CVE-2026-8364 Gladinet Triofox Missing Authentication for Critical Functions

Gladinet Triofox Cloud Server Agent Access Service GladServerAgentService.exe listens on TCP port 7878 and processes remote HTTP messages with URL paths starting with /resources, /status, /sysinfo, /woshome, /Settings, /schedule, or /DavCache...

CVE-2026-24512

A security issue was discovered in ingress-nginx where the rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note tha...

CVE-2026-24512 ingress-nginx auth-method nginx configuration injection

A security issue was discovered in ingress-nginx where the rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note tha...

Code injection

A lack of custom error pages vulnerability CWE-756 in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTPs paths...

Authentication Bypass

github.com/istio/proxy is vulnerable to authentication bypass. The vulnerability exists as the Authentication Policy's exact-path matching logic allows unauthorized access to HTTP paths using an invalid JWT token...

CVE-2020-8595

Istio versions 1.2.10 End of Life and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. The Authentication Policy exact-path matching logic can allow unauthorized access to HTTP paths even if they are configured to be only accessed after presenting a valid JWT token. F...

Authentication flaw

Istio versions 1.2.10 End of Life and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. The Authentication Policy exact-path matching logic can allow unauthorized access to HTTP paths even if they are configured to be only accessed after presenting a valid JWT token. F...

CVE-2020-8595

CVE-2020-8595 affects Istio: authentication bypass via the Authentication Policy exact-path matching logic in Istio versions 1.2.10 (End of Life) and earlier, 1.3.x up to 1.3.7, and 1.4.x up to 1.4.3. An attacker can gain unauthorized access to HTTP paths configured to require a valid JWT by mani...

CVE-2020-8595

Istio versions 1.2.10 End of Life and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. The Authentication Policy exact-path matching logic can allow unauthorized access to HTTP paths even if they are configured to be only accessed after presenting a valid JWT token. F...