CVE CyberSecurity Database News (Page 149)

Mar 25, 2025 Exploit

CVE-2025-2725 - Critical Command Injection in H3C Magic NX Series Routers

TL;DR: A critical remote command injection vulnerability (CVE-2025-2725) was found in several H3C Magic routers, including the NX15, NX30 Pro, NX400, R301, and BE18000

Mar 25, 2025 RCE Exploit

CVE-2025-24514 - Critical RCE Exploit in ingress-nginx via `auth-url` Annotation — Details, PoC, and Protections

--- A new and severe security vulnerability, tracked as CVE-2025-24514, has been found in the popular ingress-nginx controller for Kubernetes. This vulnerability lets attackers inject

Mar 25, 2025 Exploit

CVE-2025-1098 - Ingress-NGINX Annotation Vulnerability Lets Attackers Inject Code and Steal Kubernetes Secrets

Kubernetes users often depend on the popular ingress-nginx controller to expose HTTP and HTTPS routes from outside the cluster to services within. While ingress-nginx is

Mar 25, 2025

CVE-2025-24513 - Exploiting Directory Traversal in Kubernetes ingress-nginx Admission Controller

Date: June 2024 Severity: High Affected project: kubernetes/ingress-nginx CVE: CVE-2025-24513 Overview A new security flaw, CVE-2025-24513, has been found in the popular ingress-nginx controller

Mar 25, 2025 API

CVE-2025-1974 - How Ingress-NGINX in Kubernetes Can Expose Your Secrets (And How Attackers Can Exploit It)

In mid-2025, a serious security vulnerability was found in Kubernetes, tracked as CVE-2025-1974. If you’re using the popular Kubernetes ingress-nginx controller, your cluster could