CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

965 matches found

Fedora•added 2026/06/01 1:1 a.m.•22 views

[SECURITY] Fedora 43 Update: nginx-mod-modsecurity-1.0.4-11.fc43

The ModSecurity-nginx connector is the connection point between nginx and libmodsecurity ModSecurity v3. Said another way, this project provides a communication channel between nginx and libmodsecurity. This connector is required to use LibModSecurity with nginx. The ModSecurity-nginx connector...

9.2CVSS5.8AI score0.02596EPSS

Exploits3

Fedora•added 2026/05/28 1:13 a.m.•13 views

[SECURITY] Fedora 44 Update: nginx-mod-modsecurity-1.0.4-11.fc44

9.2CVSS5.8AI score0.02596EPSS

Exploits3

SUSE CVE•added 2026/05/26 1:52 a.m.•16 views

SUSE CVE-2026-42268

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception std::outofrange caused by unsigned integer underflow in libmodsecurity3 if the user administrator uses a rule any of @verifySSN...

7.5CVSS5.6AI score0.00396EPSS

Exploits1References3

RedhatCVE•added 2026/05/25 7:38 a.m.•14 views

CVE-2026-42268

A flaw was found in ModSecurity, an open-source web application firewall WAF. This vulnerability occurs when an administrator configures a rule that uses @verifySSN, @verifyCPF, or @verifySVNR functions. An unhandled exception, specifically an unsigned integer underflow, can lead to a denial of...

8.2CVSS5.7AI score0.00396EPSS

Exploits1References4

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux – Vulnerability in ModSecurity-Apache

ModSecurity is an open-source, cross-platform web application firewall WAF engine for Apache, IIS, and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which can lead to various issues depending on the HTTP scenario. For example, we have demonstrated...

6.9CVSS7.3AI score0.00263EPSS

Exploits1References1

Fedora•added 2026/05/15 10:45 p.m.•11 views

[SECURITY] Fedora 42 Update: nginx-mod-modsecurity-1.0.4-10.fc42

9.2CVSS6AI score0.5331EPSS

Exploits40

Fedora•added 2026/05/15 9:9 p.m.•11 views

[SECURITY] Fedora 43 Update: nginx-mod-modsecurity-1.0.4-10.fc43

9.2CVSS6AI score0.5331EPSS

Exploits40

Fedora•added 2026/05/15 8:58 p.m.•13 views

[SECURITY] Fedora 44 Update: nginx-mod-modsecurity-1.0.4-10.fc44

9.2CVSS6AI score0.5331EPSS

Exploits40

Tenable Nessus•added 2026/05/15 12:0 a.m.•9 views

Fedora 42 : nginx / nginx-mod-brotli / nginx-mod-fancyindex / etc (2026-38623b4fed)

The remote Fedora 42 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-38623b4fed advisory. nginx-mod-vts: - Rebuild for 1.30.1 nginx-mod-fancyindex: - Rebuild for 1.30.1 nginx-mod-naxsi: - Rebuild for 1.30.1 nginx-mod-headers-more: - Rebui...

9.2CVSS6.1AI score0.5331EPSS

Exploits40References7

Tenable Nessus•added 2026/05/15 12:0 a.m.•6 views

Fedora 44 : nginx / nginx-mod-brotli / nginx-mod-fancyindex / etc (2026-094eb13bb1)

The remote Fedora 44 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-094eb13bb1 advisory. nginx-mod-fancyindex: - Rebuild for 1.30.1 nginx-mod-headers-more: - Rebuild for 1.30.1 nginx-mod-naxsi: - Rebuild for 1.30.1 nginx-mod-js-challenge...

9.2CVSS6.1AI score0.5331EPSS

Exploits40References7

Tenable Nessus•added 2026/05/15 12:0 a.m.•8 views

Fedora 43 : nginx / nginx-mod-brotli / nginx-mod-fancyindex / etc (2026-fb53cb4d67)

The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-fb53cb4d67 advisory. nginx-mod-brotli: - Rebuild for 1.30.1 nginx-mod-vts: - Rebuild for 1.30.1 nginx-mod-modsecurity: - Rebuild for 1.30.1 nginx-mod-fancyindex: - Rebui...

9.2CVSS6.1AI score0.5331EPSS

Exploits40References7

OSV•added 2026/05/14 8:48 a.m.•1 views

BIT-MODSECURITY2-2026-42268 ModSecurity: Unsigned integer underflow in @verifySSN / @verifyCPF / @verifySVNR operators

8.2CVSS5.6AI score0.00396EPSS

Exploits1References2

OSV•added 2026/05/14 8:48 a.m.•5 views

BIT-MODSECURITY-2026-42268 ModSecurity: Unsigned integer underflow in @verifySSN / @verifyCPF / @verifySVNR operators

8.2CVSS5.6AI score0.00396EPSS

Exploits1References2

NVD•added 2026/05/12 10:16 p.m.•9 views

CVE-2026-42268

8.2CVSS0.00396EPSS

Exploits1References1

Cvelist•added 2026/05/12 9:40 p.m.•34 views

CVE-2026-42268 ModSecurity: Unsigned integer underflow in @verifySSN / @verifyCPF / @verifySVNR operators

8.2CVSS0.00396EPSS

Exploits1References1

CVE•added 2026/05/12 9:40 p.m.•16 views

CVE-2026-42268

ModSecurity (libmodsecurity3) versions 3.0.0–3.0.14 expose an unhandled std::out_of_range exception caused by an unsigned integer underflow when using the operators @verifySSN, @verifyCPF, or @verifySVNR. The vulnerability affects the WAF engine for Apache, IIS, and Nginx and is fixed in 3.0.15. ...

8.2CVSS5.6AI score0.00396EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2026/05/12 9:40 p.m.•5 views

CVE-2026-42268 ModSecurity: Unsigned integer underflow in @verifySSN / @verifyCPF / @verifySVNR operators

8.2CVSS5.6AI score0.00396EPSS

Exploits1References1

ATTACKERKB•added 2026/05/12 9:40 p.m.•4 views

CVE-2026-42268

8.2CVSS5.6AI score0.00396EPSS

Exploits1References2Affected Software1

EUVD•added 2026/05/12 9:40 p.m.•10 views

EUVD-2026-29854

8.2CVSS5.6AI score0.00396EPSS

Exploits1References1

CNNVD•added 2026/05/12 12:0 a.m.•6 views

Modsecurity 数字错误漏洞

Modsecurity is an open-source web traffic security processing library developed by OWASP ModSecurity. Versions of Modsecurity from 3.0.0 to 3.0.15 contained a numerical error vulnerability. This vulnerability stemmed from an unsigned integer underflow, which led to unhandled exceptions and could...

8.2CVSS5.8AI score0.00396EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by