Tomer

**Name of the Vulnerable Software and Affected Versions** Kubernetes versions prior to 1.29.14 Kubernetes versions prior to 1.30.10 Kubernetes versions prior to 1.31.6 **Description** This issue is a command injection affecting Windows worker nodes via the `/logs` query API. The vulnerability allows attackers to execute arbitrary commands on the host machine. The `pattern` parameter of the NodeLogQuery feature is directly passed to PowerShell without filtering, enabling command injection for any user or service account with GET permissions on `nodes/logs`. Successful exploitation allows execution of commands with SYSTEM privileges on all Windows nodes. **Recommendations** Upgrade Kubernetes to version 1.29.14 or later. Upgrade Kubernetes to version 1.30.10 or later. Upgrade Kubernetes to version 1.31.6 or later.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 7.0.3 **Description** The issue allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app. **Recommendations** For versions prior to 7.0.3, update to version 7.0.3 or later to resolve the issue.