Lucene search
+L

27 matches found

nvd
nvd
added yesterday5 views

CVE-2026-55723

When NGINX Ingress Controller is configured with Custom Resource Definitions CRDs or Ingress annotations, an injection vulnerability exists in the configuration generator of NGINX Ingress Controller. Multiple user-controllable fields are written into the generated NGINX configuration without...

8.7CVSS
Exploits0References1
euvd
euvd
added yesterday5 views

EUVD-2026-44680

When NGINX Ingress Controller is configured with Custom Resource Definitions CRDs or Ingress annotations, an injection vulnerability exists in the configuration generator of NGINX Ingress Controller. Multiple user-controllable fields are written into the generated NGINX configuration without...

8.7CVSS6.2AI score
Exploits0References1
cve
cve
added yesterday29 views

CVE-2026-55723

CVE-2026-55723 betreft een injection kwetsbaarheid in de configuratie generator van de NGINX Ingress Controller. Bij configuratie via CRDs of Ingress-annotaties worden meerdere door de gebruiker beheerde velden in de gegenereerde NGINX-configuratie geschreven zonder sanering. Een geautoriseerde b...

8.7CVSS6.2AI score
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added yesterday6 views

PT-2026-60183

Name of the Vulnerable Software and Affected Versions NGINX Ingress Controller affected versions not specified Description An injection flaw exists in the configuration generator when the software is configured with Custom Resource Definitions CRDs or Ingress annotations. Multiple user-controllab...

8.7CVSS6.2AI score
Exploits0References4
redhat
redhat
added 2026/07/01 2:36 p.m.13 views

Critical: Red Hat Security Advisory: Cluster Observability Operator 1.5.0

The Cluster Observability Operator COO is a Red Hat OpenShift Container Platform Operator that you can deploy to manage observability component stacks by using custom resource descriptions CRDs. The 1.5 release of COO...

9.8CVSS6.7AI score0.03732EPSS
Exploits18References44
osv
osv
added 2026/06/24 11:7 a.m.5 views

BIT-NGINX-GATEWAY-FABRIC-2026-11311 NGINX Gateway Fabric vulnerability

When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens field and the...

8.6CVSS6AI score0.00567EPSS
Exploits0References2
snyk
snyk
added 2026/06/17 4:39 p.m.5 views

Improper Neutralization of Equivalent Special Elements

Overview Affected versions of this package are vulnerable to Improper Neutralization of Equivalent Special Elements via the NGINX configuration generator component. An attacker can inject arbitrary NGINX configuration directives by supplying crafted values to the serverTokens or extraAuthArgs...

8.6CVSS5.9AI score0.00567EPSS
Exploits0References2
snyk
snyk
added 2026/06/17 4:39 p.m.6 views

Improper Neutralization of Equivalent Special Elements

Overview Affected versions of this package are vulnerable to Improper Neutralization of Equivalent Special Elements via the NGINX configuration generator component. An attacker can inject arbitrary NGINX configuration directives by supplying crafted values to the serverTokens or extraAuthArgs...

8.6CVSS5.9AI score0.00567EPSS
Exploits0References2
osv
osv
added 2026/06/17 3:16 p.m.2 views

CVE-2026-11311

When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens field and the...

6.5CVSS6.1AI score
Exploits0References1
cve
cve
added 2026/06/17 2:4 p.m.81 views

CVE-2026-11311

CVE-2026-11311 affects NGINX Gateway Fabric when used with NGINX Plus. The vulnerability resides in the NGINX configuration generator: user-supplied values from the NginxProxy CRD serverTokens field and the AuthenticationFilter CRD extraAuthArgs field are rendered directly into NGINX configuratio...

8.6CVSS5.6AI score0.00567EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2026/06/17 2:4 p.m.26 views

CVE-2026-11311 NGINX Gateway Fabric vulnerability

When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens field and the...

8.6CVSS0.00567EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.19 views

PT-2026-50429

Name of the Vulnerable Software and Affected Versions NGINX Gateway Fabric affected versions not specified Description An injection issue exists in the NGINX configuration generator component when NGINX Plus is used as the data plane. User-supplied string values from the serverTokens field of the...

8.6CVSS6AI score0.00567EPSS
Exploits0References11
redhat
redhat
added 2026/06/15 2:53 p.m.17 views

Important: Red Hat Security Advisory: Cluster Observability Operator 1.5.0

The Cluster Observability Operator COO is a Red Hat OpenShift Container Platform Operator that you can deploy to manage observability component stacks by using custom resource descriptions CRDs. The 1.5 release of COO...

9.9CVSS6.5AI score0.01161EPSS
Exploits2References7
attackerkb
attackerkb
added 2026/06/04 12:4 p.m.6 views

CVE-2026-10840

A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the...

7.1CVSS5.8AI score0.00173EPSS
Exploits0References5
redhat
redhat
added 2026/03/17 2:16 p.m.7 views

Important: Red Hat Security Advisory: Cluster Observability Operator 1.4.0

The Cluster Observability Operator COO is a Red Hat OpenShift Container Platform Operator that you can deploy to manage observability component stacks by using custom resource descriptions CRDs. The 1.4 release of COO...

8.2CVSS5.8AI score0.01535EPSS
Exploits0References4
redhat
redhat
added 2025/11/12 4:21 p.m.6 views

Important: Red Hat Security Advisory: Cluster Observability Operator 1.3.0

The Cluster Observability Operator COO is a Red Hat OpenShift Container Platform Operator that you can deploy to manage observability component stacks by using custom resource descriptions CRDs. The 1.3 release of COO...

9.4CVSS6.8AI score0.01735EPSS
Exploits1References5
redhatcve
redhatcve
added 2025/05/23 9:10 a.m.4 views

CVE-2024-56514

Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, both in karmadactl and karmada-operator, it is possible to supply a filesystem path, or an HTTPs URL to retrieve the custom resourc...

5.3CVSS6.9AI score0.00708EPSS
Exploits0References1
nvd
nvd
added 2025/01/03 5:15 p.m.46 views

CVE-2024-56514

Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, both in karmadactl and karmada-operator, it is possible to supply a filesystem path, or an HTTPs URL to retrieve the custom resourc...

5.3CVSS0.00708EPSS
Exploits0References5
cve
cve
added 2025/01/03 4:15 p.m.73 views

CVE-2024-56514

CVE-2024-56514 describes a TarSlip vulnerability in Karmada prior to v1.12.0 where CRDs downloaded from a filesystem path or HTTP(S) URL could be extracted from a gzipped tarfile and write arbitrary files. The flaw occurs when karmadactl or karmada-operator processes CRD archives during initializ...

5.3CVSS6.5AI score0.00708EPSS
Exploits0References5
github
github
added 2025/01/03 4:15 p.m.30 views

Karmada Tar Slips in CRDs archive extraction

Impact What kind of vulnerability is it? Who is impacted? Both in karmadactl and karmada-operator, it is possible to supply a filesystem path, or an HTTPs URL to retrieve the custom resource definitionsCRDs needed by karmada. The CRDs are downloaded as a gzipped tarfile and are vulnerable to a...

5.3CVSS6.8AI score0.00708EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder