Lucene search
K

178 matches found

OSV
OSV
added 3 days ago4 views

OESA-2026-2798 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion ...

9.2CVSS6.3AI score0.02838EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2026/06/30 12:0 a.m.4 views

The vulnerability of the ngx_http_charset_module module in NGINX Plus and NGINX Open Source web servers allows a perpetrator to gain unauthorized access to protected information or cause service failures.

The vulnerability of the ngxhttpcharsetmodule module in NGINX Plus and NGINX Open Source web servers is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information or cause...

4.8CVSS6.3AI score0.00398EPSS
Exploits0References3Affected Software11
BDU FSTEC
BDU FSTEC
added 2026/06/29 12:0 a.m.6 views

The vulnerabilities of the ngx_http_proxy_v2_module and ngx_http_grpc_module modules in NGINX Plus and NGINX Open Source web servers allow attackers to execute arbitrary code or cause service interruptions.

The vulnerability of the ngxhttpproxyv2module and ngxhttpgrpcmodule modules in NGINX Plus and NGINX Open Source web servers stems from the execution of operations outside of the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause service...

8.1CVSS6.8AI score0.02838EPSS
Exploits1References3Affected Software11
Redos
Redos
added 2026/06/26 12:0 a.m.9 views

ROS-20260626-73-0020

The vulnerability of the ngxhttprewritemodule module in NGINX Plus and NGINX Open Source web servers is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a denial-of-service attack by sending a specially crafte...

9.2CVSS6.3AI score0.04261EPSS
Exploits3
Redos
Redos
added 2026/06/22 12:0 a.m.6 views

ROS-20260622-73-0042

The vulnerability of the ngxhttpmp4module in NGINX Plus and NGINX Open Source HTTP servers is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause service failures or execute arbitrary code...

8.5CVSS6.3AI score0.00918EPSS
Exploits0
Redos
Redos
added 2026/06/22 12:0 a.m.6 views

ROS-20260622-73-0045

The vulnerability of the ngxmailauthhttpmodule module in NGINX Plus and NGINX Open Source is related to the use of the NULL pointer. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

8.7CVSS5.9AI score0.00921EPSS
Exploits0
OSV
OSV
added 2026/06/19 12:0 a.m.4 views

UBUNTU-CVE-2026-48142

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both sourcecharset utf-8; and a charset directive for example, charset koi8-r; configured, remote, unauthenticated attackers can send requests ...

6.3CVSS6AI score0.00398EPSS
Exploits0References4
OSV
OSV
added 2026/06/18 12:0 a.m.4 views

UBUNTU-CVE-2026-11311

When NGINX Plus is configured as the data plane for NGINX Gateway Fabr...

8.6CVSS5.3AI score0.00567EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 3:16 p.m.12 views

CVE-2026-48142

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both sourcecharset utf-8; and a charset directive for example, charset koi8-r; configured, remote, unauthenticated attackers can send requests ...

6.3CVSS0.00398EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/17 2:4 p.m.8 views

CVE-2026-48142

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both sourcecharset utf-8; and a charset directive for example, charset koi8-r; configured, remote, unauthenticated attackers can send requests ...

6.3CVSS5.6AI score0.00398EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/17 2:4 p.m.5 views

CVE-2026-42055

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

9.2CVSS6.5AI score0.02838EPSS
Exploits1
F5 Networks
F5 Networks
added 2026/06/17 1:43 p.m.13 views

K000161611: NGINX Gateway Fabric vulnerability CVE-2026-11311

Security Advisory Description When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens...

8.6CVSS5.5AI score0.00567EPSS
Exploits0Affected Software1
Redos
Redos
added 2026/06/09 12:0 a.m.10 views

ROS-20260609-73-0014

The vulnerability of the ngxhttprewritemodule module in NGINX Plus and NGINX Open Source web servers is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9.2CVSS6.3AI score0.61469EPSS
Exploits40
BDU FSTEC
BDU FSTEC
added 2026/05/25 12:0 a.m.3 views

The vulnerability of the ngx_http_rewrite_module module in NGINX Plus and NGINX Open Source web servers allows a attacker to execute arbitrary code or cause service interruptions.

The vulnerability of the ngxhttprewritemodule module in NGINX Plus and NGINX Open Source web servers is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a denial-of-service attack by sending a specially crafte...

8.1CVSS6.3AI score0.04261EPSS
Exploits3References10Affected Software12
EUVD
EUVD
added 2026/05/22 2:11 p.m.16 views

EUVD-2026-31444

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...

9.2CVSS6.2AI score0.04261EPSS
Exploits3References1
Debian CVE
Debian CVE
added 2026/05/22 2:11 p.m.13 views

CVE-2026-9256

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...

9.2CVSS6.2AI score0.04261EPSS
Exploits3
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.12 views

F5 NGINX Plus和F5 NGINX Open Source 安全漏洞

F5 NGINX Plus and F5 NGINX Open Source are both products of the American company F5. F5 NGINX Plus is a software-based application delivery platform. F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway. Both F5 NGINX Plus and F5 NGINX Open...

9.2CVSS6AI score0.04261EPSS
Exploits3References3
BDU FSTEC
BDU FSTEC
added 2026/05/18 12:0 a.m.2 views

The vulnerability of the ngx_http_charset_module module in NGINX Plus and NGINX Open Source web servers allows attackers to compromise the confidentiality and accessibility of protected information.

The vulnerability of the ngxhttpcharsetmodule module in NGINX Plus and NGINX Open Source web servers is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality and accessibility of protected information...

4.8CVSS6.3AI score0.00717EPSS
Exploits0References6Affected Software12
BDU FSTEC
BDU FSTEC
added 2026/05/18 12:0 a.m.3 views

The vulnerability of the ngx_http_ssl_module module in NGINX Plus and NGINX Open Source web servers allows attackers to compromise the confidentiality and accessibility of protected information.

The vulnerability of the ngxhttpsslmodule module in NGINX Plus and NGINX Open Source web servers is related to the use of memory after deallocation. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality and accessibility of protected information...

4.8CVSS6.1AI score0.00677EPSS
Exploits0References6Affected Software11
BDU FSTEC
BDU FSTEC
added 2026/05/18 12:0 a.m.2 views

The vulnerability of the ngx_quic_module module in NGINX Plus and NGINX Open Source web servers allows a attacker to cause a service failure.

The vulnerability of the ngxquicmodule module in NGINX Plus and NGINX Open Source web servers relates to the bypassing of authentication processes through spoofing. Exploiting this vulnerability can allow a malicious actor to cause service failures...

6.5CVSS5.9AI score0.00367EPSS
Exploits0References6Affected Software12
Rows per page
Query Builder