CVE-2025-15566 ingress-nginx auth-proxy-set-headers nginx configuration injection

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...

EUVD-2025-206889

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...

CVE-2025-15566

CVE-2025-15566 affects ingress-nginx via the auth-proxy-set-headers annotation that can inject configuration into nginx, enabling arbitrary code execution in the ingress-nginx controller and disclosure of Secrets accessible cluster-wide. Connected sources confirm the vulnerability lies in the ann...

PT-2026-6720

Name of the Vulnerable Software and Affected Versions itsourcecode School Management System version 1.0 Description A flaw exists in itsourcecode School Management System that allows for SQL injection. The issue is located in an unknown part of the file /ramonsys/settings/controller.php...

itsourcecode Student Management System SQL注入漏洞

itsourcecode Student Management System is an open-source student management system developed by itsourcecode. Version 1.0 of the itsourcecode Student Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of parameter IDs in the file...

itsourcecode School Management System SQL注入漏洞

itsourcecode School Management System is an open-source school management system developed by itsourcecode. Version 1.0 of itsourcecode School Management System has a SQL injection vulnerability. This vulnerability arises from incorrect operations with parameter IDs in the file...

PT-2026-6670

Name of the Vulnerable Software and Affected Versions ingress-nginx affected versions not specified Description A security issue exists in ingress-nginx where the nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress annotation can be used to inject configuration into nginx. This can result ...

Kubernetes ingress-nginx 安全漏洞

Kubernetes ingress-nginx is a Kubernetes entry controller open source by the Cloud Native Computing Foundation. It uses NGINX as a reverse proxy and load balancer. There is a security vulnerability in Kubernetes ingress-nginx. This vulnerability stems from the...

PT-2026-6693

Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A flaw exists in itsourcecode Student Management System that allows for remote SQL injection. The issue is located in the /ramonsys/enrollment/controller.php file, specifically...

CVE-2026-24514

A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, which may result in the ingress-nginx...

CVE-2026-24512

A security issue was discovered in ingress-nginx where the rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note tha...

SUSE CVE-2026-23055

In the Linux kernel, the following vulnerability has been resolved: i2c: riic: Move suspend handling to NOIRQ phase Commit 53326135d0e0 "i2c: riic: Add suspend/resume support" added suspend support for the Renesas I2C driver and following this change on RZ/G3E the following WARNING is seen on...

SUSE CVE-2026-23082

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: unanchor URL on usbsubmiturb error In commit 7352e1d5932a "can: gsusb: gsusbreceivebulkcallback: fix URB memory leak", the URB was re-anchored before usbsubmiturb in gsusbreceivebulkcallback ...

CVE-2019-25285

Alps Pointing-device Controller 8.1202.1711.04 contains an unquoted service path vulnerability in the ApHidMonitorService that allows local attackers to execute code with elevated privileges. Attackers can place a malicious executable in the service path and gain system-level access when the...

PT-2026-6726

Name of the Vulnerable Software and Affected Versions Spree versions prior to 5.0.8 Spree versions prior to 5.1.10 Spree versions prior to 5.2.7 Spree versions prior to 5.3.2 Description Spree, an open source e-commerce solution, contains a flaw where unauthenticated users can view completed gues...

ALPS ALPINE Pointing-device Controller 代码问题漏洞

ALPS ALPINE Pointing-device Controller is a control software for a heavy-touch tablet by the Japanese company ALPS ALPINE. Version 8.1202.1711.04 of ALPS ALPINE Pointing-device Controller contains a code vulnerability. This vulnerability stems from a service path in ApHidMonitorService that lacks...

📄 Ingress-NGINX Admission Controller 1.11.1 Remote Code Execution

Ingress-NGINX Admission Controller version 1.11.1 remote code execution proof of concept exploit that chains together multiple vulnerabilities. Exploit Title: Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE Date: 2025-10-07 Exploit Author: Beatriz Fresno Naumova Vendor Homepage:...

EUVD-2019-19385

Alps Pointing-device Controller 8.1202.1711.04 contains an unquoted service path vulnerability in the ApHidMonitorService that allows local attackers to execute code with elevated privileges. Attackers can place a malicious executable in the service path and gain system-level access when the...

CVE-2019-25285

Alps Pointing-device Controller 8.1202.1711.04 contains an unquoted service path vulnerability in the ApHidMonitorService that allows local attackers to execute code with elevated privileges. Attackers can place a malicious executable in the service path and gain system-level access when the...

CVE-2026-25518

cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. In versions from 1.18.0 to before 1.18.5 and from 1.19.0 to before 1.19.3, the cert-manager-controller performs DNS...