Lucene search
K

12 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.17 views

EUVD-2023-1500

Malicious code in bioql PyPI...

7.6CVSS6.7AI score0.00694EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-4162

Malicious code in bioql PyPI...

5.9CVSS5.8AI score0.00894EPSS
Exploits0References4
OSV
OSV
added 2025/03/26 7:24 a.m.10 views

BIT-NGINX-INGRESS-CONTROLLER-2025-1098 ingress-nginx controller - configuration injection via unsanitized mirror annotations

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the mirror-target and mirror-host Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx...

8.8CVSS9.3AI score0.83066EPSS
Exploits7References4
OSV
OSV
added 2025/03/25 12:30 a.m.15 views

GHSA-VG63-W3P9-JC9M ingress-nginx controller - configuration injection via unsanitized mirror annotations

A security issue was discovered in ingress-nginx where the mirror-target and mirror-host Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to...

8.8CVSS7.9AI score0.83066EPSS
Exploits7References7
Github Security Blog
Github Security Blog
added 2025/03/25 12:30 a.m.17 views

ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation

A security issue was discovered in ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note th...

8.8CVSS8AI score0.34677EPSS
Exploits7References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/03/25 12:30 a.m.14 views

ingress-nginx controller - configuration injection via unsanitized auth-url annotation

A security issue was discovered in ingress-nginx where the auth-url Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that in the...

8.8CVSS8AI score0.31809EPSS
Exploits8References8Affected Software1
NVD
NVD
added 2025/03/25 12:15 a.m.14 views

CVE-2025-24513

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or...

4.8CVSS0.03517EPSS
Exploits0References2
CVE
CVE
added 2025/03/24 11:29 p.m.363 views

CVE-2025-24514

CVE-2025-24514 describes an unauthenticated vulnerability in ingress-nginx where the auth-url annotation injection can modify NGINX config, enabling arbitrary code execution in the ingress-nginx controller and disclosure of controller Secrets. Public PoCs/exploits exist (e.g., Exploit-DB entry 52...

8.8CVSS8AI score0.31809EPSS
Exploits8References3
Cvelist
Cvelist
added 2025/03/24 11:29 p.m.20 views

CVE-2025-24513 ingress-nginx controller - auth secret file path traversal vulnerability

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or...

4.8CVSS0.03517EPSS
Exploits0References1
CVE
CVE
added 2025/03/24 11:29 p.m.346 views

CVE-2025-24513

Technical details for CVE-2025-24513 are not provided in the given documents. Monitor for updates and subsequent disclosures to obtain affected products, root cause, impact, and fixes.

4.8CVSS7.3AI score0.03517EPSS
Exploits0References2
EUVD
EUVD
added 2025/03/24 11:29 p.m.8 views

EUVD-2025-8034

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of...

8.8CVSS7.9AI score0.34677EPSS
Exploits7References2
Positive Technologies
Positive Technologies
added 2025/03/23 12:0 a.m.8 views

PT-2025-12717

Name of the Vulnerable Software and Affected Versions ingress-nginx versions prior to v1.11.5 ingress-nginx versions from v1.12.0-beta.0 through v1.12.1 Description A security issue exists in ingress-nginx where the auth-url Ingress annotation can be exploited to inject configuration into nginx...

9.8CVSS7.7AI score0.99098EPSS
Exploits23References139
Rows per page
Query Builder