Lucene search
+L

186 matches found

nvd
nvd
added yesterday5 views

CVE-2026-60065

When NGINX Plus is configured to use the Message Queuing Telemetry Transport MQTT filter module ngxstreammqttfiltermodule, unauthenticated attackers can send requests with conditions beyond the attacker's control to cause a heap buffer over-read in the NGINX worker process, leading to a restart...

6.3CVSS
Exploits0References1
nvd
nvd
added yesterday7 views

CVE-2026-42533

A vulnerability exists in NGINX Plus and NGINX Open Source when a map directive uses regex matching and a string expression references the map's regex capture variables before referencing the map output variable. Alternatively, the same result could be achieved by using a non-cacheable variable i...

9.2CVSS
Exploits0References1
cvelist
cvelist
added yesterday21 views

CVE-2026-60065 NGINX Plus ngx_stream_mqtt_filter_module vulnerability

When NGINX Plus is configured to use the Message Queuing Telemetry Transport MQTT filter module ngxstreammqttfiltermodule, unauthenticated attackers can send requests with conditions beyond the attacker's control to cause a heap buffer over-read in the NGINX worker process, leading to a restart...

6.3CVSS
Exploits0References1
euvd
euvd
added yesterday5 views

EUVD-2026-44685

When NGINX Plus is configured to use the Message Queuing Telemetry Transport MQTT filter module ngxstreammqttfiltermodule, unauthenticated attackers can send requests with conditions beyond the attacker's control to cause a heap buffer over-read in the NGINX worker process, leading to a restart...

6.3CVSS6.2AI score
Exploits0References1
cve
cve
added yesterday13 views

CVE-2026-60065

CVE-2026-60065 affects NGINX Plus when the MQTT filter module (ngx_stream_mqtt_filter_module) is enabled. Unauthenticated attackers can send crafted requests to trigger a heap buffer over-read in an NGINX worker process, potentially causing a restart. Impact is limited to data-plane availability ...

6.3CVSS6.2AI score
Exploits0References1
f5
f5
added yesterday10 views

K000161837: Out-of-band Security Notification (July 15, 2026)

Security Advisory Description On July 15, 2026, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. Article CVE|...

9.2CVSS6.1AI score
Exploits0
f5
f5
added yesterday8 views

K000162101: NGINX Plus ngx_stream_mqtt_filter_module vulnerability CVE-2026-60065

Security Advisory Description When NGINX Plus is configured to use the Message Queuing Telemetry Transport MQTT filter module ngxstreammqttfiltermodule, unauthenticated attackers can send requests with conditions beyond the attacker's control to cause a heap buffer over-read in the NGINX worker...

6.3CVSS6.1AI score
Exploits0Affected Software5
osv
osv
added 2026/07/06 6:25 a.m.5 views

OESA-2026-2798 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion ...

9.2CVSS6.3AI score0.03552EPSS
Exploits1References3
bdu_fstec
bdu_fstec
added 2026/06/30 12:0 a.m.5 views

The vulnerability of the ngx_http_charset_module module in NGINX Plus and NGINX Open Source web servers allows a perpetrator to gain unauthorized access to protected information or cause service failures.

The vulnerability of the ngxhttpcharsetmodule module in NGINX Plus and NGINX Open Source web servers is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information or cause...

4.8CVSS6.3AI score0.00398EPSS
Exploits0References3Affected Software11
bdu_fstec
bdu_fstec
added 2026/06/29 12:0 a.m.11 views

The vulnerabilities of the ngx_http_proxy_v2_module and ngx_http_grpc_module modules in NGINX Plus and NGINX Open Source web servers allow attackers to execute arbitrary code or cause service interruptions.

The vulnerability of the ngxhttpproxyv2module and ngxhttpgrpcmodule modules in NGINX Plus and NGINX Open Source web servers stems from the execution of operations outside of the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause service...

8.1CVSS6.8AI score0.03552EPSS
Exploits1References3Affected Software11
redos
redos
added 2026/06/26 12:0 a.m.10 views

ROS-20260626-73-0020

The vulnerability of the ngxhttprewritemodule module in NGINX Plus and NGINX Open Source web servers is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a denial-of-service attack by sending a specially crafte...

9.2CVSS6.3AI score0.04261EPSS
Exploits3
redos
redos
added 2026/06/22 12:0 a.m.8 views

ROS-20260622-73-0045

The vulnerability of the ngxmailauthhttpmodule module in NGINX Plus and NGINX Open Source is related to the use of the NULL pointer. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

8.7CVSS5.9AI score0.00921EPSS
Exploits0
redos
redos
added 2026/06/22 12:0 a.m.7 views

ROS-20260622-73-0042

The vulnerability of the ngxhttpmp4module in NGINX Plus and NGINX Open Source HTTP servers is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause service failures or execute arbitrary code...

8.5CVSS6.3AI score0.00918EPSS
Exploits0
osv
osv
added 2026/06/19 12:0 a.m.5 views

UBUNTU-CVE-2026-48142

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both sourcecharset utf-8; and a charset directive for example, charset koi8-r; configured, remote, unauthenticated attackers can send requests ...

6.3CVSS6AI score0.00398EPSS
Exploits0References4
osv
osv
added 2026/06/18 12:0 a.m.6 views

UBUNTU-CVE-2026-11311

When NGINX Plus is configured as the data plane for NGINX Gateway Fabr...

8.6CVSS5.3AI score0.00567EPSS
Exploits0References2
nvd
nvd
added 2026/06/17 3:16 p.m.13 views

CVE-2026-48142

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both sourcecharset utf-8; and a charset directive for example, charset koi8-r; configured, remote, unauthenticated attackers can send requests ...

6.3CVSS0.00398EPSS
Exploits0References1
debiancve
debiancve
added 2026/06/17 2:4 p.m.12 views

CVE-2026-48142

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both sourcecharset utf-8; and a charset directive for example, charset koi8-r; configured, remote, unauthenticated attackers can send requests ...

6.3CVSS5.6AI score0.00398EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/06/17 2:4 p.m.5 views

CVE-2026-42055

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

9.2CVSS6.5AI score0.03552EPSS
Exploits1
f5
f5
added 2026/06/17 1:43 p.m.14 views

K000161611: NGINX Gateway Fabric vulnerability CVE-2026-11311

Security Advisory Description When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens...

8.6CVSS5.5AI score0.00567EPSS
Exploits0Affected Software1
redos
redos
added 2026/06/09 12:0 a.m.10 views

ROS-20260609-73-0014

The vulnerability of the ngxhttprewritemodule module in NGINX Plus and NGINX Open Source web servers is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9.2CVSS6.3AI score0.61469EPSS
Exploits40
Rows per page
Query Builder