#vulnerability

A vulnerability was found in GetmeUK ContentTools up to 1.6.16. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Image Handler. The manipulation of the argument onload leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, has been found in yiisoft Yii2 up to 2.0.45. Affected by this issue is the function getIterator of the file symfony\finder\Iterator\SortableIterator.php. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

A critical security flaw has been disclosed in the Next.js React framework that could be potentially exploited to bypass authorization checks under certain conditions. The vulnerability, tracked as CVE-2025-29927, carries a CVSS score of 9.1 out of 10.0. "Next.js uses an internal header x-middleware-subrequest to prevent recursive requests from triggering infinite loops," Next.js said in an

**Why are we publishing this Kubernetes CVE in the Security Update Guide?** We are republishing these CVEs because on March 24, 2025, the Kubernetes SRC (Security Response Committee) published 5 CVEs that disclose vulnerabilities in the Kubernetes NGINX Ingress Controller. Some of these vulnerabilities might affect you if you have this component running in your Kubernetes cluster. **How do I know if I am affected by these vulnerabilities?** If you are running your own **Kubernetes NGINX Ingress Controller, please review the CVEs and mitigate by updating to the latest patch versions** (v1.11.5 and v1.12.1). **If you are using the** Managed NGINX ingress with the application routing add-on on AKS, the patches are getting rolled out to all regions and should be completed in a few days. No action is required. The status of the AKS deployment can be monitored here: AKS Release Status. **Where can I find more information about these vulnerabilities?** CVE ID Link to Github Issue CVE...

**Why are we publishing this Kubernetes CVE in the Security Update Guide?** We are republishing these CVEs because on March 24, 2025, the Kubernetes SRC (Security Response Committee) published 5 CVEs that disclose vulnerabilities in the Kubernetes NGINX Ingress Controller. Some of these vulnerabilities might affect you if you have this component running in your Kubernetes cluster. **How do I know if I am affected by these vulnerabilities?** If you are running your own **Kubernetes NGINX Ingress Controller, please review the CVEs and mitigate by updating to the latest patch versions** (v1.11.5 and v1.12.1). **If you are using the** Managed NGINX ingress with the application routing add-on on AKS, the patches are getting rolled out to all regions and should be completed in a few days. No action is required. The status of the AKS deployment can be monitored here: AKS Release Status. **Where can I find more information about these vulnerabilities?** CVE ID Link to Github Issue CVE...

**Why are we publishing this Kubernetes CVE in the Security Update Guide?** We are republishing these CVEs because on March 24, 2025, the Kubernetes SRC (Security Response Committee) published 5 CVEs that disclose vulnerabilities in the Kubernetes NGINX Ingress Controller. Some of these vulnerabilities might affect you if you have this component running in your Kubernetes cluster. **How do I know if I am affected by these vulnerabilities?** If you are running your own **Kubernetes NGINX Ingress Controller, please review the CVEs and mitigate by updating to the latest patch versions** (v1.11.5 and v1.12.1). **If you are using the** Managed NGINX ingress with the application routing add-on on AKS, the patches are getting rolled out to all regions and should be completed in a few days. No action is required. The status of the AKS deployment can be monitored here: AKS Release Status. **Where can I find more information about these vulnerabilities?** CVE ID Link to Github Issue CVE...

**Why are we publishing this Kubernetes CVE in the Security Update Guide?** We are republishing these CVEs because on March 24, 2025, the Kubernetes SRC (Security Response Committee) published 5 CVEs that disclose vulnerabilities in the Kubernetes NGINX Ingress Controller. Some of these vulnerabilities might affect you if you have this component running in your Kubernetes cluster. **How do I know if I am affected by these vulnerabilities?** If you are running your own **Kubernetes NGINX Ingress Controller, please review the CVEs and mitigate by updating to the latest patch versions** (v1.11.5 and v1.12.1). **If you are using the** Managed NGINX ingress with the application routing add-on on AKS, the patches are getting rolled out to all regions and should be completed in a few days. No action is required. The status of the AKS deployment can be monitored here: AKS Release Status. **Where can I find more information about these vulnerabilities?** CVE ID Link to Github Issue CVE...

**Why are we publishing this Kubernetes CVE in the Security Update Guide?** We are republishing these CVEs because on March 24, 2025, the Kubernetes SRC (Security Response Committee) published 5 CVEs that disclose vulnerabilities in the Kubernetes NGINX Ingress Controller. Some of these vulnerabilities might affect you if you have this component running in your Kubernetes cluster. **How do I know if I am affected by these vulnerabilities?** If you are running your own **Kubernetes NGINX Ingress Controller, please review the CVEs and mitigate by updating to the latest patch versions** (v1.11.5 and v1.12.1). **If you are using the** Managed NGINX ingress with the application routing add-on on AKS, the patches are getting rolled out to all regions and should be completed in a few days. No action is required. The status of the AKS deployment can be monitored here: AKS Release Status. **Where can I find more information about these vulnerabilities?** CVE ID Link to Github Issue CVE...

Gartner describes infrastructure as code (IaC) as a key way to unlock the potential of the cloud. However,…

Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of the base file". However, when the path contains encoded ".." characters (for example, "%2E%2E/bar.txt"), it might return file objects that are not a descendent of the base file, without throwing an exception. This issue affects Apache Commons VFS: before 2.10.0. Users are recommended to upgrade to version 2.10.0, which fixes the issue.