Lucene search
K

8 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.17 views

EUVD-2023-1500

Malicious code in bioql PyPI...

7.6CVSS6.7AI score0.00694EPSS
Exploits0References7
OSV
OSV
added 2025/03/26 7:24 a.m.10 views

BIT-NGINX-INGRESS-CONTROLLER-2025-1098 ingress-nginx controller - configuration injection via unsanitized mirror annotations

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the mirror-target and mirror-host Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx...

8.8CVSS9.3AI score0.83066EPSS
Exploits7References4
Github Security Blog
Github Security Blog
added 2025/03/25 12:30 a.m.18 views

ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation

A security issue was discovered in ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note th...

8.8CVSS8AI score0.34677EPSS
Exploits7References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/03/25 12:30 a.m.15 views

ingress-nginx controller - configuration injection via unsanitized auth-url annotation

A security issue was discovered in ingress-nginx where the auth-url Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that in the...

8.8CVSS8AI score0.31809EPSS
Exploits8References8Affected Software1
NVD
NVD
added 2025/03/25 12:15 a.m.14 views

CVE-2025-24513

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or...

4.8CVSS0.03517EPSS
Exploits0References2
CVE
CVE
added 2025/03/24 11:29 p.m.364 views

CVE-2025-24514

CVE-2025-24514 describes an unauthenticated vulnerability in ingress-nginx where the auth-url annotation injection can modify NGINX config, enabling arbitrary code execution in the ingress-nginx controller and disclosure of controller Secrets. Public PoCs/exploits exist (e.g., Exploit-DB entry 52...

8.8CVSS8AI score0.31809EPSS
Exploits8References3
CVE
CVE
added 2025/03/24 11:29 p.m.348 views

CVE-2025-24513

Technical details for CVE-2025-24513 are not provided in the given documents. Monitor for updates and subsequent disclosures to obtain affected products, root cause, impact, and fixes.

4.8CVSS7.3AI score0.03517EPSS
Exploits0References2
EUVD
EUVD
added 2025/03/24 11:29 p.m.8 views

EUVD-2025-8034

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of...

8.8CVSS7.9AI score0.34677EPSS
Exploits7References2
Rows per page
Query Builder