47 matches found
CVE-2026-8229 Wavlink NU516U1 wireless.cgi WifiBasic os command injection
A vulnerability was detected in Wavlink NU516U1 240425. The affected element is the function WifiBasic of the file /cgi-bin/wireless.cgi. Performing a manipulation of the argument AuthMethod/EncrypType results in os command injection. Remote exploitation of the attack is possible. The exploit is...
CVE-2026-8229 Wavlink NU516U1 wireless.cgi WifiBasic os command injection
A vulnerability was detected in Wavlink NU516U1 240425. The affected element is the function WifiBasic of the file /cgi-bin/wireless.cgi. Performing a manipulation of the argument AuthMethod/EncrypType results in os command injection. Remote exploitation of the attack is possible. The exploit is...
CVE-2026-8229
A vulnerability was detected in Wavlink NU516U1 240425. The affected element is the function WifiBasic of the file /cgi-bin/wireless.cgi. Performing a manipulation of the argument AuthMethod/EncrypType results in os command injection. Remote exploitation of the attack is possible. The exploit is...
CVE-2026-22545
Mattermost versions 10.11.x = 10.11.10 fail to validate user's authentication method when processing account auth type switch which allows an authenticated attacker to change account password without confirmation via falsely claiming a different auth provider.. Mattermost Advisory ID:...
BIT-NGINX-INGRESS-CONTROLLER-2026-1580 ingress-nginx auth-method nginx configuration injection
A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to t...
GO-2026-4423 ingress-nginx's `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx in k8s.io/ingress-nginx
ingress-nginx's nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx in k8s.io/ingress-nginx. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this ...
PT-2026-6527
ingress-nginx's nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx in k8s.io/ingress-nginx. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this ...
ingress-nginx's `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx
A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to t...
GHSA-9H3P-52VH-959W ingress-nginx's `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx
A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to t...
PT-2026-6404
A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to t...
CVE-2026-1580
A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to t...
CVE-2026-1580
A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to t...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation via the nginx.ingress.kubernetes.io/auth-method annotation, which allows injection of configuration into nginx. An attacker can execute arbitrary code in the context of the ingress controller and access sensiti...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation via the nginx.ingress.kubernetes.io/auth-method annotation, which allows injection of configuration into nginx. An attacker can execute arbitrary code in the context of the ingress controller and access sensiti...
CVE-2026-24512 ingress-nginx auth-method nginx configuration injection
A security issue was discovered in ingress-nginx where the rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note tha...
CVE-2026-24512
Ingress-NGINX Controller vulnerability CVE-2026-24512: the rules.http.paths.path Ingress field can inject configuration into nginx, enabling arbitrary code execution and access to controller-scoped Secrets. Affected versions include k8s.io/ingress-nginx before 1.13.7 and 1.14.x before 1.14.3; rem...
CVE-2026-1580 ingress-nginx auth-method nginx configuration injection
A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to t...
CVE-2026-1580
A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to t...
CVE-2026-1580
CVE-2026-1580 affects the ingress-nginx controller. The vulnerability arises from the nginx.ingress.kubernetes.io/auth-method Ingress annotation, which can be used to inject configuration into nginx, enabling arbitrary code execution in the controller context and disclosure of Secrets accessible ...
Kubernetes ingress-nginx 安全漏洞
Kubernetes ingress-nginx is a Kubernetes entry controller open-sourced by the Cloud Native Computing Foundation. It uses NGINX as a reverse proxy and load balancer. There is a security vulnerability in Kubernetes ingress-nginx. This vulnerability stems from the...