320 matches found
Ingress-Nginx Controller - Configuration Injection via Unsanitized Mirror Annotations
A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the mirror-target and mirror-host Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx...
Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-url` Annotation
A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the auth-url Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...
Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-tls-match-cn` Annotation
A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of...
Coder < 2.29.17 / 2.30.x < 2.32.7 / 2.33.x < 2.33.8 / 2.34.x < 2.34.2 Multiple Vulnerabilities
The version of Coder installed on the remote host is prior to 2.29.17, 2.32.7, 2.33.8, or 2.34.2. It is, therefore, affected by multiple vulnerabilities: - A user-admin role can reset the owner account password, resulting in privilege escalation from user-admin to owner. CVE-2026-55077 - A...
SSH Configuration Injection
Coder is vulnerable to SSH Configuration Injection. The vulnerability is due to coder config-ssh writing server-supplied HostnameSuffix and SSHConfigOptions into the user's /.ssh/config without properly sanitizing embedded newlines or restricting SSH directives, which allows an attacker controlli...
CVE-2026-55427
Coder exposes SSH config injection risk via the config-ssh command: before 2.34.2, 2.33.8, 2.32.7, and 2.29.17, server-supplied values for HostnameSuffix and SSHConfigOptions could be written into ~/.ssh/config without rejecting newlines or restricting directives. This could enable a malicious or...
Linux Distros Unpatched Vulnerability : CVE-2026-13006
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.36 in Java applications, allows an attacke...
CVE-2026-0864 Configuration Injection via Carriage Return (\r) in write() method
When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...
CVE-2026-0864 Configuration Injection via Carriage Return (\r) in write() method
When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...
BIT-NGINX-GATEWAY-FABRIC-2026-50107 NGINX Gateway Fabric vulnerability
When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition CRD access log format...
Linux Distros Unpatched Vulnerability : CVE-2026-11311
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of...
CVE-2026-50107
When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition CRD access log format...
K000161611: NGINX Gateway Fabric vulnerability CVE-2026-11311
Security Advisory Description When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens...
Radius Controller May Delete a Container Resource via an Injected Deployment Annotation (Multi-Tenant Installs)
Radius Controller May Delete a Container Resource via an Injected Deployment Annotation Multi-Tenant Installs Summary A configuration-validation issue in the Radius Kubernetes controller can cause it to issue a DELETE for the container resource referenced by a tampered radapp.io/status annotation...
CVE-2026-49959 Hermes WebUI < 0.51.311 RCE via Git Configuration Injection
Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in...
CVE-2026-49959 Hermes WebUI < 0.51.311 RCE via Git Configuration Injection
Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in...
CVE-2026-11332
A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags through the src field...
CVE-2026-1784
The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration...
EUVD-2026-33883
The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration...
CVE-2026-1784
The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration...