安全攻防 None 一个双引号打入 K8s 集群:CVE-2026-3288 ingress-nginx 配置注入深度剖析 Ingress 的 path 字段写一个双引号,就能注入任意 nginx 指令。这已经是 ingress-nginx 四年内的第四次同类漏洞。源码审计发现根因从未解决:fmt。Sprintf 直接把用户输入拼进配置,四年了。 nginx 字段写一 个双引号 2026-06-25 先知社区
安全攻防 None F5 修补了两个关键的 NGINX 开源缺陷,从而实现远程代码执行 F5 has released security updates to address two critical security flaws in NGINX Open Source that could be exploited to security NGINX Open 2026-06-19 info@thehackernews.com (The Hacker News)
安全攻防 None NGINX CVE-2026-42945 被广泛利用,导致 Worker 崩溃和可能的 RCE A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days NGINX security the 2026-05-17 info@thehackernews.com (The Hacker News)
安全攻防 None 已有 18 年历史的 NGINX 重写模块缺陷导致未经身份验证的 RCE Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, includin impacting NGINX that 2026-05-14 info@thehackernews.com (The Hacker News)
开发者生态 None Show HN:免费工具,可查看 AI 机器人给您的网站带来的成本 How it works 01 — UPLOAD Drop your log file Drag and drop your Nginx, Apache, Cloudflare, or Vercel log file。Everything your log Nginx 2026-05-11 plaintosapp