CVE-2025-24514 - Critical RCE Exploit in ingress-nginx via `auth-url` Annotation — Details, PoC, and Protections
---
A new and severe security vulnerability, tracked as CVE-2025-24514, has been found in the popular ingress-nginx controller for Kubernetes. This vulnerability lets attackers inject
CVE-2025-1098 - Ingress-NGINX Annotation Vulnerability Lets Attackers Inject Code and Steal Kubernetes Secrets
Kubernetes users often depend on the popular ingress-nginx controller to expose HTTP and HTTPS routes from outside the cluster to services within. While ingress-nginx is
CVE-2025-1097 - Ingress-NGINX `auth-tls-match-cn` Annotation Bypass—Arbitrary Code Execution & Secret Leakage
Published: June 2024
Product affected: Kubernetes Ingress-NGINX
CVE: CVE-2025-1097
A newly disclosed vulnerability (CVE-2025-1097) in Kubernetes’ Ingress-NGINX controller allows a user to inject malicious NGINX
CVE-2025-26512 - SnapCenter Privilege Escalation Vulnerability Explained & Exploited
NetApp’s SnapCenter is a popular backup and management tool used by enterprises worldwide to safeguard applications, databases, and files. But in early 2025, cybersecurity
CVE-2025-30162 - Cilium Gateway API Ingress Network Policy Bypass — Analysis, Exploit, and Mitigation
Published: June 2024
Background
Cilium is popular for Kubernetes networking, observability, and security. Its eBPF-based data plane makes it powerful and efficient. Cilium also integrates
Episode
00:00:00
00:00:00