CVE-2026-45224

Crabbox before 0.9.0 contains a path traversal vulnerability in the Islo provider's workspace path resolution that allows attackers to supply absolute or relative paths that resolve outside the intended /workspace directory. Attackers can craft a malicious .crabbox.yaml or crabbox.yaml file with...

CVE-2026-27112 Kargo has an Authorization Bypass Vulnerability in Batch Resource Creation API Endpoints

Kargo manages and automates the promotion of software artifacts. From 1.7.0 to before v1.7.8, v1.8.11, and v1.9.3, the batch resource creation endpoints of both Kargo's legacy gRPC API and newer REST API accept multi-document YAML payloads. Specially crafted payloads can manifest a bug present in...

CVE-2025-62348 Salt junos module uses an unsafe YAML loader which may allow unintended code execution

Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process...

EUVD-2023-12516

Malicious code in bioql PyPI...

AZL-55947 CVE-2024-10846 affecting package docker-compose for versions less than 2.27.0-4

The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included...

CVE-2024-37285

A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious user to have a combination of both specific Elasticsearch indices privileges...

CVE-2024-37288

CVE-2024-37288 affects Kibana via a YAML deserialization flaw that can lead to arbitrary code execution. Exploitation is possible without user interaction over network with low privileges, targeting environments using Elastic Security AI tools and an Amazon Bedrock connector; impact to confidenti...

PT-2024-5982 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Elastic Kibana affected versions not specified Description: A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that...

CVE-2023-0462

An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload...

CVE-2023-0462

An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload...

CVE-2023-0462

An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload...

Code injection

An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload...

CVE-2023-0462 Arbitrary code execution through yaml global parameters

An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload...

CVE-2023-0462

CVE-2023-0462 is a Foreman-related arbitrary code execution vulnerability. The flaw allows an admin to execute arbitrary OS code by supplying a YAML payload in global parameters, enabling code execution within the Foreman/Satellite context. Connected advisories show multiple Red Hat Satellite/For...

Oracle Linux 7 : olcne / kubernetes (ELSA-2020-5653)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5653 advisory. - CVE-2019-11254 kube-apiserver Denial of Service vulnerability from malicious YAML payloads - Golang CVE-2019-16276 - Golang CVE-2019-16276 Tenable has extract...

CVE-2023-0462

An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload...

CVE-2021-22557 Code execution in SLO Generator via YAML Payload

SLO generator allows for loading of YAML files that if crafted in a specific format can allow for code execution within the context of the SLO Generator. We recommend upgrading SLO Generator past https://github.com/google/slo-generator/pull/173...

DEBIAN-CVE-2019-11254

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML...

AZL-44808 CVE-2019-11254 affecting package buildah for versions less than 1.41.4-2

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML...

Input validation

Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming...