Kubernetes ingress-nginx 安全漏洞

Kubernetes ingress-nginx is a Kubernetes entry controller open-sourced by the Cloud Native Computing Foundation. It uses NGINX as a reverse proxy and load balancer. There is a security vulnerability in Kubernetes ingress-nginx. This vulnerability stems from the...

Kubernetes ingress-nginx 安全漏洞

Kubernetes ingress-nginx is a Kubernetes entry controller open-sourced by the Cloud Native Computing Foundation. It uses NGINX as a reverse proxy and load balancer. There is a security vulnerability in Kubernetes ingress-nginx; this vulnerability stems from the rules.http.paths.path Ingress field...

CVE-2026-25134

Group-Office is an enterprise customer relationship management and groupware tool. Prior to 6.8.150, 25.0.82, and 26.0.5, the MaintenanceController exposes an action zipLanguage which takes a lang parameter and passes it directly to a system zip command via exec. This can be combined with uploadi...

CVE-2026-25134 Group-Office Argument Injection in MaintenanceController::actionZipLanguage

Group-Office is an enterprise customer relationship management and groupware tool. Prior to 6.8.150, 25.0.82, and 26.0.5, the MaintenanceController exposes an action zipLanguage which takes a lang parameter and passes it directly to a system zip command via exec. This can be combined with uploadi...

CVE-2026-25134

Group-Office <= 6.8.149, <= 25.0.81,

CVE-2026-25134 Group-Office Argument Injection in MaintenanceController::actionZipLanguage

Group-Office is an enterprise customer relationship management and groupware tool. Prior to 6.8.150, 25.0.82, and 26.0.5, the MaintenanceController exposes an action zipLanguage which takes a lang parameter and passes it directly to a system zip command via exec. This can be combined with uploadi...

GHSA-GX3X-VQ4P-MHHV cert-manager-controller DoS via Specially Crafted DNS Response

Impact The cert-manager-controller performs DNS lookups during ACME DNS-01 processing for zone discovery and propagation self-checks. By default, these lookups use standard unencrypted DNS. An attacker who can intercept and modify DNS traffic from the cert-manager-controller pod can insert a...

GO-2026-4378 Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName in github.com/zalando/skipper

Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName in github.com/zalando/skipper...

kernel: Linux kernel: Information disclosure and denial of service in Bluetooth HCI event handling

A flaw was found in the Linux kernel's Bluetooth component. A local attacker with low privileges could exploit a vulnerability in the Host Controller Interface HCI event processing. This issue arises from improper handling of command complete events with unknown opcodes, which can lead to the...

CVE-2022-50980

A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN...

CVE-2022-50980

CVE-2022-50980 affects Innomic VibroLine VLX and avibia AVLX devices. Affected component is the CAN bus configuration handling, where an unauthenticated adjacent attacker can switch between multiple configuration presets, potentially disrupting operations. The root cause is unauthenticated access...

CVE-2022-50980 Multiple Innomic VibroLine VLX and avibia AVLX allow unauthenticated configuration preset change via CAN

A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN...

CVE-2022-50980 Multiple Innomic VibroLine VLX and avibia AVLX allow unauthenticated configuration preset change via CAN

A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN...

EUVD-2022-55957

A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN...

CVE-2022-50980

A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN...

kernel: Linux kernel: Information disclosure and denial of service in Bluetooth HCI event handling

A flaw was found in the Linux kernel's Bluetooth component. A local attacker with low privileges could exploit a vulnerability in the Host Controller Interface HCI event processing. This issue arises from improper handling of command complete events with unknown opcodes, which can lead to the...

WordPress Geo Controller plugin <= 8.6.9 - Missing Authorization to Unauthenticated Shortcode Execution vulnerability

Missing Authorization to Unauthenticated Shortcode Execution vulnerability discovered by Lucio Sá in WordPress Plugin Geo Controller versions = 8.6.9...

CVE-2026-1734

A security flaw has been discovered in Zhong Bang CRMEB up to 5.6.3. This vulnerability affects unknown code of the file crmeb/app/api/controller/v1/CrontabController.php of the component crontab Endpoint. The manipulation results in missing authorization. The attack can be launched remotely. The...

PT-2026-5667

A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN...

PT-2026-5725

Name of the Vulnerable Software and Affected Versions Group-Office versions prior to 6.8.150 Group-Office versions prior to 25.0.82 Group-Office versions prior to 26.0.5 Description Group-Office is a customer relationship management and groupware tool. The MaintenanceController includes a...