CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.9	CVE-2026-50563	Fission Container Executor Function PodSpec Injection Leading to Node Escape_CVE-2026-50563 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior...	fission	fission < 1.24.0	Jun 10, 2026	CVE
CRITICAL 9.9	CVE-2026-50545	Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover_CVE-2026-50545 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior...	fission	fission < 1.24.0	Jun 10, 2026	CVE
HIGH 8.5	CVE-2026-49824	Fission: Cross-namespace Environment reference via unvalidated EnvironmentRef in Function admission webhook_CVE-2026-49824 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior...	fission	fission < 1.24.0	Jun 10, 2026	CVE
HIGH 7.7	CVE-2026-49823	Fission: Cross-namespace Package read via unvalidated PackageRef in Function admission webhook_CVE-2026-49823 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior...	fission	fission < 1.24.0	Jun 10, 2026	CVE
HIGH 7.7	CVE-2026-49822	Fission: Cross-namespace event leakage via KubernetesWatchTrigger allows persistent tenant surveillance_CVE-2026-49822 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior...	fission	fission < 1.24.0	Jun 10, 2026	CVE
HIGH 7.7	CVE-2026-49821	Fission: Cross-namespace Environment reference in Package allows build-time command execution and SA token exfiltration_CVE-2026-49821 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior...	fission	fission < 1.24.0	Jun 10, 2026	CVE
MEDIUM 6.1	CVE-2026-46642	draw.io: XSS via crafted cell label when opening a .drawio file_CVE-2026-46642 draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.12, a crafted .drawio file can execute arbitrary JavaScr...	jgraph	drawio < 29.7.12	Jun 10, 2026	CVE
MEDIUM 6.9	CVE-2026-46618	Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executables_CVE-2026-46618 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior...	fission	fission < 1.23.0	Jun 10, 2026	CVE
HIGH 8.7	CVE-2026-46617	Fission runtime pods automount the fission-fetcher service-account token into the user function container, granting function code namespace-wide secret / configmap read_CVE-2026-46617 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior...	fission	fission < 1.23.0	Jun 10, 2026	CVE
CRITICAL 9.8	CVE-2026-46614	Fission router exposes /fission-function// on its public listener, allowing invocation of any function without an HTTPTrigger_CVE-2026-46614 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior...	fission	fission < 1.23.0	Jun 10, 2026	CVE