11404 matches found
CVE-2026-1580
A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to t...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation via the nginx.ingress.kubernetes.io/auth-method annotation, which allows injection of configuration into nginx. An attacker can execute arbitrary code in the context of the ingress controller and access sensiti...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation via the nginx.ingress.kubernetes.io/auth-method annotation, which allows injection of configuration into nginx. An attacker can execute arbitrary code in the context of the ingress controller and access sensiti...
CVE-2026-24512 ingress-nginx auth-method nginx configuration injection
A security issue was discovered in ingress-nginx where the rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note tha...
CVE-2026-24512
Ingress-NGINX Controller vulnerability CVE-2026-24512: the rules.http.paths.path Ingress field can inject configuration into nginx, enabling arbitrary code execution and access to controller-scoped Secrets. Affected versions include k8s.io/ingress-nginx before 1.13.7 and 1.14.x before 1.14.3; rem...
CVE-2026-1580 ingress-nginx auth-method nginx configuration injection
A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to t...
CVE-2026-1580 ingress-nginx auth-method nginx configuration injection
A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to t...
CVE-2026-1580
A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to t...
CVE-2026-1580
CVE-2026-1580 affects the ingress-nginx controller. The vulnerability arises from the nginx.ingress.kubernetes.io/auth-method Ingress annotation, which can be used to inject configuration into nginx, enabling arbitrary code execution in the controller context and disclosure of Secrets accessible ...
CVE-2020-37085
VirtualTablet Server 3.0.2 contains a denial of service vulnerability that allows attackers to crash the service by sending oversized string payloads through the Thrift protocol. Attackers can exploit the vulnerability by sending a long string to the sendsay method, causing the server to become...
CVE-2020-37085
VirtualTablet Server 3.0.2 contains a denial of service vulnerability that allows attackers to crash the service by sending oversized string payloads through the Thrift protocol. Attackers can exploit the vulnerability by sending a long string to the sendsay method, causing the server to become...
CVE-2020-37085 VirtualTablet Server 3.0.2 - Denial of Service (PoC)
VirtualTablet Server 3.0.2 contains a denial of service vulnerability that allows attackers to crash the service by sending oversized string payloads through the Thrift protocol. Attackers can exploit the vulnerability by sending a long string to the sendsay method, causing the server to become...
CVE-2020-37085
CVE-2020-37085 affects VirtualTablet Server 3.0.2. It describes a denial-of-service condition: sending oversized string payloads via the Thrift protocol, specifically by a long string to the send_say() method, causes the server to become unresponsive. The provided sources do not include a remedia...
CVE-2020-37085 VirtualTablet Server 3.0.2 - Denial of Service (PoC)
VirtualTablet Server 3.0.2 contains a denial of service vulnerability that allows attackers to crash the service by sending oversized string payloads through the Thrift protocol. Attackers can exploit the vulnerability by sending a long string to the sendsay method, causing the server to become...
CVE-2026-25503
CVE-2026-25503 involves iccDEV libraries that handle ICC color management profiles. Prior to version 2.3.1.2, a type confusion in CIccTagEmbeddedHeightImage::Validate() could cause malformed ICC profiles to trigger undefined behavior when loading invalid icImageEncodingType values, resulting in a...
CVE-2026-25486 Craft Commerce has Stored XSS in Shipping Methods Name Field Leading to Potential Privilege Escalation
Craft Commerce is an ecommerce platform for Craft CMS. From version 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Shipping Methods Name field in the Store Management section is n...
Exploit for CVE-2026-25746
CVE-2026-25746 - SQL Injection Vulnerability in OpenEMR Weak...
CLSA-2026-1770116781 java-1.8.0-openjdk: Fix of 5 CVEs
CVE-2026-21945: security component vulnerability allowing unauthenticated attackers with network access to cause denial of service - CVE-2026-21933: networking component vulnerability allowing unauthenticated attackers with network access to compromise confidentiality and integrity -...
USN-7998-1: OpenJDK 17 vulnerabilities
It was discovered that the RMI component of OpenJDK 17 would establish RMI TCP endpoint connections to a remote host without setting an endpoint identification algorithm. An unauthenticated remote attacker could possibly use this issue to steal sensitive information. CVE-2026-21925 Mingijung...
📄 Flask-Uploads 0.2.1 Path Traversal / Arbitrary File Write
Flask-Uploads versions 0.2.1 and below Metasploit module that exploits a path traversal vulnerability to achieve an arbitrary file write. ============================================================================================================================================= | Title :...