Lucene search
K

140 matches found

CVE
CVE
added yesterday14 views

CVE-2026-52865

CVE-2026-52865 affects the NGINX Ingress Controller. When processing Ingress or TransportServer resources, an authenticated remote attacker with write access to create/modify those resources can cause the NGINX Ingress Controller process to terminate, leading to a persistent crash loop in the con...

7.1CVSS6.2AI score
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-52865 NGINX Ingress Controller vulnerability

When NGINX Ingress Controller processes Ingress or TransportServer resources, an authenticated, remote attacker with permission to create or modify Ingress or TransportServer resources can cause the NGINX Ingress Controller process to terminate. Impact: The NGINX Ingress Controller control plane...

7.1CVSS
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-44680

When NGINX Ingress Controller is configured with Custom Resource Definitions CRDs or Ingress annotations, an injection vulnerability exists in the configuration generator of NGINX Ingress Controller. Multiple user-controllable fields are written into the generated NGINX configuration without...

8.7CVSS6.2AI score
Exploits0References1
F5 Networks
F5 Networks
added yesterday7 views

K000161837: Out-of-band Security Notification (July 15, 2026)

Security Advisory Description On July 15, 2026, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. Article CVE|...

9.2CVSS6.1AI score
Exploits0
F5 Networks
F5 Networks
added yesterday6 views

K000161834: NGINX Ingress Controller vulnerability CVE-2026-52865

Security Advisory Description When NGINX Ingress Controller processes Ingress or TransportServer resources, an authenticated, remote attacker with permission to create or modify Ingress or TransportServer resources can cause the NGINX Ingress Controller process to terminate. CVE-2026-52865 Impact...

7.1CVSS6.1AI score
Exploits0Affected Software1
F5 Networks
F5 Networks
added yesterday6 views

K000161800: NGINX Ingress Controller vulnerability CVE-2026-55723

Security Advisory Description When NGINX Ingress Controller is configured with Custom Resource Definitions CRDs or Ingress annotations, an injection vulnerability exists in the configuration generator of NGINX Ingress Controller. Multiple user-controllable fields are written into the generated...

8.7CVSS6.1AI score
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2026/06/17 1:53 p.m.77 views

K000161614: Out-of-band Security Notification (June 17, 2026)

Security Advisory Description On June 17, 2026, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. High CVEs Medi...

9.2CVSS6.2AI score0.03552EPSS
Exploits4
Snyk
Snyk
added 2026/05/20 7:7 p.m.10 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the diagnostics endpoint. An attacker can obtain sensitive secret-backed plugin configuration data by accessing this endpoint. Remediation There is no fixed version for...

6.1CVSS5.8AI score
Exploits0References3
Snyk
Snyk
added 2026/05/20 7:7 p.m.6 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the diagnostics endpoint. An attacker can obtain sensitive secret-backed plugin configuration data by accessing this endpoint. Remediation Upgrade...

6.1CVSS5.8AI score
Exploits0References3
OSV
OSV
added 2026/05/20 7:7 p.m.10 views

GO-2026-5010 Kong Ingress Controller for Kubernetes (KIC): Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint in github.com/kong/kubernetes-ingress-controller

Kong Ingress Controller for Kubernetes KIC: Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint in github.com/kong/kubernetes-ingress-controller...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.23 views

PT-2026-42386

Kong Ingress Controller for Kubernetes KIC: Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint in github.com/kong/kubernetes-ingress-controller...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/19 7:30 p.m.7 views

GHSA-M23H-6MWM-39M8 Kong Ingress Controller for Kubernetes (KIC): Cross-namespace TLS Secret Exfiltration in Gateways with GatewayClass missing `konghq.com/gatewayclass-unmanaged: 'true'` annotation

Summary A vulnerability in the Kong Ingress Controller KIC allows for the unauthorized exfiltration of TLS certificates and private keys across Kubernetes namespace boundaries. In "managed" mode where the GatewayClass lacks an unmanaged annotation, the Gateway TLS translator skips critical status...

6.9CVSS5.9AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/19 7:28 p.m.21 views

Kong Ingress Controller for Kubernetes (KIC): Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint

Summary A vulnerability in the Kong Ingress Controller KIC allows for the unauthorized exposure of sensitive plugin credentials through the diagnostics interface. Even when configured to redact sensitive information using --dump-sensitive-config=false, KIC fails to sanitize the Plugins field in...

5.8AI score
Exploits0References2Affected Software3
OSV
OSV
added 2026/05/19 7:28 p.m.13 views

GHSA-3278-C88V-XRH4 Kong Ingress Controller for Kubernetes (KIC): Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint

Summary A vulnerability in the Kong Ingress Controller KIC allows for the unauthorized exposure of sensitive plugin credentials through the diagnostics interface. Even when configured to redact sensitive information using --dump-sensitive-config=false, KIC fails to sanitize the Plugins field in...

4.9CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.13 views

PT-2026-42362

Summary A vulnerability in the Kong Ingress Controller KIC allows for the unauthorized exposure of sensitive plugin credentials through the diagnostics interface. Even when configured to redact sensitive information using --dump-sensitive-config=false, KIC fails to sanitize the Plugins field in...

4.9CVSS5.8AI score
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/05/08 12:0 a.m.12 views

ingress-nginx Configuration Injection

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/rewrite-target Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible t...

8.8CVSS6.3AI score0.06669EPSS
Exploits1
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.13 views

Contour 代码注入漏洞

Contour is an open-source Kubernetes ingress controller that uses Envoy proxies. Versions of Contour from v1.19.0 to v1.33.4, v1.32.5 before v1.32.5, and v1.31.6 before v1.31.6 had a code injection vulnerability. This vulnerability stemmed from the Cookie rewriting feature, which was vulnerable t...

8.1CVSS6AI score0.00481EPSS
Exploits0References1
Wolfi
Wolfi
added 2026/04/17 8:0 p.m.10 views

CVE-2026-27144 vulnerabilities

Vulnerabilities for packages: howdy-yall, net-kourier, gitaly, nri-consul, docker-cli, pvc-autoresizer, redka, envoy-gateway, kubeflow-katib, cloud-provider-aws, argo-cd, atlantis, http-echo, coredns, knative-eventing, gofumpt, cert-manager, apisix-ingress-controller, nats-top, cadvisor,...

7.1CVSS6.9AI score0.00261EPSS
Exploits0
Wolfi
Wolfi
added 2026/04/17 8:0 p.m.9 views

GHSA-CFP9-33RC-J74F vulnerabilities

Vulnerabilities for packages: howdy-yall, net-kourier, gitaly, nri-consul, docker-cli, pvc-autoresizer, redka, envoy-gateway, kubeflow-katib, cloud-provider-aws, argo-cd, atlantis, http-echo, coredns, knative-eventing, gofumpt, cert-manager, apisix-ingress-controller, nats-top, cadvisor,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/04/17 8:0 p.m.9 views

CVE-2026-27143 vulnerabilities

Vulnerabilities for packages: howdy-yall, net-kourier, gitaly, nri-consul, docker-cli, pvc-autoresizer, redka, envoy-gateway, kubeflow-katib, cloud-provider-aws, argo-cd, atlantis, http-echo, coredns, knative-eventing, gofumpt, cert-manager, apisix-ingress-controller, nats-top, cadvisor,...

9.8CVSS7AI score0.00536EPSS
Exploits0
Rows per page
Query Builder