Exploit for CVE-2025-1097

Exploit for Ingress NGINX - IngressNightmare This project pr...

Exploit for CVE-2025-1974

POC of IngressNightmare, RCE in Ingress NGINX CVE-2025-1974...

Moderate: Red Hat Security Advisory: nginx:1.24 security update

An update for the nginx:1.24 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

nginx: specially crafted MP4 file may cause denial of service

A flaw was found in the ngxhttpmp4module module of Nginx. Processing a specially crafted MP4 file can trigger a buffer over-read and cause the nginx process to terminate, resulting in a denial of service...

nginx: specially crafted MP4 file may cause denial of service

A flaw was found in the ngxhttpmp4module module of Nginx. Processing a specially crafted MP4 file can trigger a buffer over-read and cause the nginx process to terminate, resulting in a denial of service...

Moderate: Red Hat Security Advisory: nginx:1.22 security update

An update for the nginx:1.22 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

BIT-NGINX-INGRESS-CONTROLLER-2025-1097 ingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of...

BIT-NGINX-INGRESS-CONTROLLER-2025-1098 ingress-nginx controller - configuration injection via unsanitized mirror annotations

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the mirror-target and mirror-host Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx...

BIT-NGINX-INGRESS-CONTROLLER-2025-1974 ingress-nginx admission controller RCE escalation

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. Note...

BIT-NGINX-INGRESS-CONTROLLER-2025-24513 ingress-nginx controller - auth secret file path traversal vulnerability

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or...

BIT-NGINX-INGRESS-CONTROLLER-2025-24514 ingress-nginx controller - configuration injection via unsanitized auth-url annotation

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the auth-url Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...

Exploit for CVE-2025-1974

Ingress Nightmare CVE-2025-1907 Description This vulnerab...

Kubernetes Ingress NGINX Controller Installed (Linux)

Binary data kubernetesingressnginxcontrollerlinuxinstalled.nbin...

KNIME Business Hub 安全漏洞

KNIME Business Hub is KNIME's enterprise software for data science automation, deployment modeling, team collaboration and management workflows. KNIME Business Hub has a security vulnerability that stems from an Ingress-nginx component that could lead to a Kubernetes cluster takeover...

PT-2025-13007 · Unknown +1 · Ingress-Nginx +2

Name of the Vulnerable Software and Affected Versions: KNIME Business Hub versions prior to 1.10.4 KNIME Business Hub versions prior to 1.11.4 KNIME Business Hub versions prior to 1.12.4 KNIME Business Hub versions prior to 1.13.3 Description: The issue affects the ingress-nginx component,...

Medium: nginx

Issue Overview: When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...

Ingress-NGINX controller < 1.11.5 / 1.12 < 1.12.1 Multiple Vulnerabilities

The version of Ingres-NGINX controller installed on the remote host is prior to 1.11.5/1.12.1. It is, therefore, affected by multiple vulnerabilities as referenced as Ingress Nightmare. - A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker wit...

Debian: Security Advisory (DLA-4091-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ALSA-2025:3261 Moderate: nginx:1.22 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: specially crafted MP4 file may cause denial of service CVE-2024-7347 For more details about the security issues, including the impact, a...

Moderate: nginx:1.24 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: specially crafted MP4 file may cause denial of service CVE-2024-7347 For more details about the security issues, including the impact, a...