CVE-2025-46599 – K3s Kubernetes Kubelet ReadWritePort Remote Authentication Bypass

April 25, 2025

CVE ID : CVE-2025-46599

Published : April 25, 2025, 5:15 a.m. | 2 hours, 15 minutes ago

Description : CNCF K3s 1.32 before 1.32.4-rc1+k3s1 has a Kubernetes kubelet configuration change with the unintended consequence that, in some situations, ReadOnlyPort is set to 10255. For example, the default behavior of a K3s online installation might allow unauthenticated access to this port, exposing credentials.

Severity: 6.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-0671 – Icegram Express WordPress Stored Cross-Site Scripting Vulnerability

Next Article CVE-2025-3775 – ShopLentor WooCommerce Builder SSRF Vulnerability

Highlights

CVE-2025-37979 – Qualcomm ASoC qcom Linux Kernel Buffer Overflow

May 20, 2025

CVE ID : CVE-2025-37979

Published : May 20, 2025, 5:15 p.m. | 1 hour, 34 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

ASoC: qcom: Fix sc7280 lpass potential buffer overflow

Case values introduced in commit
5f78e1fb7a3e (“ASoC: qcom: Add driver support for audioreach solution”)
cause out of bounds access in arrays of sc7280 driver data (e.g. in case
of RX_CODEC_DMA_RX_0 in sc7280_snd_hw_params()).

Redefine LPASS_MAX_PORTS to consider the maximum possible port id for
q6dsp as sc7280 driver utilizes some of those values.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How To Prevent WordPress SQL Injection Attacks

Credit Card Sins

Azul significantly cuts down on false positives in Java vulnerability detection with latest update to Azul Intelligence Cloud

The state of strategic portfolio management

Xbox Games Showcase reveals Indiana Jones and the Great Circle to get new DLC this fall

Tony Hawk’s Pro Skater 3 + 4 demo now is available now if you preorder — Michelangelo is coming too

“The full Call of Duty package”: Black Ops 7 has been confirmed during the Xbox Games Showcase, and no, it is not an expansion

Final Fantasy VII Remake and Final Fantasy XVI are FINALLY launching for Xbox consoles — One of which is available right now!

Neobrutalism CSS Button Generator

Neobrutalism CSS Button Generator

How to Become a Node.js Backend Developer

Professor Rita McGrath on Leading in Times of Uncertainty

Microsoft mocks macOS 26 Liquid Design with Windows Aero throwback (Windows Vista)

Microsoft mocks macOS 26 Liquid Design with Windows Aero throwback (Windows Vista)

Hindsite is a fast, lightweight static website generator

Orange Pi 5 Ultra and Max Single Board Computers Running Linux: Introduction

CVE-2025-46599 – K3s Kubernetes Kubelet ReadWritePort Remote Authentication Bypass

SinoTrack GPS Devices Vulnerable to Remote Vehicle Control via Default Passwords

Microsoft Office Vulnerabilities Let Attackers Execute Remote Code

CVE-2025-22756 – CVE-2022-47947: Apache HTTP Server Command Injection

A Template

CVE-2025-3513 – “SureForms WordPress Stored Cross-Site Scripting”

CVE-2018-25110 – Apache Marked ReDoS Vulnerability

CVE-2025-37979 – Qualcomm ASoC qcom Linux Kernel Buffer Overflow

CVE-2025-4014 – PHPGurukul Art Gallery Management System SQL Injection Vulnerability

Influential Mainframers Trivia

Subatomic Update: Publishing & Adopting Design Token Systems!

CVE-2025-46599 – K3s Kubernetes Kubelet ReadWritePort Remote Authentication Bypass

Related Posts