bit Authors: Belov V., Komarov A. Group-IB Summary: Check Point Abra allow...

Checkpoint Abra Multiple Vulnerabilities

Exploit for windows platform in category local exploits Check Point Abra Vulnerabilities Vendor: Check Point Software Technologies Ltd Product web page: http://rus.checkpoint.com/products/abra/index.html; http://www.checkpoint.com/products/go/ Platforms: Windows XP, Vista, 7 32 bit Summary: Check...

Check Point Abra Bypass / Command Execution

Exploit for php platform in category web applications Check Point Abra Vulnerabilities Vendor: Check Point Software Technologies Ltd Product web page: http://rus.checkpoint.com/products/abra/index.html; http://www.checkpoint.com/products/go/ Platforms: Windows XP, Vista, 7 32 bit Authors: Belov V...

Checkpoint Abra - Multiple Vulnerabilities

Checkpoint Abra - Multiple Vulnerabilities Check Point Abra Vulnerabilities Author: Belov V., Komarov A. Group-IB, http://group-ib.ru Vendor: Check Point Software Technologies Ltd Product web page: http://rus.checkpoint.com/products/abra/index.html; http://www.checkpoint.com/products/go/ Platform...

Check Point Abra Bypass / Command Execution

Check Point Abra Vulnerabilities Vendor: Check Point Software Technologies Ltd Product web page: http://rus.checkpoint.com/products/abra/index.html; http://www.checkpoint.com/products/go/ Platforms: Windows XP, Vista, 7 32 bit Authors: Belov V., Komarov A. Group-IB Summary: Check Point Abra allow...

Checkpoint Abra - Multiple Vulnerabilities

Check Point Abra Vulnerabilities Author: Belov V., Komarov A. Group-IB, http://group-ib.ru Vendor: Check Point Software Technologies Ltd Product web page: http://rus.checkpoint.com/products/abra/index.html; http://www.checkpoint.com/products/go/ Platforms: Windows XP, Vista, 7 32 bit Summary: Che...