NGINX Ingress Controller for Kubernetes (community-driven) is an Ingress Controller that manages the routing of external traffic to services inside a Kubernetes cluster, acting as a reverse proxy and load balancer. Developed and maintained by the Kubernetes community, this controller offers a wide range of features for traffic routing, SSL termination, and load balancing.

Ingress NGINX Controller (community-driven)

Annotation injection unauthenticated remote code execution vulnerability in Nginx Ingress Controller.

CVE-2025-1974

Linux

Linux Kernel

Windows

Windows Cumulative Update

GitHub is a web-based Git repository hosting service, which offers all of the distributed revision control and source code management (SCM) functionality of Git, as well as adding its own features. Unlike Git, which is strictly a command-line tool, GitHub provides a web-based graphical interface and desktop as well as mobile integration.

GitHub

reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog actions that use `reviewdog/action-setup@v1` that would also be compromised, regardless of version or pinning method, are reviewdog/action-shellcheck, reviewdog/action-composite-template, reviewdog/action-staticcheck, reviewdog/action-ast-grep, and reviewdog/action-typos.

CVE-2025-30154

Wiz Threat Research estimates with high confidence that the root cause of the tj-actions/changed-files compromise was itself a supply chain compromise, of reviewdog/action-setup. Wiz Threat Research found that attackers modified the v1 tag of reviewdog/action-setup, which was then used by tj-actions/eslint-changed-files, likely leading to the compromise of a GitHub Personal Access Token (PAT) that enabled the attack on tj-actions/changed-files.

WVE-2025-001

tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code.)

CVE-2025-30066

Class based , object oriented programming language. Designed to have less dependencies as possible. The syntex of Java is smilier to C and C++. Commonly used for client-server applications. Java files are compiled by JVM (Java Virtual Machine)

Java

Apache Camel is a versatile integration framework based on known Enterprise Integration Patterns.

Apache Camel

Bypass/Injection vulnerability in Apache Camel components under particular conditions.

This issue affects Apache Camel: from 4.10.0 through <= 4.10.1, from 4.8.0 through <= 4.8.4, from 3.10.0 through <= 3.22.3.

Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS and 3.22.4 for 3.x releases.



This vulnerability is present in Camel's default incoming header filter, that allows an attacker to include Camel specific

headers that for some Camel components can alter the behaviours such as the camel-bean component, to call another method

on the bean, than was coded in the application. In the camel-jms component, then a malicious header can be used to send

the message to another queue (on the same broker) than was coded in the application. This could also be seen by using the camel-exec component




The attacker would need to inject custom headers, such as HTTP protocols. So if you have Camel applications that are

directly connected to the internet via HTTP, then an attacker could include malicious HTTP headers in the HTTP requests

that are send to the Camel application.




All the known Camel HTTP component such as camel-servlet, camel-jetty, camel-undertow, camel-platform-http, and camel-netty-http would be vulnerable out of the box.

In these conditions an attacker could be able to forge a Camel header name and make the bean component invoking other methods in the same bean.

In terms of usage of the default header filter strategy the list of components using that is: 


  *  camel-activemq
  *  camel-activemq6
  *  camel-amqp
  *  camel-aws2-sqs
  *  camel-azure-servicebus
  *  camel-cxf-rest
  *  camel-cxf-soap
  *  camel-http
  *  camel-jetty
  *  camel-jms
  *  camel-kafka
  *  camel-knative
  *  camel-mail
  *  camel-nats
  *  camel-netty-http
  *  camel-platform-http
  *  camel-rest
  *  camel-sjms
  *  camel-spring-rabbitmq
  *  camel-stomp
  *  camel-tahu
  *  camel-undertow
  *  camel-xmpp






The vulnerability arises due to a bug in the default filtering mechanism that only blocks headers starting with "Camel", "camel", or "org.apache.camel.". 


Mitigation: You can easily work around this in your Camel applications by removing the headers in your Camel routes. There are many ways of doing this, also globally or per route. This means you could use the removeHeaders EIP, to filter out anything like "cAmel, cAMEL" etc, or in general everything not starting with "Camel", "camel" or "org.apache.camel.".

CVE-2025-27636

Maven

GitHub Advisory Database

No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2025-29806

Debian GNU/Linux is a Linux distribution composed of free and open-source software.

Linux Debian

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Commons VFS.

The FtpFileObject class can throw an exception when a file is not found, revealing the original URI in its message, which may include a password. The fix is to mask the password in the exception message
This issue affects Apache Commons VFS: before 2.10.0.

Users are recommended to upgrade to version 2.10.0, which fixes the issue.

CVE-2025-30474

Debian

Debian Security Tracker

Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0.

The FileObject API in Commons VFS has a 'resolveFile' method that
takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of
the base file". However, when the path contains encoded ".."
characters (for example, "%2E%2E/bar.txt"), it might return file objects that are not
a descendent of the base file, without throwing an exception.
This issue affects Apache Commons VFS: before 2.10.0.

Users are recommended to upgrade to version 2.10.0, which fixes the issue.

CVE-2025-27553

Ubuntu is a Linux distribution based on Debian, mostly composed of free and open-source software. Ubuntu is officially released in three editions: Desktop, Server, and Core for internet of things devices and robots. All the editions can run on the computer alone or in a virtual machine.

Linux Ubuntu

Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code.

CVE-2025-0927

Ubuntu

Ubuntu Security Tracker

WordPress is a content management system paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system, referred to within WordPress as Themes.

WordPress

The Pods  WordPress plugin before 3.2.8.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-1974	CRITICAL	9.8	Ingress NGINX Controller (community-driven)	cpe:2.3:a:kubernetes:ingress-nginx	No	Yes	Mar 23, 2025
CVE-2025-30154	HIGH	8.6	GitHub	N/A	No	No	Mar 19, 2025
WVE-2025-001	HIGH	N/A	GitHub	N/A	No	No	Mar 17, 2025
CVE-2025-30066	HIGH	8.6	GitHub	N/A	Yes	No	Mar 15, 2025
CVE-2025-27636	MEDIUM	N/A	Java	org.apache.camel:camel-support	No	Yes	Mar 09, 2025

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-29806	MEDIUM	6.5	N/A	N/A	No	No	Mar 23, 2025
CVE-2025-30474	N/A	N/A	Linux Debian	commons-vfs	No	No	Mar 23, 2025
CVE-2025-27553	N/A	N/A	Linux Debian	commons-vfs	No	No	Mar 23, 2025
CVE-2025-0927	HIGH	N/A	Linux Debian	linux-azure	No	Yes	Mar 23, 2025
CVE-2025-1446	N/A	N/A	WordPress	N/A	No	No	Mar 23, 2025

Wiz Vulnerability Database

Explore by technology

Popular filters

High Profile

Most Recent

Vulnerabilities by the numbers

The good, the bad, and the vulnerable

Additional Wiz resources

Cloud Vulnerability DB

Cloud threat landscape

PEACH

Ready to see Wiz in action?