Lucene search
+L

6573 matches found

RedhatCVE
RedhatCVE
added yesterday9 views

CVE-2026-42533

A flaw was found in NGINX. An unauthenticated attacker can exploit this vulnerability by sending specially crafted HTTP requests when the map directive uses regular expression regex matching and references regex capture variables before referencing the map output variable. This can lead to a heap...

9.2CVSS7.8AI score0.0083EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday44 views

WordPress Varnish/Nginx Proxy Caching <= 1.8.3 - Information Exposure

Razvan Stanga Varnish/Nginx Proxy Caching = 1.8.3 contains an insertion of sensitive information into sent data vulnerability caused by improper handling of embedded sensitive data, letting attackers retrieve sensitive information, exploit requires crafted requests. id: CVE-2025-62126 info: name:...

5.3CVSS5.1AI score0.00659EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday40 views

Nginx UI < 2.3.3 - Information Disclosure

Nginx UI 2.3.3 contains an information disclosure vulnerability caused by unauthenticated access to /api/backup endpoint exposing encryption keys in X-Backup-Security header, letting unauthenticated attackers download and decrypt full system backups. id: CVE-2026-27944 info: name: Nginx UI 2.3.3 ...

9.8CVSS7.5AI score0.22162EPSS
Exploits13References3
Nuclei
Nuclei
added yesterday25 views

Nginx UI - Broken Access Control

Network attackers can fully control nginx service, including config modification and service restart, leading to complete service takeover. id: CVE-2026-33032 info: name: Nginx UI - Broken Access Control author: DhiyaneshDk severity: critical description: | Network attackers can fully control ngi...

9.8CVSS8.6AI score0.38477EPSS
Exploits4References3
Nuclei
Nuclei
added yesterday88 views

Discourse Backup File Disclosure Via Default Nginx Configuration

Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use FileStore--LocalStore which means uploads and backups are stored locally on disk. If an attacker knows the name of the Discourse backup file, the attacker can trick...

7.5CVSS7.3AI score0.25431EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added yesterday6 views

nginx-1.31.3-1.1 on GA media (moderate)

nginx-1.31.3-1.1 on GA media Announcement ID: openSUSE-SU-2026:11295-1 Rating: moderate Cross-References: CVE-2026-42533 CVE-2026-56434 CVE-2026-60005 CVSS scores: CVE-2026-42533 SUSE : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-42533 SUSE : 9.2...

9.2CVSS7.6AI score0.0083EPSS
Exploits1
Nuclei
Nuclei
added 2 days ago414 views

Ingress-Nginx Controller - Remote Code Execution

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. Note...

9.8CVSS7.8AI score0.99098EPSS
Exploits20References5
Nuclei
Nuclei
added 2 days ago46 views

Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-tls-match-cn` Annotation

A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of...

8.8CVSS7.2AI score0.34677EPSS
Exploits7References3
Nuclei
Nuclei
added 2 days ago30 views

Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-url` Annotation

A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the auth-url Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...

8.8CVSS7.2AI score0.31809EPSS
Exploits8References3
OSV
OSV
added 2 days ago4 views

OPENSUSE-SU-2026:11295-1 nginx-1.31.3-1.1 on GA media

These are all security issues fixed in the nginx-1.31.3-1.1 package on the GA media of openSUSE Tumbleweed...

9.2CVSS5.2AI score0.0083EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2 days ago13 views

The vulnerability of the NGINX Plus and NGINX Open Source HTTP-server directives allows attackers to execute arbitrary code or cause service interruptions.

The vulnerability of the NGINX Plus and NGINX Open Source HTTP-server directives is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure by sending a specially crafted HTTP request...

8.1CVSS6.3AI score0.0083EPSS
Exploits1References4Affected Software7
Nuclei
Nuclei
added 3 days ago47 views

Ingress-Nginx Controller - Configuration Injection via Unsanitized Mirror Annotations

A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the mirror-target and mirror-host Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx...

8.8CVSS6.9AI score0.83066EPSS
Exploits7References3
Nuclei
Nuclei
added 3 days ago86 views

Xiaomi Mi WiFi R3G Routers - Local file Inclusion

Xiaomi Mi WiFi R3G devices before 2.28.23-stable are susceptible to local file inclusion vulnerabilities via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability, the attacker can bypass authentication. id: CVE-2019-18371...

7.5CVSS7AI score0.55872EPSS
Exploits2References5
OSV
OSV
added 3 days ago5 views

UBUNTU-CVE-2026-60005

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpslicemodule module. When the slice directive and unnamed regex captures are configured or when a background cache update happens, unauthenticated attackers can send requests that may cause uninitialized memory access in the NGINX...

8.8CVSS6.1AI score0.0061EPSS
Exploits0References3
OSV
OSV
added 3 days ago6 views

UBUNTU-CVE-2026-42533

A vulnerability exists in NGINX Plus and NGINX Open Source when a map directive uses regex matching and a string expression references the map's regex capture variables before referencing the map output variable. Alternatively, the same result could be achieved by using a non-cacheable variable i...

9.2CVSS6.4AI score0.0083EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 3 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-42533

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability exists in NGINX Plus and NGINX Open Source when a map directive uses regex matching and a string expression references the map's regex capture...

9.2CVSS6.4AI score0.0083EPSS
Exploits1References2
OSV
OSV
added 3 days ago5 views

UBUNTU-CVE-2026-56434

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpssimodule module. This vulnerability may exist when the Server-Side Includes SSI, proxypass, and proxybuffering off directives are configured. With this configuration, an unauthenticated attacker with man-in-the-middle MITM abili...

8.3CVSS6.1AI score0.00387EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 3 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-56434

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpssimodule module. This vulnerability may exist when the Server-Side Includes SSI, proxypass,...

8.3CVSS5.5AI score0.00387EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 3 days ago5 views

Linux Distros Unpatched Vulnerability : CVE-2026-60005

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpslicemodule module. When the slice directive and unnamed regex captures are configured or wh...

8.8CVSS5.4AI score0.0061EPSS
Exploits0References3
NVD
NVD
added 4 days ago6 views

CVE-2026-60065

When NGINX Plus is configured to use the Message Queuing Telemetry Transport MQTT filter module ngxstreammqttfiltermodule, unauthenticated attackers can send requests with conditions beyond the attacker's control to cause a heap buffer over-read in the NGINX worker process, leading to a restart...

6.3CVSS0.00265EPSS
Exploits0References1
Rows per page
Query Builder