Author: Cyberthreat Blog

Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object.

kittoframework kitto 0.5.1 is vulnerable to directory traversal in the router resulting in remote code execution

Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON name and map share control

Stored XSS in chevereto CMS before version 3.8.11

Mautic 2.6.1 and earlier fails to set flags on session cookies