Ingress-NGINX Controller < 1.13.9 / 1.14.x < 1.14.5 / 1.15.x < 1.15.1 Configuration Injection

The version of Ingress-NGINX controller installed on the remote host is prior to 1.13.9, 1.14.5, or 1.15.1. It is, therefore, affected by a configuration injection vulnerability. A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject...

CVE-2026-33331 oRPC: Stored XSS in OpenAPI Reference Plugin via unescaped JSON.stringify

oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards. Prior to version 1.13.9, a stored cross-site scripting XSS vulnerability exists in the OpenAPI documentation generation of orpc. If an attacker can control any field within the OpenAPI specificati...

CVE-2026-33331 oRPC: Stored XSS in OpenAPI Reference Plugin via unescaped JSON.stringify

oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards. Prior to version 1.13.9, a stored cross-site scripting XSS vulnerability exists in the OpenAPI documentation generation of orpc. If an attacker can control any field within the OpenAPI specificati...

CVE-2026-33331 oRPC: Stored XSS in OpenAPI Reference Plugin via unescaped JSON.stringify

oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards. Prior to version 1.13.9, a stored cross-site scripting XSS vulnerability exists in the OpenAPI documentation generation of orpc. If an attacker can control any field within the OpenAPI specificati...

Nokogiri 安全漏洞

Nokogiri is an open source software library for parsing HTML and XML in Ruby. A security vulnerability exists in Nokogiri versions 1.13.8 and 1.13.9, which stems from a null pointer exception when parsing invalid markup due to a failure to check the return value of xmlTextReaderExpand in its...

DEBIAN-CVE-2019-11247

The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with...

openSUSE Security Update : nginx (openSUSE-2018-316)

This update for nginx to version 1.13.9 fixes the following issues : - CVE-2017-7529: nginx: Integer overflow in nginx range filter module allowed memory disclosure bsc1048265 This update also contains all updates and improvements in 1.13.9 upstream release. %NASLMINLEVEL 70300 C Tenable Network...