Directory Traversal

k8s.io/ingress-nginxx is vulnerable to Directory traversal. The vulnerability is due to the ingress-nginx Admission Controller including attacker-provided data in a filename, allowing traversal within the container...

Arbitrary Code Execution (ACE)

k8s.io/ingress-nginx is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to improper validation and sanitization of user-supplied input in the auth-url Ingress annotation, allowing attackers to inject arbitrary nginx configuration directives...

Ubuntu: Security Advisory (USN-7285-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7285-2: nginx vulnerability

USN-7285-1 fixed vulnerabilities in nginx. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: It was discovered that nginx incorrectly handled when multiple server blocks are configured to share the same IP address and port. An attacker could use this...

USN-7285-2 nginx vulnerability

USN-7285-1 fixed vulnerabilities in nginx. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: It was discovered that nginx incorrectly handled when multiple server blocks are configured to share the same IP address and port. An attacker could use this...

Kubernetes Ingress NGINX Controller Arbitrary Code Execution (CVE-2025-1974)

Binary data kubernetescve-2025-1974.nbin...

⚡ Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More

Every week, someone somewhere slips up—and threat actors slip in. A misconfigured setting, an overlooked vulnerability, or a too-convenient cloud tool becomes the perfect entry point. But what happens when the hunters become the hunted? Or when old malware resurfaces with new tricks? Step behind...

Exploit for CVE-2025-1974

CVE-2025-1974: Kubernetes Ingress Nginx Controller 취약점 분석 및 Po...

Ingress-Nginx Admission Controller RCE Escalation

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. Note...

AlmaLinux 9 : nginx:1.22 (ALSA-2025:3261)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:3261 advisory. nginx: specially crafted MP4 file may cause denial of service CVE-2024-7347 Tenable has extracted the preceding description block directly from the AlmaLinux...

SUSE CVE-2025-1097

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of...

SUSE CVE-2025-1098

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the mirror-target and mirror-host Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx...

SUSE CVE-2025-1974

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. Note...

SUSE CVE-2025-24513

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or...

SUSE CVE-2025-24514

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the auth-url Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...

RHEL 9 : nginx:1.24 (RHSA-2025:3262)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3262 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...

RHEL 9 : nginx:1.22 (RHSA-2025:3261)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3261 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...

CVE-2025-2787

KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 a.k.a IngressNightmare vulnerability which affects the ingress-nginx component. In the worst case a complete takeover of the Kubernetes cluster is possible. Since the affected component is only reachable from within the cluster, i....

Ingress NGINX Admission Controller Web Detection

Binary data ingressnginxadmissioncontrollerwebdetect.nbin...

Amazon Linux 2 : nginx (ALASNGINX1-2025-008)

The version of nginx installed on the remote host is prior to 1.26.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NGINX1-2025-008 advisory. When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to...