Lucene search
+L

141 matches found

cve
cve
added yesterday15 views

CVE-2026-52865

CVE-2026-52865 affects the NGINX Ingress Controller. When processing Ingress or TransportServer resources, an authenticated remote attacker with write access to create/modify those resources can cause the NGINX Ingress Controller process to terminate, leading to a persistent crash loop in the con...

7.1CVSS6.2AI score
Exploits0References1Affected Software1
cvelist
cvelist
added yesterday30 views

CVE-2026-52865 NGINX Ingress Controller vulnerability

When NGINX Ingress Controller processes Ingress or TransportServer resources, an authenticated, remote attacker with permission to create or modify Ingress or TransportServer resources can cause the NGINX Ingress Controller process to terminate. Impact: The NGINX Ingress Controller control plane...

7.1CVSS
Exploits0References1
euvd
euvd
added yesterday5 views

EUVD-2026-44680

When NGINX Ingress Controller is configured with Custom Resource Definitions CRDs or Ingress annotations, an injection vulnerability exists in the configuration generator of NGINX Ingress Controller. Multiple user-controllable fields are written into the generated NGINX configuration without...

8.7CVSS6.2AI score
Exploits0References1
f5
f5
added yesterday14 views

K000161837: Out-of-band Security Notification (July 15, 2026)

Security Advisory Description On July 15, 2026, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. Article CVE|...

9.2CVSS6.1AI score
Exploits0
f5
f5
added yesterday7 views

K000161834: NGINX Ingress Controller vulnerability CVE-2026-52865

Security Advisory Description When NGINX Ingress Controller processes Ingress or TransportServer resources, an authenticated, remote attacker with permission to create or modify Ingress or TransportServer resources can cause the NGINX Ingress Controller process to terminate. CVE-2026-52865 Impact...

7.1CVSS6.1AI score
Exploits0Affected Software1
f5
f5
added yesterday10 views

K000161800: NGINX Ingress Controller vulnerability CVE-2026-55723

Security Advisory Description When NGINX Ingress Controller is configured with Custom Resource Definitions CRDs or Ingress annotations, an injection vulnerability exists in the configuration generator of NGINX Ingress Controller. Multiple user-controllable fields are written into the generated...

8.7CVSS6.1AI score
Exploits0Affected Software1
ptsecurity
ptsecurity
added yesterday6 views

PT-2026-60183

Name of the Vulnerable Software and Affected Versions NGINX Ingress Controller affected versions not specified Description An injection flaw exists in the configuration generator when the software is configured with Custom Resource Definitions CRDs or Ingress annotations. Multiple user-controllab...

8.7CVSS6.2AI score
Exploits0References4
f5
f5
added 2026/06/17 1:53 p.m.77 views

K000161614: Out-of-band Security Notification (June 17, 2026)

Security Advisory Description On June 17, 2026, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. High CVEs Medi...

9.2CVSS6.2AI score0.03552EPSS
Exploits4
snyk
snyk
added 2026/05/20 7:7 p.m.8 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the diagnostics endpoint. An attacker can obtain sensitive secret-backed plugin configuration data by accessing this endpoint. Remediation Upgrade...

6.1CVSS5.8AI score
Exploits0References3
snyk
snyk
added 2026/05/20 7:7 p.m.10 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the diagnostics endpoint. An attacker can obtain sensitive secret-backed plugin configuration data by accessing this endpoint. Remediation There is no fixed version for...

6.1CVSS5.8AI score
Exploits0References3
osv
osv
added 2026/05/20 7:7 p.m.10 views

GO-2026-5010 Kong Ingress Controller for Kubernetes (KIC): Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint in github.com/kong/kubernetes-ingress-controller

Kong Ingress Controller for Kubernetes KIC: Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint in github.com/kong/kubernetes-ingress-controller...

5.8AI score
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/20 12:0 a.m.23 views

PT-2026-42386

Kong Ingress Controller for Kubernetes KIC: Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint in github.com/kong/kubernetes-ingress-controller...

5.8AI score
Exploits0References2
osv
osv
added 2026/05/19 7:30 p.m.7 views

GHSA-M23H-6MWM-39M8 Kong Ingress Controller for Kubernetes (KIC): Cross-namespace TLS Secret Exfiltration in Gateways with GatewayClass missing `konghq.com/gatewayclass-unmanaged: 'true'` annotation

Summary A vulnerability in the Kong Ingress Controller KIC allows for the unauthorized exfiltration of TLS certificates and private keys across Kubernetes namespace boundaries. In "managed" mode where the GatewayClass lacks an unmanaged annotation, the Gateway TLS translator skips critical status...

6.9CVSS5.9AI score
Exploits0References5
osv
osv
added 2026/05/19 7:28 p.m.13 views

GHSA-3278-C88V-XRH4 Kong Ingress Controller for Kubernetes (KIC): Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint

Summary A vulnerability in the Kong Ingress Controller KIC allows for the unauthorized exposure of sensitive plugin credentials through the diagnostics interface. Even when configured to redact sensitive information using --dump-sensitive-config=false, KIC fails to sanitize the Plugins field in...

4.9CVSS5.8AI score
Exploits0References2
github
github
added 2026/05/19 7:28 p.m.22 views

Kong Ingress Controller for Kubernetes (KIC): Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint

Summary A vulnerability in the Kong Ingress Controller KIC allows for the unauthorized exposure of sensitive plugin credentials through the diagnostics interface. Even when configured to redact sensitive information using --dump-sensitive-config=false, KIC fails to sanitize the Plugins field in...

5.8AI score
Exploits0References2Affected Software3
ptsecurity
ptsecurity
added 2026/05/19 12:0 a.m.13 views

PT-2026-42362

Summary A vulnerability in the Kong Ingress Controller KIC allows for the unauthorized exposure of sensitive plugin credentials through the diagnostics interface. Even when configured to redact sensitive information using --dump-sensitive-config=false, KIC fails to sanitize the Plugins field in...

4.9CVSS5.8AI score
Exploits0References3
packetstormnews
packetstormnews
added 2026/05/08 12:0 a.m.12 views

ingress-nginx Configuration Injection

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/rewrite-target Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible t...

8.8CVSS6.3AI score0.06669EPSS
Exploits1
cnnvd
cnnvd
added 2026/04/23 12:0 a.m.14 views

Contour 代码注入漏洞

Contour is an open-source Kubernetes ingress controller that uses Envoy proxies. Versions of Contour from v1.19.0 to v1.33.4, v1.32.5 before v1.32.5, and v1.31.6 before v1.31.6 had a code injection vulnerability. This vulnerability stemmed from the Cookie rewriting feature, which was vulnerable t...

8.1CVSS6AI score0.00481EPSS
Exploits0References1
wolfi
wolfi
added 2026/04/17 8:0 p.m.9 views

CVE-2026-27143 vulnerabilities

Vulnerabilities for packages: grafana-operator, container-object-storage-interface, regclient, redka, gatekeeper, git-credential-oauth, cert-manager, nri-consul, kubernetes, knative-operator, opencost, prometheus-operator, delve, docker-cli, pvc-autoresizer, dapr, grafana, kube-arangodb, rancher,...

9.8CVSS7AI score0.00536EPSS
Exploits0
wolfi
wolfi
added 2026/04/17 8:0 p.m.13 views

GHSA-CQRX-3M42-5P5W vulnerabilities

Vulnerabilities for packages: grafana-operator, container-object-storage-interface, regclient, redka, gatekeeper, git-credential-oauth, cert-manager, nri-consul, kubernetes, knative-operator, opencost, prometheus-operator, delve, docker-cli, pvc-autoresizer, dapr, grafana, kube-arangodb, rancher,...

6.1AI score
Exploits0
Rows per page
Query Builder