Lucene search
K

21 matches found

Redos
Redos
added 2026/04/29 12:0 a.m.9 views

ROS-20260429-73-0041

A vulnerability in the incoming traffic controller in a Kubernetes ingress-nginx cluster is related to insufficient input validation. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code...

8.8CVSS6.8AI score0.01494EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/03/26 2:58 p.m.8 views

CVE-2026-4342

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...

8.8CVSS6.4AI score0.01494EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/03/12 12:0 a.m.16 views

Ingress-NGINX Controller < 1.13.8 / 1.14.x < 1.14.4 / 1.15.x < 1.15.0 Configuration Injection

The version of Ingress-NGINX controller installed on the remote host is prior to 1.13.8, 1.14.4, or 1.15.0. It is, therefore, affected by a configuration injection vulnerability. A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/rewrite-target Ingress annotati...

8.8CVSS7.7AI score0.06669EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-8256

Malicious code in bioql PyPI...

8.7CVSS6.8AI score0.00471EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2025/04/27 5:7 a.m.295 views

Exploit for CVE-2025-1974

CVE-2025-1974 화이트햇 스쿨 3기 - 김소은 @salt318 https://github...

9.8CVSS7.4AI score0.99098EPSS
Exploits21
RedhatCVE
RedhatCVE
added 2025/03/28 9:33 p.m.112 views

CVE-2025-2787

KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 a.k.a IngressNightmare vulnerability which affects the ingress-nginx component. In the worst case a complete takeover of the Kubernetes cluster is possible. Since the affected component is only reachable from within the cluster, i....

9.8CVSS6.9AI score0.99098EPSS
Exploits20References1
NVD
NVD
added 2025/03/26 9:15 p.m.32 views

CVE-2025-2787

KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 a.k.a IngressNightmare vulnerability which affects the ingress-nginx component. In the worst case a complete takeover of the Kubernetes cluster is possible. Since the affected component is only reachable from within the cluster, i....

8.8CVSS0.00471EPSS
Exploits0References1
CVE
CVE
added 2025/03/26 9:8 p.m.96 views

CVE-2025-2787

Technical details for CVE-2025-2787 are not publicly available in the provided documents. Monitor KNIME advisory and related sources for updates.

8.8CVSS6.9AI score0.00471EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/26 9:8 p.m.18 views

CVE-2025-2787 Ingress-nginx vulnerability in KNIME Business Hub

KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 a.k.a IngressNightmare vulnerability which affects the ingress-nginx component. In the worst case a complete takeover of the Kubernetes cluster is possible. Since the affected component is only reachable from within the cluster, i....

8.7CVSS6.2AI score0.00471EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/26 12:0 a.m.5 views

KNIME Business Hub 安全漏洞

KNIME Business Hub is KNIME's enterprise software for data science automation, deployment modeling, team collaboration and management workflows. KNIME Business Hub has a security vulnerability that stems from an Ingress-nginx component that could lead to a Kubernetes cluster takeover...

8.8CVSS6.7AI score0.00471EPSS
Exploits0References2
OSV
OSV
added 2025/03/25 7:38 p.m.21 views

GO-2025-3565 ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation in k8s.io/ingress-nginx

ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation in k8s.io/ingress-nginx. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...

8.8CVSS8.7AI score0.34677EPSS
Exploits7References6
RedhatCVE
RedhatCVE
added 2025/03/25 3:25 p.m.14 views

CVE-2025-1097

A flaw was found in ingress-nginx https://github.com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This issue can lead to arbitrary code execution in the context of the ingress-nginx controller and disclosure of Secrets...

8.8CVSS7.8AI score0.34677EPSS
Exploits7References4
Github Security Blog
Github Security Blog
added 2025/03/25 12:30 a.m.20 views

ingress-nginx controller - auth secret file path traversal vulnerability

A security issue was discovered in ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities,...

4.8CVSS7.3AI score0.03517EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2025/03/25 12:30 a.m.12 views

GHSA-242M-6H72-7HGP ingress-nginx controller - auth secret file path traversal vulnerability

A security issue was discovered in ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities,...

4.8CVSS7.3AI score0.03517EPSS
Exploits0References7
OSV
OSV
added 2025/03/25 12:30 a.m.56 views

GHSA-MGVX-RPFC-9MPV ingress-nginx admission controller RCE escalation

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. Note...

9.8CVSS8AI score0.99098EPSS
Exploits20References10
NVD
NVD
added 2025/03/25 12:15 a.m.19 views

CVE-2025-1098

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the mirror-target and mirror-host Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx...

8.8CVSS0.83066EPSS
Exploits7References3
NVD
NVD
added 2025/03/25 12:15 a.m.19 views

CVE-2025-1097

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of...

8.8CVSS0.34677EPSS
Exploits7References3
Positive Technologies
Positive Technologies
added 2025/03/23 12:0 a.m.6 views

PT-2025-12715

Name of the Vulnerable Software and Affected Versions Ingress-nginx versions prior to 1.12.1, from 1.12.0-beta.0 before 1.12.1 Description Ingress-nginx is vulnerable to a critical remote code execution RCE vulnerability CVE-2025-1974 with a CVSS score of 9.8. This flaw allows unauthenticated...

9.8CVSS8.1AI score0.99098EPSS
Exploits20References328
Positive Technologies
Positive Technologies
added 2025/03/23 12:0 a.m.6 views

PT-2025-12713

Name of the Vulnerable Software and Affected Versions ingress-nginx versions prior to 1.11.5 ingress-nginx versions 1.12.0-beta.0 through 1.12.0 Description A security issue exists where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This may allow a remo...

9.8CVSS7.1AI score0.99098EPSS
Exploits23References133
Positive Technologies
Positive Technologies
added 2024/08/16 12:0 a.m.5 views

PT-2024-5586

Name of the Vulnerable Software and Affected Versions: ingress-nginx versions prior to 1.12 Description: A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects can bypass annotation validation to inject arbitrary commands and obtain the credentia...

9CVSS9.7AI score0.27018EPSS
Exploits0References57
Rows per page
Query Builder