19038 matches found
Kubernetes ingress-nginx 安全漏洞
Kubernetes ingress-nginx is a Kubernetes entry controller open-sourced by the Cloud Native Computing Foundation. It uses NGINX as a reverse proxy and load balancer. There is a security vulnerability in Kubernetes ingress-nginx. This vulnerability stems from the...
PT-2026-6336
Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have a critical authorization boundary bypass in namespaced Kyverno Policy apiCall. The resolved urlPath is executed using the Kyverno admission controller ServiceAccount, with no...
Ziroom ZHOME A0101 命令注入漏洞
Ziroom ZHOME A0101 is a smart home hardware device developed by Ziroom Corporation. The version 1.0.1.0 of Ziroom ZHOME A0101 contains a command injection vulnerability. This vulnerability stems from the improper handling of the parameter “macType” in the “macAddrClone” function within the file...
Kubernetes ingress-nginx 安全漏洞
Kubernetes ingress-nginx is a Kubernetes entry controller open-sourced by the Cloud Native Computing Foundation. It uses NGINX as a reverse proxy and load balancer. There is a security vulnerability in Kubernetes ingress-nginx; this vulnerability stems from a denial-of-service condition in the...
CVE-2026-25134
Group-Office <= 6.8.149, <= 25.0.81,
CVE-2026-25134 Group-Office Argument Injection in MaintenanceController::actionZipLanguage
Group-Office is an enterprise customer relationship management and groupware tool. Prior to 6.8.150, 25.0.82, and 26.0.5, the MaintenanceController exposes an action zipLanguage which takes a lang parameter and passes it directly to a system zip command via exec. This can be combined with uploadi...
CVE-2026-25134 Group-Office Argument Injection in MaintenanceController::actionZipLanguage
Group-Office is an enterprise customer relationship management and groupware tool. Prior to 6.8.150, 25.0.82, and 26.0.5, the MaintenanceController exposes an action zipLanguage which takes a lang parameter and passes it directly to a system zip command via exec. This can be combined with uploadi...
CVE-2026-25134
Group-Office is an enterprise customer relationship management and groupware tool. Prior to 6.8.150, 25.0.82, and 26.0.5, the MaintenanceController exposes an action zipLanguage which takes a lang parameter and passes it directly to a system zip command via exec. This can be combined with uploadi...
GHSA-GX3X-VQ4P-MHHV cert-manager-controller DoS via Specially Crafted DNS Response
Impact The cert-manager-controller performs DNS lookups during ACME DNS-01 processing for zone discovery and propagation self-checks. By default, these lookups use standard unencrypted DNS. An attacker who can intercept and modify DNS traffic from the cert-manager-controller pod can insert a...
GO-2026-4378 Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName in github.com/zalando/skipper
Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName in github.com/zalando/skipper...
kernel: Linux kernel: Information disclosure and denial of service in Bluetooth HCI event handling
A flaw was found in the Linux kernel's Bluetooth component. A local attacker with low privileges could exploit a vulnerability in the Host Controller Interface HCI event processing. This issue arises from improper handling of command complete events with unknown opcodes, which can lead to the...
CVE-2022-50980
A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN...
CVE-2022-50980 Multiple Innomic VibroLine VLX and avibia AVLX allow unauthenticated configuration preset change via CAN
A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN...
CVE-2022-50980
CVE-2022-50980 affects Innomic VibroLine VLX and avibia AVLX devices. Affected component is the CAN bus configuration handling, where an unauthenticated adjacent attacker can switch between multiple configuration presets, potentially disrupting operations. The root cause is unauthenticated access...
CVE-2022-50980
A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN...
EUVD-2022-55957
A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN...
CVE-2022-50980 Multiple Innomic VibroLine VLX and avibia AVLX allow unauthenticated configuration preset change via CAN
A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN...
kernel: Linux kernel: Information disclosure and denial of service in Bluetooth HCI event handling
A flaw was found in the Linux kernel's Bluetooth component. A local attacker with low privileges could exploit a vulnerability in the Host Controller Interface HCI event processing. This issue arises from improper handling of command complete events with unknown opcodes, which can lead to the...
WordPress Geo Controller plugin <= 8.6.9 - Missing Authorization to Unauthenticated Shortcode Execution vulnerability
Missing Authorization to Unauthenticated Shortcode Execution vulnerability discovered by Lucio Sá in WordPress Plugin Geo Controller versions = 8.6.9...
CVE-2026-1734
A security flaw has been discovered in Zhong Bang CRMEB up to 5.6.3. This vulnerability affects unknown code of the file crmeb/app/api/controller/v1/CrontabController.php of the component crontab Endpoint. The manipulation results in missing authorization. The attack can be launched remotely. The...