Kubernetes
Introduction On March 24, 2025, a set of critical security vulnerabilities known collectively as "IngressNightmare" were disclosed in the Ingress NGINX Controller for Kubernetes. These vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974) affect the admission controller component and could allow attackers to execute code remotely without authentication. This technical
Kubernetes
Executive Summary CVE-2025-29778 is a security vulnerability affecting Kyverno, a policy engine designed for Kubernetes. This vulnerability allows attackers to bypass intended authorization controls by exploiting the fact that Kyverno versions prior to 1.14.0-alpha.1 incorrectly ignore the subjectRegExp and IssuerRegExp fields during keyless signature verification. This oversight
Kubernetes
Executive Summary CVE-2025-29922 describes an authorization bypass vulnerability in kcp, a Kubernetes-like control plane. This flaw allows an attacker with low privileges to create or delete objects in arbitrary target workspaces through the APIExport VirtualWorkspace, even without proper APIBinding authorization. This bypass occurs because the APIExport VirtualWorkspace lacks a binding