CVE-2025-1097 - Ingress-NGINX `auth-tls-match-cn` Annotation Bypass—Arbitrary Code Execution & Secret Leakage
Published: June 2024
Product affected: Kubernetes Ingress-NGINX
CVE: CVE-2025-1097
A newly disclosed vulnerability (CVE-2025-1097) in Kubernetes’ Ingress-NGINX controller allows a user to inject malicious NGINX
CVE-2025-26512 - SnapCenter Privilege Escalation Vulnerability Explained & Exploited
NetApp’s SnapCenter is a popular backup and management tool used by enterprises worldwide to safeguard applications, databases, and files. But in early 2025, cybersecurity
CVE-2025-30162 - Cilium Gateway API Ingress Network Policy Bypass — Analysis, Exploit, and Mitigation
Published: June 2024
Background
Cilium is popular for Kubernetes networking, observability, and security. Its eBPF-based data plane makes it powerful and efficient. Cilium also integrates
CVE-2025-22223 - Exploiting Authorization Bypass in Spring Security 6.4.-6.4.3 Parameterized Type Annotations
Date: June 2024
Severity: High
Systems Affected: Spring Security 6.4., 6.4.1, 6.4.2, 6.4.3
Component: Method Security Annotations on
CVE-2025-30205 - How kanidim-provision Leaked Admin Credentials Through System Logs (Exclusive Deep Dive)
If you use kanidim-provision to help with user, group, or oauth2 provisioning via kanidm, there’s an important CVE you need to know about. CVE-2025-30205
Episode
00:00:00
00:00:00