Lucene search
K

188 matches found

RedhatCVE
RedhatCVE
added 2026/06/25 7:28 p.m.7 views

CVE-2026-42055

A flaw was found in NGINX. When NGINX is configured to proxy HTTP/2 traffic using the ngxhttpproxyv2module or ngxhttpgrpcmodule with specific settings, a remote, unauthenticated attacker can send specially crafted large headers. This can trigger a heap-based buffer overflow, leading to a restart ...

9.2CVSS6.5AI score0.0314EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/06/19 1:53 a.m.7 views

SUSE CVE-2026-42055

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

8.1CVSS6.5AI score0.0314EPSS
Exploits1References3
OSV
OSV
added 2026/06/17 3:16 p.m.4 views

ALPINE-CVE-2026-42055

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

9.2CVSS6.5AI score0.0314EPSS
Exploits1References1
NVD
NVD
added 2026/06/17 3:16 p.m.91 views

CVE-2026-42055

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

9.2CVSS0.0314EPSS
Exploits1References9
AlpineLinux
AlpineLinux
added 2026/06/17 2:4 p.m.5 views

CVE-2026-42055

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

9.2CVSS6.5AI score0.0314EPSS
Exploits1
CVE
CVE
added 2026/06/17 2:4 p.m.292 views

CVE-2026-42055

CVE-2026-42055 affects NGINX Plus and NGINX Open Source via the ngx_http_proxy_v2_module and ngx_http_grpc_module. A remote, unauthenticated attacker can exploit scenarios where proxy_http_version 2 or grpc_pass is used, ignore_invalid_headers is off, and large_client_header_buffers is set to mul...

9.2CVSS6AI score0.0314EPSS
Exploits1References9Affected Software9
EUVD
EUVD
added 2026/06/17 2:4 p.m.11 views

EUVD-2026-37718

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

9.2CVSS6AI score0.0314EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/17 2:4 p.m.79 views

CVE-2026-42055 NGINX ngx_http_proxy_v2_module and ngx_http_grpc_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

9.2CVSS0.0314EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2026/06/17 12:0 a.m.8 views

nginx -- multiple vulnerabilities

The nginx developers report: A heap memory buffer overflow vulnerability when using the "ignoreinvalidheaders off;" and "largeclientheaderbuffers" directives with large configured values while proxying a specially crafted request to an HTTP/2 or gRPC backend may allow memory corruption or a...

9.2CVSS5.7AI score0.0314EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in PHP 8.1, PHP 7.3

In PHP versions starting from 8.1. up to 8.1.32, and from 8.2. up to 8.2.28, and from 8.3. up to 8.3.19, as well as in PHP versions starting from 8.4. up to 8.4.5, headers that lack a colon : are treated as valid headers, even though they are not. This can cause applications to accept invalid...

6.3CVSS6.6AI score0.00481EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

granian 安全漏洞

Granian is a high-performance Python HTTP server developed by Emmett under open source principles, using Rust as the programming language. Versions of Granian from 0.2.0 to 2.7.4 contain security vulnerabilities. These vulnerabilities occur when the WSGI application returns invalid HTTP response...

5.9CVSS5.8AI score0.00222EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/06 9:24 p.m.8 views

Improper Handling of Exceptional Conditions

Overview granian is an A Rust HTTP server for Python applications Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions through the WSGI response conversion process. An attacker can cause the worker process to abort by supplying or influencing invalid HTT...

8.2CVSS5.8AI score0.00222EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/25 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an error in the validation conditions for the MAC header in ip6teui64. This vulnerability may all...

9.4CVSS5.8AI score0.00337EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/10 5:32 p.m.1 views

Improper Handling of Exceptional Conditions

Overview @sveltejs/kit is a SvelteKit framework and CLI Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions in the redirect function in the handle server hook when the location parameter contains characters invalid in an HTTP header. An attacker can cau...

7.5CVSS5.8AI score0.00366EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/08 12:17 a.m.7 views

Hono missing validation of cookie name on write path in setCookie()

Summary Cookie names are not validated on the write path when using setCookie, serialize, or serializeSigned to generate Set-Cookie headers. While certain cookie attributes such as domain and path are validated, the cookie name itself may contain invalid characters. This results in inconsistent...

5.9AI score
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/02/16 12:0 a.m.9 views

MiracleLinux 8 : php:7.4 (AXSA:2026-182:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-182:01 advisory. php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with...

9.8CVSS7.9AI score0.02286EPSS
Exploits10References14
RedhatCVE
RedhatCVE
added 2026/01/09 12:1 p.m.7 views

CVE-2018-19167

CloakCoin through 2.2.2.0 a chain-based proof-of-stake cryptocurrency allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk...

7.5CVSS6.9AI score0.0133EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:1 p.m.4 views

CVE-2018-19161

alqo through 4.1 a chain-based proof-of-stake cryptocurrency allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk...

7.5CVSS6.9AI score0.01296EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:1 p.m.11 views

CVE-2018-19152

emercoin through 0.7 a chain-based proof-of-stake cryptocurrency allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM...

7.5CVSS7AI score0.01296EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:0 p.m.7 views

CVE-2018-19156

PIVX through 3.1.03 a chain-based proof-of-stake cryptocurrency allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk...

7.5CVSS6.9AI score0.01296EPSS
Exploits0References1
Rows per page
Query Builder