BIT-NGINX-2026-42926 NGINX ngx_http_proxy_v2_module vulnerability

When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...

BIT-NGINX-GATEWAY-2026-40460 NGINX ngx_quic_module vulnerability

When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

BIT-NGINX-2026-40460 NGINX ngx_quic_module vulnerability

When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

Exploit for CVE-2026-42945

nginx-rift-detect Behavioral detection script for CVE-2026-...

CVE-2025-48516

Insecure default configuration state of DDR5 memory module by AGESA Bootloader Firmware could allow an attacker with local user privilege to abuse the unprotected PMIC interface to create a permanent denial of service condition or affect the integrity of the memory module...

EUVD-2025-209875

Insecure default configuration state of DDR5 memory module by AGESA Bootloader Firmware could allow an attacker with local user privilege to abuse the unprotected PMIC interface to create a permanent denial of service condition or affect the integrity of the memory module...

Exploit for CVE-2026-42945

CVE-2026-42945 — NGINX Rewrite Module Heap Buffer Overflow → R...

CVE-2026-8612

WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution. With no explicit cache backend, WWW::Mechanize::Cached constructs a default Cache::FileCache under /tmp/FileCache without...

nginx-rift-private-lab

NGINX Rift RCE Proof of concept for CVE-2026-42945, a cri...

Fedora 42 : nginx / nginx-mod-brotli / nginx-mod-fancyindex / etc (2026-38623b4fed)

The remote Fedora 42 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-38623b4fed advisory. nginx-mod-vts: - Rebuild for 1.30.1 nginx-mod-fancyindex: - Rebuild for 1.30.1 nginx-mod-naxsi: - Rebuild for 1.30.1 nginx-mod-headers-more: - Rebui...

PT-2026-41291

Out-of-bounds write vulnerability in the distributed file system module. Impact: Successful exploitation of this vulnerability may affect availability...

Nuvoton ECHD Key Security Update

Nuvoton has informed HP of a potential security vulnerability identified in Nuvoton TPM NPCT7xx models used in certain HP PC products, which might allow information disclosure. Nuvoton has released firmware mitigation for the potential vulnerability. HP has identified affected platforms and...

PT-2026-41289

Permission control vulnerability in the manufacturability design module. Impact: Successful exploitation of this vulnerability may affect availability...

Crypt::DSA 安全漏洞

Crypt::DSA is a Perl cryptography module developed by TIMLEGGE’s individual developers, which supports the generation and verification of DSA digital signatures. Versions of Crypt::DSA prior to 1.19 contained security vulnerabilities; these vulnerabilities stemmed from the use of the 2-args open...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system developed by Huawei Technologies Co., Ltd. It is a full-scenario distributed operating system based on a microkernel architecture. There is a security vulnerability in HUAWEI HarmonyOS, which stems from issues with the permission control of the...

PT-2026-41288

Permission control vulnerability in the manufacturability design module. Impact: Successful exploitation of this vulnerability may affect availability...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system developed by Huawei Technologies Co., Ltd. It is a full-scenario distributed operating system based on a microkernel architecture. There is a security vulnerability in HUAWEI HarmonyOS, which stems from issues with the permission control of the...

PT-2026-41296

PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of "data" parameter sanitization. An unauthenticated attacker can inject the malicious JavaScript code to the parameter whose value is processed by Node.js and subsequently executed...

Crypt::DSA 安全特征问题漏洞

Crypt::DSA is a Perl cryptography module developed by TIMLEGGE’s individual developers, which supports the generation and verification of DSA digital signatures. Versions of Crypt::DSA prior to version 1.20 had security vulnerabilities. These vulnerabilities stemmed from the use of the Perl...

PT-2026-41283

Permission control vulnerability in the app management and control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...