21 matches found
ROS-20260429-73-0041
A vulnerability in the incoming traffic controller in a Kubernetes ingress-nginx cluster is related to insufficient input validation. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code...
CVE-2026-4342
A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...
Ingress-NGINX Controller < 1.13.8 / 1.14.x < 1.14.4 / 1.15.x < 1.15.0 Configuration Injection
The version of Ingress-NGINX controller installed on the remote host is prior to 1.13.8, 1.14.4, or 1.15.0. It is, therefore, affected by a configuration injection vulnerability. A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/rewrite-target Ingress annotati...
EUVD-2025-8256
Malicious code in bioql PyPI...
Exploit for CVE-2025-1974
CVE-2025-1974 화이트햇 스쿨 3기 - 김소은 @salt318 https://github...
CVE-2025-2787
KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 a.k.a IngressNightmare vulnerability which affects the ingress-nginx component. In the worst case a complete takeover of the Kubernetes cluster is possible. Since the affected component is only reachable from within the cluster, i....
CVE-2025-2787
KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 a.k.a IngressNightmare vulnerability which affects the ingress-nginx component. In the worst case a complete takeover of the Kubernetes cluster is possible. Since the affected component is only reachable from within the cluster, i....
CVE-2025-2787
Technical details for CVE-2025-2787 are not publicly available in the provided documents. Monitor KNIME advisory and related sources for updates.
CVE-2025-2787 Ingress-nginx vulnerability in KNIME Business Hub
KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 a.k.a IngressNightmare vulnerability which affects the ingress-nginx component. In the worst case a complete takeover of the Kubernetes cluster is possible. Since the affected component is only reachable from within the cluster, i....
KNIME Business Hub 安全漏洞
KNIME Business Hub is KNIME's enterprise software for data science automation, deployment modeling, team collaboration and management workflows. KNIME Business Hub has a security vulnerability that stems from an Ingress-nginx component that could lead to a Kubernetes cluster takeover...
GO-2025-3565 ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation in k8s.io/ingress-nginx
ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation in k8s.io/ingress-nginx. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...
CVE-2025-1097
A flaw was found in ingress-nginx https://github.com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This issue can lead to arbitrary code execution in the context of the ingress-nginx controller and disclosure of Secrets...
ingress-nginx controller - auth secret file path traversal vulnerability
A security issue was discovered in ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities,...
GHSA-242M-6H72-7HGP ingress-nginx controller - auth secret file path traversal vulnerability
A security issue was discovered in ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities,...
GHSA-MGVX-RPFC-9MPV ingress-nginx admission controller RCE escalation
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. Note...
CVE-2025-1098
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the mirror-target and mirror-host Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx...
CVE-2025-1097
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of...
PT-2025-12715
Name of the Vulnerable Software and Affected Versions Ingress-nginx versions prior to 1.12.1, from 1.12.0-beta.0 before 1.12.1 Description Ingress-nginx is vulnerable to a critical remote code execution RCE vulnerability CVE-2025-1974 with a CVSS score of 9.8. This flaw allows unauthenticated...
PT-2025-12713
Name of the Vulnerable Software and Affected Versions ingress-nginx versions prior to 1.11.5 ingress-nginx versions 1.12.0-beta.0 through 1.12.0 Description A security issue exists where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This may allow a remo...
PT-2024-5586
Name of the Vulnerable Software and Affected Versions: ingress-nginx versions prior to 1.12 Description: A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects can bypass annotation validation to inject arbitrary commands and obtain the credentia...