305 matches found
EUVD-2023-30258
Malicious code in bioql PyPI...
EUVD-2024-38381
Malicious code in bioql PyPI...
EUVD-2024-38382
Malicious code in bioql PyPI...
EUVD-2024-38343
Malicious code in bioql PyPI...
EUVD-2024-38380
Malicious code in bioql PyPI...
EUVD-2024-38342
Malicious code in bioql PyPI...
CVE-2014-125116 HybridAuth 2.0.9 - 2.2.2 Unauthenticated RCE via install.php Configuration Injection
A remote code execution vulnerability exists in HybridAuth versions 2.0.9 through 2.2.2 due to insecure use of the install.php installation script. The script remains accessible after deployment and fails to sanitize input before writing to the application’s config.php file. An unauthenticated...
CVE-2014-125116
HybridAuth
Exploit for CVE-2025-24514
🔥 CVE-2025-24514 원격 취약점 점검 PoC 이 스크립트는 CVE-2025-24514 취약점ing...
CVE-2025-27818
A flaw was found in apache-kafka. This issue occurs due to improper handling of configuration data when using a Kafka client SASL JAAS, allowing an attacker with access to alterConfig for a cluster resource or Kafka Connect worker to inject arbitrary configuration. This injection can lead to the...
ABB M2M Gateway Arbitrary Configuration Injection in embedded Git (CVE-2023-29007)
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted .gitmodules file with submodule URLs that are longer than 1024 characters can used to exploit a bug in...
CVE-2018-20885
cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation SEC-416...
Arbitrary Code Execution (ACE)
k8s.io/ingress-nginx is vulnerable to Arbitrary Code Execution ACE . The vulnerability is due to improper handling of mirror-target and mirror-host annotations, allowing arbitrary configuration injection into nginx...
Vulnerabilities fixed in Kubernetes Ingress NGINX Controller
Kubernetes has fixed a number of vulnerabilities in the Ingress NGINX Controller. These vulnerabilities allow malicious actors to perform unauthenticated remote code execution RCE. The vulnerabilities are located in the ingress-nginx controller. These vulnerabilities include a critical remote cod...
Remote Code Execution Vulnerability in Ingress NGINX Controller (CNVD-2025-05885)
Ingress NGINX Controller is an open source portal controller that uses NGINX as a reverse proxy and load balancer. Ingress NGINX Controller suffers from a remote code execution vulnerability that stems from the mirror-target and mirror-host Ingress annotations can be used to inject arbitrary...
Remote Code Execution Vulnerability in Ingress NGINX Controller (CNVD-2025-05886)
Ingress NGINX Controller is an open source portal controller that uses NGINX as a reverse proxy and load balancer. Ingress NGINX Controller suffers from a remote code execution vulnerability that stems from auth-tls-match-cn Ingress annotations can be used to inject configurations, which could le...
BIT-NGINX-INGRESS-CONTROLLER-2025-1097 ingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of...
GO-2025-3568 ingress-nginx controller - configuration injection via unsanitized mirror annotations in k8s.io/ingress-nginx
ingress-nginx controller - configuration injection via unsanitized mirror annotations in k8s.io/ingress-nginx. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports fr...
GO-2025-3566 ingress-nginx controller - configuration injection via unsanitized auth-url annotation in k8s.io/ingress-nginx
ingress-nginx controller - configuration injection via unsanitized auth-url annotation in k8s.io/ingress-nginx. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...
GO-2025-3565 ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation in k8s.io/ingress-nginx
ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation in k8s.io/ingress-nginx. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...