24h | 7d | 30d

Overview

  • ESXi

04 Mar 2025
Published
21 Oct 2025
Updated

CVSS v3.1
HIGH (7.1)
EPSS
4.11%

Description

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.

Statistics

  • 2 Posts

Last activity: 6 hours ago

Bluesky

Profile picture fallback
Broadcom patched this ESXi arbitrary-write vulnerability (tracked as CVE-2025-22225) almost one year ago, in March 2025, alongside a memory leak (CVE-2025-22226) and a TOCTOU flaw (CVE-2025-22224), and tagged them all as actively exploited zero-days. www.bleepingcomputer.com/news/securit...
  • 0
  • 0
  • 1
  • 6h ago

Overview

  • VMware
  • ESXi

04 Mar 2025
Published
21 Oct 2025
Updated

CVSS v3.1
CRITICAL (9.3)
EPSS
57.74%

Description

VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

Statistics

  • 2 Posts

Last activity: 6 hours ago

Bluesky

Profile picture fallback
Broadcom patched this ESXi arbitrary-write vulnerability (tracked as CVE-2025-22225) almost one year ago, in March 2025, alongside a memory leak (CVE-2025-22226) and a TOCTOU flaw (CVE-2025-22224), and tagged them all as actively exploited zero-days. www.bleepingcomputer.com/news/securit...
  • 0
  • 0
  • 1
  • 6h ago

Overview

  • Kubernetes
  • ingress-nginx

03 Feb 2026
Published
05 Feb 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.10%

KEV

Description

A security issue was discovered in ingress-nginx cthe `rules.http.paths.path` Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

Statistics

  • 2 Posts

Last activity: 22 hours ago

Bluesky

Profile picture fallback
🔴 CVE-2026-1580 and CVE-2026-24512 allow for config #injection via the "nginx.ingress.kubernetes.io/auth-method" ingress annotation and the "rules.http.paths.path" ingress field, respectively. 🟡 CVE-2026-24514 is a #DoS in the ingress-nginx admission controller, triggered by sending large requests.
  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback
⏳ With EOL in March, Ingress #NGINX has 4 newly disclosed vulnerabilities: #CVE-2026-1580, CVE-2026-24512, CVE-2026-24513, and CVE-2026-24514. We recommend that you migrate to F5's NGINX Ingress: buff.ly/vqTJvPK If you can’t migrate yet, update to v1.14.3. More details on each CVE below.
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • Kubernetes
  • ingress-nginx

03 Feb 2026
Published
05 Feb 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.10%

KEV

Description

A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

Statistics

  • 2 Posts

Last activity: 22 hours ago

Bluesky

Profile picture fallback
🔴 CVE-2026-1580 and CVE-2026-24512 allow for config #injection via the "nginx.ingress.kubernetes.io/auth-method" ingress annotation and the "rules.http.paths.path" ingress field, respectively. 🟡 CVE-2026-24514 is a #DoS in the ingress-nginx admission controller, triggered by sending large requests.
  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback
⏳ With EOL in March, Ingress #NGINX has 4 newly disclosed vulnerabilities: #CVE-2026-1580, CVE-2026-24512, CVE-2026-24513, and CVE-2026-24514. We recommend that you migrate to F5's NGINX Ingress: buff.ly/vqTJvPK If you can’t migrate yet, update to v1.14.3. More details on each CVE below.
  • 0
  • 0
  • 0
  • 22h ago
Showing 41 to 44 of 44 CVEs