GO-2026-4423 ingress-nginx's `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx in k8s.io/ingress-nginx

ingress-nginx's nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx in k8s.io/ingress-nginx. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this ...

Enhancesoft osTicket cross-site scripting vulnerability (CNVD-2020-49350)

Enhancesoft osTicket is a U.S. Enhancesoft's open source ticketing system. A cross-site scripting vulnerability exists in versions prior to Enhancesoft osTicket 1.14.3. The vulnerability is related to the affected version failing to properly validate client data. Because of an unvalidated echo $...

CVE-2004-0422

CVE-2004-0422 concerns the flim Emacs library, where temporary files are created insecurely (before 1.14.3), allowing a local user to overwrite arbitrary files via a symlink attack. Public advisories document that this could enable local privilege impact, with a CVSS v2 base score of 2.1 (LOW). R...