Lucene search
+L

83 matches found

Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.15 views

PT-2026-36977

Name of the Vulnerable Software and Affected Versions ArchiveBox affected versions not specified Description The '/add/' endpoint AddView in core/views.py allows the injection of arbitrary configuration into crawl jobs because the config JSON field is merged without validation. This configuration...

9.8CVSS6.4AI score0.00404EPSS
Exploits1References12
OSV
OSV
added 2026/04/10 7:21 p.m.7 views

GHSA-FM2X-C5QW-4H6F LXD: VM lowlevel restriction bypass via raw.apparmor and raw.qemu.conf

Summary The isVMLowLevelOptionForbidden function in lxd/project/limits/permissions.go is missing raw.apparmor and raw.qemu.conf from its hardcoded forbidden list. A user with canedit permission on a VM instance in a restricted project can combine these two omissions to bridge the LXD unix socket...

9.1CVSS6AI score0.00363EPSS
Exploits0References4
OSV
OSV
added 2026/04/09 10:16 a.m.3 views

DEBIAN-CVE-2026-34177

Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden lxd/project/limits/permissions.go, which omits raw.apparmor and raw.qemu.conf from the set of keys blocked under the restricted.virtual-machines.lowlevel=block project restriction. A remote...

9.1CVSS5.4AI score0.00363EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/31 10:58 p.m.6 views

CVE-2026-33026

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui backup restore mechanism allows attackers to tamper with encrypted backup archives and inject malicious configuration during restoration. This issue has been patched in version 2.3.4...

9.4CVSS5.8AI score0.00328EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/03/28 6:28 p.m.9 views

SUSE CVE-2026-4342

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...

8.8CVSS6.4AI score0.01494EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/26 2:58 p.m.10 views

CVE-2026-4342

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...

8.8CVSS6.4AI score0.01494EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/20 3:32 a.m.1 views

CVE-2026-4468 Comfast CF-AC100 mbox-config command injection

A vulnerability was determined in Comfast CF-AC100 2.6.0.8. Affected is an unknown function of the file /cgi-bin/mbox-config?method=SET&section=updateinterfacepng. This manipulation causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...

5.8CVSS5.5AI score0.02097EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/20 12:31 a.m.13 views

ingress-nginx comment-based nginx configuration injection

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...

8.8CVSS6.4AI score0.01494EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/19 9:50 p.m.12 views

CVE-2026-4342

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...

8.8CVSS6.3AI score0.01494EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/03/12 12:0 a.m.18 views

Ingress-NGINX Controller < 1.13.8 / 1.14.x < 1.14.4 / 1.15.x < 1.15.0 Configuration Injection

The version of Ingress-NGINX controller installed on the remote host is prior to 1.13.8, 1.14.4, or 1.15.0. It is, therefore, affected by a configuration injection vulnerability. A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/rewrite-target Ingress annotati...

8.8CVSS7.7AI score0.06669EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/09 9:0 p.m.35 views

CVE-2026-3288 ingress-nginx rewrite-target nginx configuration injection

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/rewrite-target Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible t...

8.8CVSS0.06669EPSS
Exploits1References1
OSV
OSV
added 2026/03/09 7:55 p.m.9 views

GHSA-93FX-5QGC-WR38 AzuraCast: RCE via Liquidsoap string interpolation injection in station metadata and playlist URLs

Summary AzuraCast's ConfigWriter::cleanUpString method fails to sanitize Liquidsoap string interpolation sequences ..., allowing authenticated users with StationPermissions::Media or StationPermissions::Profile permissions to inject arbitrary Liquidsoap code into the generated configuration file...

8.7CVSS6AI score
Exploits0References5
CNNVD
CNNVD
added 2026/03/09 12:0 a.m.10 views

Kubernetes ingress-nginx 安全漏洞

Kubernetes ingress-nginx is a Kubernetes entry controller open-sourced by the Cloud Native Computing Foundation. It uses NGINX as a reverse proxy and load balancer. There is a security vulnerability in Kubernetes ingress-nginx, where the comment on nginx.ingress.kubernetes.io/rewrite-target can b...

8.8CVSS7.7AI score0.06669EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.10 views

PT-2026-24119

Name of the Vulnerable Software and Affected Versions ingress-nginx versions prior to 1.13.7 ingress-nginx versions prior to 1.14.3 Description A security issue exists due to insufficient input validation when processing Ingress resource annotations. An attacker can use the...

9CVSS7.9AI score0.06669EPSS
Exploits1References32
Tenable Nessus
Tenable Nessus
added 2026/02/23 12:0 a.m.11 views

OpenClaw < 2026.2.15 Multiple Vulnerabilities

The version of the OpenClaw AI assistant installed on the remote host is prior to 2026.2.15. It is, therefore, affected by multiple vulnerabilities, including: - A configuration injection issue in the Docker tool sandbox could allow dangerous Docker options such as bind mounts, host networking, a...

9.8CVSS6AI score0.00479EPSS
Exploits1References14
Cvelist
Cvelist
added 2026/02/19 11:12 p.m.45 views

CVE-2026-27002 OpenClaw: Docker container escape via unvalidated bind mount config injection

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a configuration injection issue in the Docker tool sandbox could allow dangerous Docker options bind mounts, host networking, unconfined profiles to be applied, enabling container escape or host data access. OpenClaw 2026.2.15 block...

7.7CVSS0.00479EPSS
Exploits0References3
OSV
OSV
added 2026/02/16 3:57 p.m.5 views

BIT-NGINX-INGRESS-CONTROLLER-2026-1580 ingress-nginx auth-method nginx configuration injection

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to t...

8.8CVSS6.4AI score0.00485EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/11 1:33 a.m.8 views

CVE-2026-25498

Craft is a platform for creating digital experiences. In versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, a Remote Code Execution RCE vulnerability exists in Craft CMS where the assembleLayoutFromPost function in src/services/Fields.php fails to sanitize user-supplied configuratio...

8.6CVSS6.2AI score0.0097EPSS
Exploits2References1
OSV
OSV
added 2026/02/10 8:50 a.m.7 views

BIT-NGINX-INGRESS-CONTROLLER-2025-15566 ingress-nginx auth-proxy-set-headers nginx configuration injection

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...

8.8CVSS6.4AI score0.00469EPSS
Exploits0References2
NVD
NVD
added 2026/02/10 4:16 a.m.11 views

CVE-2026-23686

Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If processed by the application, this content enables injection of untrusted entries into generated...

3.4CVSS0.00164EPSS
Exploits0References2
Rows per page
Query Builder