Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Fri, 05 Jun 2026 19:03:50 +0000 9b15f3d7-83b5-4e22-8f91-0500cd43e64a https://vulnerability.circl.lu/sighting/9b15f3d7-83b5-4e22-8f91-0500cd43e64a/export {"uuid": "9b15f3d7-83b5-4e22-8f91-0500cd43e64a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-10840", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/116692281779225455", "content": "https://access.redhat.com/security/cve/cve-2026-10840\n\nA flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the cluster, any authenticated user can disrupt workload scheduling, tamper with scheduling priorities, delete other tenants' Workload objects, or induce cert-manager to overwrite TLS Secrets including the default ingress controller certificate.", "creation_timestamp": "2026-06-04T14:21:53.814832Z"} {"uuid": "9b15f3d7-83b5-4e22-8f91-0500cd43e64a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-10840", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/116692281779225455", "content": "https://access.redhat.com/security/cve/cve-2026-10840\n\nA flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the cluster, any authenticated user can disrupt workload scheduling, tamper with scheduling priorities, delete other tenants' Workload objects, or induce cert-manager to overwrite TLS Secrets including the default ingress controller certificate.", "creation_timestamp": "2026-06-04T14:21:53.814832Z"} https://vulnerability.circl.lu/sighting/9b15f3d7-83b5-4e22-8f91-0500cd43e64a/export Thu, 04 Jun 2026 14:21:53 +0000