Discourse Backup File Disclosure Via Default Nginx Configuration

Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use FileStore--LocalStore which means uploads and backups are stored locally on disk. If an attacker knows the name of the Discourse backup file, the attacker can trick...

CVE-2026-8430 SPIP < 4.4.14 Remote Code Execution via nginx

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability through specific nginx...

Decidim's comments API allows access to all commentable resources

Impact The root level commentable field in the API allows access to all commentable resources within the platform, without any permission checks. All Decidim instances are impacted that have not secured the /api endpoint. The /api endpoint is publicly available with the default configuration...

CVE-2026-33027

Nginx UI (the web UI for Nginx) prior to version 2.3.4 is affected by improper handling of URL-encoded traversal sequences. When crafted paths are provided, the backend resolves them to the base Nginx configuration directory and can operate on the base directory (/etc/nginx). An authenticated use...

nginx-ui's Unauthenticated MCP Endpoint Allows Remote Nginx Takeover

Summary The nginx-ui MCP Model Context Protocol integration exposes two HTTP endpoints: /mcp and /mcpmessage. While /mcp requires both IP whitelisting and authentication AuthRequired middleware, the /mcpmessage endpoint only applies IP whitelisting - and the default IP whitelist is empty, which t...

Nginx Configuration Directory Vulnerable to Recursive Deletion via Improper Path Validation

Summary The nginx-ui configuration improperly handles URL-encoded traversal sequences. When specially crafted paths are supplied, the backend resolves them to the base Nginx configuration directory and executes the operation on the base directory /etc/nginx. In particular, this allows an...

EUVD-2026-17151

Nginx Configuration Directory Vulnerable to Recursive Deletion via Improper Path Validation...

Exploit for Improper Neutralization of Script in Attributes in a Web Page in Paloaltonetworks Pan-Os

CVE-2025-4615 — Technical Analysis & Proof of Concept Vulne...

BIT-NGINX-INGRESS-CONTROLLER-2026-4342 ingress-nginx comment-based nginx configuration injection

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...

CVE-2026-4342

The CVE-2026-4342 entry concerns ingress-nginx. A combination of Ingress annotations can inject configuration into nginx, enabling arbitrary code execution in the ingress-nginx controller and disclosure of Secrets accessible to the controller. Note that, in default installations, the controller c...

CVE-2026-4342 ingress-nginx comment-based nginx configuration injection

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...

PT-2026-26428

Name of the Vulnerable Software and Affected Versions ingress-nginx versions prior to v1.13.9, v1.14.5, and v1.15.1 Description A security issue exists in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code...

CVE-2026-3288

Summary: CVE-2026-3288 concerns ingress-nginx where the nginx.ingress.kubernetes.io/rewrite-target annotation can inject configuration into nginx, enabling arbitrary code execution in the ingress-nginx controller and disclosure of Secrets accessible to the controller. The default installation can...

CVE-2026-25739

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Versions prior to 3.3.10 are vulnerable to cross-site scripting when uploading certain file types as materials. Users should upgrade to version 3.3.10 to receive a patch. To apply the...

BIT-NGINX-INGRESS-CONTROLLER-2026-24512 ingress-nginx auth-method nginx configuration injection

A security issue was discovered in ingress-nginx where the rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note tha...

GO-2026-4426 ingress-nginx's `rules.http.paths.path` Ingress field can be used to inject configuration into nginx in k8s.io/ingress-nginx

ingress-nginx's rules.http.paths.path Ingress field can be used to inject configuration into nginx in k8s.io/ingress-nginx. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positi...

GO-2026-4423 ingress-nginx's `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx in k8s.io/ingress-nginx

ingress-nginx's nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx in k8s.io/ingress-nginx. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this ...

PT-2026-6527

ingress-nginx's nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx in k8s.io/ingress-nginx. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this ...

CVE-2026-1616

The $uri$args concatenation in nginx configuration file present in Open Security Issue Management OSIM prior v2025.9.0 allows path traversal attacks via query parameters...

CVE-2026-1616

The $uri$args concatenation in nginx configuration file present in Open Security Issue Management OSIM prior v2025.9.0 allows path traversal attacks via query parameters...