Lucene search
+L

29 matches found

cve
cve
added 2026/06/26 4:0 p.m.13 views

CVE-2026-13434

CVE-2026-13434 affects KubeVirt’s network annotation generator used when provisioning VirtualMachineInstance with Multus networks. The flaw writes the supplied networkName verbatim into the v1.multus-cni.io/default-network annotation without format validation or sanitization, with only an empty-s...

4.9CVSS5.9AI score0.00155EPSS
Exploits0References2Affected Software2
github
github
added 2026/05/26 11:57 p.m.24 views

Kata Containers have VM Escape via virtiofsd Argument Injection through Default-Enabled Pod Annotations

Summary Kata Containers ships with a default configuration that allows pod creators to inject arbitrary command-line arguments into the virtiofsd process through the io.katacontainers.config.hypervisor.virtiofsextraargs pod annotation. By injecting -o source=/ along with --no-announce-submounts a...

6AI score0.00057EPSS
Exploits0References3Affected Software1
osv
osv
added 2026/03/23 11:0 a.m.11 views

BIT-NGINX-INGRESS-CONTROLLER-2026-4342 ingress-nginx comment-based nginx configuration injection

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...

8.8CVSS6.4AI score0.01494EPSS
Exploits1References3
githubexploit
githubexploit
added 2026/03/20 2:17 p.m.369 views

Exploit for CVE-2026-4342

CVE-2026-4342 Test Environment Configuration These files set...

8.8CVSS5.8AI score0.01494EPSS
Exploits1
osv
osv
added 2026/03/20 12:31 a.m.9 views

GHSA-F53H-MXV9-CP98 ingress-nginx comment-based nginx configuration injection

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...

8.8CVSS6.4AI score0.01494EPSS
Exploits1References5
nvd
nvd
added 2026/03/19 10:16 p.m.12 views

CVE-2026-4342

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...

8.8CVSS0.01494EPSS
Exploits1References2
attackerkb
attackerkb
added 2026/03/19 9:50 p.m.12 views

CVE-2026-4342

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...

8.8CVSS6.3AI score0.01494EPSS
Exploits1References2
cvelist
cvelist
added 2026/03/19 9:50 p.m.28 views

CVE-2026-4342 ingress-nginx comment-based nginx configuration injection

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...

8.8CVSS0.01494EPSS
Exploits1References1
osv
osv
added 2026/03/19 9:50 p.m.4 views

CVE-2026-4342 ingress-nginx comment-based nginx configuration injection

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...

8.8CVSS7.4AI score0.01494EPSS
Exploits1References5
vulnrichment
vulnrichment
added 2026/03/19 9:50 p.m.7 views

CVE-2026-4342 ingress-nginx comment-based nginx configuration injection

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...

8.8CVSS6.4AI score0.01494EPSS
Exploits1References1
cve
cve
added 2026/03/19 9:50 p.m.168 views

CVE-2026-4342

The CVE-2026-4342 entry concerns ingress-nginx. A combination of Ingress annotations can inject configuration into nginx, enabling arbitrary code execution in the ingress-nginx controller and disclosure of Secrets accessible to the controller. Note that, in default installations, the controller c...

8.8CVSS6.3AI score0.01494EPSS
Exploits1References2Affected Software1
cnnvd
cnnvd
added 2026/03/19 12:0 a.m.9 views

Kubernetes ingress-nginx 安全漏洞

Kubernetes ingress-nginx is a Kubernetes entry controller open-sourced by the Cloud Native Computing Foundation. It uses NGINX as a reverse proxy and load balancer. There is a security vulnerability in Kubernetes ingress-nginx. This vulnerability stems from the Ingress annotation combination, whi...

8.8CVSS7AI score0.01494EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2026/03/17 12:0 a.m.11 views

PT-2026-25976

Name of the Vulnerable Software and Affected Versions jsPDF versions prior to 4.2.1 Description jsPDF is a JavaScript library used to generate PDF documents. A flaw exists where user-controlled arguments within the createAnnotation method can allow the injection of arbitrary PDF objects, includin...

8.1CVSS6.2AI score0.00356EPSS
Exploits0References13
susecve
susecve
added 2026/02/07 12:26 a.m.4 views

SUSE CVE-2026-1580

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to t...

8.8CVSS6.3AI score0.00485EPSS
Exploits0References3
nvd
nvd
added 2026/02/06 4:15 a.m.13 views

CVE-2025-15566

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...

8.8CVSS0.00469EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/02/05 1:22 a.m.7 views

CVE-2026-1580

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to t...

8.8CVSS6.2AI score0.00485EPSS
Exploits0References1
github
github
added 2026/02/04 12:30 a.m.9 views

ingress-nginx's `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to t...

8.8CVSS6.3AI score0.00485EPSS
Exploits0References3Affected Software1
nessus
nessus
added 2026/02/04 12:0 a.m.14 views

Ingress-NGINX Controller < 1.13.7 / 1.14.x < 1.14.3 Multiple Vulnerabilities

The version of Ingress-NGINX controller installed on the remote host is prior to 1.13.7 or 1.14.3. It is, therefore, affected by multiple vulnerabilities: - A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject...

8.8CVSS7.9AI score0.00501EPSS
Exploits2References8
nvd
nvd
added 2026/02/03 11:16 p.m.9 views

CVE-2026-1580

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to t...

8.8CVSS0.00485EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.21 views

EUVD-2023-2661

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.02234EPSS
Exploits0References5
Rows per page
Query Builder