Lucene search
+L

2073 matches found

nvd
nvd
added yesterday5 views

CVE-2026-60065

When NGINX Plus is configured to use the Message Queuing Telemetry Transport MQTT filter module ngxstreammqttfiltermodule, unauthenticated attackers can send requests with conditions beyond the attacker's control to cause a heap buffer over-read in the NGINX worker process, leading to a restart...

6.3CVSS
Exploits0References1
nvd
nvd
added yesterday7 views

CVE-2026-56434

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpssimodule module. This vulnerability may exist when the Server-Side Includes SSI, proxypass, and proxybuffering off directives are configured. With this configuration, an unauthenticated attacker with man-in-the-middle MITM abili...

8.3CVSS
Exploits0References1
vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-56434 NGINX ngx_http_ssi_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpssimodule module. This vulnerability may exist when the Server-Side Includes SSI, proxypass, and proxybuffering off directives are configured. With this configuration, an unauthenticated attacker with man-in-the-middle MITM abili...

8.3CVSS6.1AI score
Exploits0References1
attackerkb
attackerkb
added yesterday3 views

CVE-2026-56434

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpssimodule module. This vulnerability may exist when the Server-Side Includes SSI, proxypass, and proxybuffering off directives are configured. With this configuration, an unauthenticated attacker with man-in-the-middle MITM abili...

8.3CVSS6.1AI score
Exploits0References2Affected Software2
cvelist
cvelist
added yesterday35 views

CVE-2026-60065 NGINX Plus ngx_stream_mqtt_filter_module vulnerability

When NGINX Plus is configured to use the Message Queuing Telemetry Transport MQTT filter module ngxstreammqttfiltermodule, unauthenticated attackers can send requests with conditions beyond the attacker's control to cause a heap buffer over-read in the NGINX worker process, leading to a restart...

6.3CVSS
Exploits0References1
cvelist
cvelist
added yesterday32 views

CVE-2026-56434 NGINX ngx_http_ssi_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpssimodule module. This vulnerability may exist when the Server-Side Includes SSI, proxypass, and proxybuffering off directives are configured. With this configuration, an unauthenticated attacker with man-in-the-middle MITM abili...

8.3CVSS
Exploits0References1
cve
cve
added yesterday14 views

CVE-2026-60065

CVE-2026-60065 affects NGINX Plus when the MQTT filter module (ngx_stream_mqtt_filter_module) is enabled. Unauthenticated attackers can send crafted requests to trigger a heap buffer over-read in an NGINX worker process, potentially causing a restart. Impact is limited to data-plane availability ...

6.3CVSS6.2AI score
Exploits0References1
cve
cve
added yesterday45 views

CVE-2026-56434

Summary: CVE-2026-56434 affects the nginx ngx_http_ssi_module in NGINX Plus and NGINX Open Source when SSI, proxy_pass, and proxy_buffering are configured off. An unauthenticated attacker with MITM control over upstream responses can trigger a heap buffer over-read in the nginx worker process, po...

8.3CVSS6.1AI score
Exploits0References1
f5
f5
added yesterday8 views

K000162101: NGINX Plus ngx_stream_mqtt_filter_module vulnerability CVE-2026-60065

Security Advisory Description When NGINX Plus is configured to use the Message Queuing Telemetry Transport MQTT filter module ngxstreammqttfiltermodule, unauthenticated attackers can send requests with conditions beyond the attacker's control to cause a heap buffer over-read in the NGINX worker...

6.3CVSS6.1AI score
Exploits0Affected Software5
f5
f5
added yesterday9 views

K000162098: NGINX ngx_http_ssi_module vulnerability CVE-2026-56434

Security Advisory Description NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpssimodule module. This vulnerability may exist when the Server-Side Includes SSI, proxypass , and proxybuffering off directives are configured. With this configuration, an unauthenticated attacker wi...

8.3CVSS6.1AI score
Exploits0Affected Software7
ptsecurity
ptsecurity
added yesterday6 views

PT-2026-60184

Name of the Vulnerable Software and Affected Versions NGINX Plus affected versions not specified NGINX Open Source affected versions not specified Description A use-after-free issue exists in the ngx http ssi module module. This occurs when Server-Side Includes SSI, proxy pass, and proxy bufferin...

8.3CVSS6.1AI score
Exploits0References7
cve
cve
added 2 days ago5 views

CVE-2026-15712

CVE-2026-15712 affects libsoup’s HTTP/2 connection tracking in/libsoup3 (versions 3.0–3.7.0) where the GOAWAY frame’s Additional Debug Data is parsed as a NUL-terminated C-string without strict length checks. This permits a remote, unauthenticated attacker to send malformed GOAWAY frames, causing...

5.9CVSS6.1AI score0.00498EPSS
Exploits0References3
redhatcve
redhatcve
added 6 days ago8 views

CVE-2026-53877

A flaw was found in Django. Instantiating django.contrib.gis.gdal.GDALRaster with a bytes object representing a raster file can trigger a heap buffer over-read in the vsibuffer property, reading roughly 32 bytes past the end of the allocated buffer. An attacker who can supply crafted raster data...

6.3CVSS6.1AI score0.00291EPSS
Exploits0References3
osv
osv
added 2026/07/09 6:7 p.m.1 views

SUSE-SU-2026:2822-1 Security update for gnutls

This update for gnutls fixes the following issues - CVE-2025-14831: excessive resource consumption when verifying specially crafted malicious certificates containing a large number of name constraints and SANs bsc1257960. - CVE-2026-3833: incorrectly accepted domain names due to comparison during...

9.8CVSS6.7AI score0.01335EPSS
Exploits2References25
redhat
redhat
added 2026/07/08 7:33 p.m.5 views

httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the server fails to properly check if a string is null-terminated before attempting to read it, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue...

5.3CVSS6.2AI score0.00485EPSS
Exploits0References5
redhat
redhat
added 2026/07/08 5:58 p.m.3 views

httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data()

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the ajpparsedata function attempts to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue potentially lea...

7.5CVSS7.1AI score0.00394EPSS
Exploits0References5
redhat
redhat
added 2026/07/08 5:58 p.m.3 views

httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the server fails to properly check if a string is null-terminated before attempting to read it, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue...

5.3CVSS6.2AI score0.00485EPSS
Exploits0References5
redhat
redhat
added 2026/07/07 9:48 p.m.4 views

httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the server fails to properly check if a string is null-terminated before attempting to read it, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue...

5.3CVSS6AI score0.00485EPSS
Exploits0References5
redhat
redhat
added 2026/07/07 9:48 p.m.4 views

httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data()

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the ajpparsedata function attempts to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue potentially lea...

7.5CVSS6AI score0.00394EPSS
Exploits0References5
cvelist
cvelist
added 2026/07/07 2:10 p.m.34 views

CVE-2026-53877 Heap buffer over-read in GDALRaster

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause service degradation via a potential segmentation fault when the vsibuffer...

6.3CVSS0.00291EPSS
Exploits0References3
Rows per page
Query Builder