CVE-2025-14727

A vulnerability exists in NGINX Ingress Controller's nginx.org/rewrite-target annotation validation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-14727

CVE-2025-14727 affects the NGINX Ingress Controller due to improper validation of the nginx.org/rewrite-target annotation, enabling a path traversal style issue. The F5 advisory notes that the vulnerability is present in the 5.x line (5.3.0) and fixes were introduced in 5.3.1; other branches have...

CVE-2025-14727 NGINX Ingress Controller vulnerability

A vulnerability exists in NGINX Ingress Controller's nginx.org/rewrite-target annotation validation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-14727 NGINX Ingress Controller vulnerability

A vulnerability exists in NGINX Ingress Controller's nginx.org/rewrite-target annotation validation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

K000158176: NGINX Ingress Controller vulnerability CVE-2025-14727

Security Advisory Description A vulnerability exists in the NGINX Ingress Controller nginx . org/rewrite-target annotation validation. CVE-2025-14727 Note : Support for path rewrites using the nginx . org/rewrite-target annotation was added in NGINX Ingress Controller version 5.3.0. For more...

CVE-2025-67643

Jenkins Redpen - Pipeline Reporter for Jira Plugin 1.054.v7b9517b6b202 and earlier does not correctly perform path validation of the workspace directory while uploading artifacts to Jira, allowing attackers with Item/Configure permission to retrieve files present on the Jenkins controller workspa...

CVE-2025-14700

An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection...

CVE-2025-14701

An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification...

SUSE CVE-2025-68265

In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin requestqueue lifetime The namespaces can access the controller's admin requestqueue, and stale references on the namespaces may exist after tearing down the controller. Ensure the admin requestqueue is active by...

CVE-2025-14700

CVE-2025-14700 affects Crafty Controller 4.6.1 in the Webhook Template component. The supplied documents describe an input neutralization vulnerability that enables authenticated attackers to achieve remote code execution via Server-Side Template Injection (SSTI). Multiple sources (NVD/Red Hat/CV...

CVE-2025-14700 Improper Neutralization of Special Elements Used in a Template Engine in Crafty Controller

An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection...

EUVD-2025-203859

An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection...

CVE-2025-14700 Improper Neutralization of Special Elements Used in a Template Engine in Crafty Controller

An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection...

CVE-2025-14700 Improper Neutralization of Special Elements Used in a Template Engine in Crafty Controller

An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection...

CVE-2025-14701 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafty Controller

An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification...

CVE-2025-14701 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafty Controller

An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification...

CVE-2025-14701

CVE-2025-14701 affects Crafty Controller’s Server MOTD component. The issue is improper input neutralization that enables a remote, unauthenticated attacker to perform stored XSS by modifying the server MOTD. CVSS v3.1 base score 7.1 (HIGH) with network attack vector, no privileges required, user...

EUVD-2025-203860

An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification...

CVE-2025-14701 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafty Controller

An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification...

PT-2025-51794

Name of the Vulnerable Software and Affected Versions Crafty Controller version 4.6.1 Description An input neutralization issue exists within the Webhook Template component of Crafty Controller. This allows a remote, authenticated attacker to execute code on the system through Server Side Templat...