9.8
CVE-2025-27832 - Ghostscript: NPDL device: Compression buffer overflow
An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c.
7.5
CVE-2024-44903 -
SQL Injection can occur in the SirsiDynix Horizon Information Portal (IPAC20) through 3.25_9382; however, a patch is available from the vendor. This is in ipac.jsp in a SELECT WHERE statement, in a part of the uri= variable in the second part of the full= inner variable.
3.3
CVE-2025-2720 - libgsf: GNOME libgsf gsf_base64_encode_simple uninitialized variable
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: According to the code maintainer the call of the POC is invalid because the buffer pointed to by "data" must have "β¦
5.1
CVE-2025-2717 - D-Link DIR-823X HTTP POST Request diag_nslookup sub_41710C os command injection
A vulnerability, which was classified as critical, has been found in D-Link DIR-823X 240126/240802. This issue affects the function sub_41710C of the file /goform/diag_nslookup of the component HTTP POST Request Handler. The manipulation of the argument target_addr leads to os command injection. Thβ¦
8.8
CVE-2025-24514 - ingress-nginx controller - configuration injection via unsanitized auth-url annotation
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets β¦
4.8
CVE-2025-24513 - ingress-nginx controller - auth secret file path traversal vulnerability
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, orβ¦
8.8
CVE-2025-1098 - ingress-nginx controller - configuration injection via unsanitized mirror annotations
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx contβ¦
8.8
CVE-2025-1097 - ingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure ofβ¦
9.8
CVE-2025-1974 - ingress-nginx admission controller RCE escalation
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note thβ¦
5.1
CVE-2025-2716 - China Mobile P22g-CIac Samba Path path traversal
A vulnerability classified as problematic was found in China Mobile P22g-CIac 1.0.00.488. This vulnerability affects unknown code of the component Samba Path Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and mayβ¦