6399 matches found
WordPress Varnish/Nginx Proxy Caching <= 1.8.3 - Information Exposure
Razvan Stanga Varnish/Nginx Proxy Caching = 1.8.3 contains an insertion of sensitive information into sent data vulnerability caused by improper handling of embedded sensitive data, letting attackers retrieve sensitive information, exploit requires crafted requests. id: CVE-2025-62126 info: name:...
Ingress-Nginx Controller - Configuration Injection via Unsanitized Mirror Annotations
A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the mirror-target and mirror-host Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx...
Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-url` Annotation
A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the auth-url Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...
[SECURITY] [DLA 4667-1] nginx security update
Debian LTS Advisory DLA-4667-1 [email protected] https://www.debian.org/lts/security/ Carlos Henrique Lima Melara July 03, 2026 https://wiki.debian.org/LTS Package : nginx Version : 1.22.1-9+deb12u9 CVE ID : CVE-2026-42055 CVE-2026-48142 Debian Bug : 1140359 1140361 Multiple...
Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-tls-match-cn` Annotation
A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of...
Discourse Backup File Disclosure Via Default Nginx Configuration
Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use FileStore--LocalStore which means uploads and backups are stored locally on disk. If an attacker knows the name of the Discourse backup file, the attacker can trick...
Nginx UI - Broken Access Control
Network attackers can fully control nginx service, including config modification and service restart, leading to complete service takeover. id: CVE-2026-33032 info: name: Nginx UI - Broken Access Control author: DhiyaneshDk severity: critical description: | Network attackers can fully control ngi...
Nginx UI < 2.3.3 - Information Disclosure
Nginx UI 2.3.3 contains an information disclosure vulnerability caused by unauthenticated access to /api/backup endpoint exposing encryption keys in X-Backup-Security header, letting unauthenticated attackers download and decrypt full system backups. id: CVE-2026-27944 info: name: Nginx UI 2.3.3 ...
GHSA-JX8C-56MG-H6VP vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller...
GHSA-9H3P-52VH-959W vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller...
CVE-2026-24513 vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller...
GHSA-4G2F-XCPH-2335 vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller...
CVE-2026-24512 vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller...
CVE-2026-24514 vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller...
CVE-2026-1580 vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller...
GHSA-2PF9-VR92-6H3V vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller...
CVE-2026-24512 vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller, ingress-nginx-controller-fips...
CVE-2026-24514 vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller, ingress-nginx-controller-fips...
CVE-2026-24513 vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller, ingress-nginx-controller-fips...
GHSA-2PF9-VR92-6H3V vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller, ingress-nginx-controller-fips...