Lucene search
K

133 matches found

AlpineLinux
AlpineLinux
added 2026/03/24 2:13 p.m.2 views

CVE-2026-27784

The 32-bit implementation of NGINX Open Source has a vulnerability in the ngxhttpmp4module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The issue only affects 32-bit NGINX Open Source if it i...

8.5CVSS5.8AI score0.01031EPSS
Exploits0
CVE
CVE
added 2026/03/24 2:13 p.m.52 views

CVE-2026-27784

The CVE-2026-27784 issue affects 32-bit builds of NGINX Open Source that are compiled with the ngx_http_mp4_module and configured to use the mp4 directive. The vulnerability arises in the 32-bit implementation of NGINX Open Source when processing a specially crafted MP4 file via the ngx_http_mp4_...

8.5CVSS5.8AI score0.01031EPSS
Exploits0References19Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/24 2:13 p.m.5 views

CVE-2026-27784

The 32-bit implementation of NGINX Open Source has a vulnerability in the ngxhttpmp4module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The issue only affects 32-bit NGINX Open Source if it i...

8.5CVSS5.8AI score0.01031EPSS
Exploits0References2Affected Software1
F5 Networks
F5 Networks
added 2026/03/24 1:46 p.m.12 views

K000160336: Out-of-band Security Notification (March 24, 2026)

Security Advisory Description On March 24, 2026, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. High CVEs...

8.8CVSS5.8AI score0.21621EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/03/24 1:5 p.m.11 views

K000160364: NGINX ngx_http_mp4_module vulnerability CVE-2026-27784

Security Advisory Description The 32-bit implementation of NGINX Open Source has a vulnerability in the ngxhttpmp4module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The issue only affects...

8.5CVSS5.8AI score0.01031EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.12 views

F5 NGINX Plus和F5 NGINX Open Source 安全漏洞

F5 NGINX Plus and F5 NGINX Open Source are both products of the American company F5. F5 NGINX Plus is a software-based application delivery platform. F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway. Both F5 NGINX Plus and F5 NGINX Open...

5.4CVSS5.7AI score0.00133EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.12 views

F5 NGINX Plus和F5 NGINX Open Source 注入漏洞

F5 NGINX Plus and F5 NGINX Open Source are both products of the American company F5. F5 NGINX Plus is a software-based application delivery platform. F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway. Both F5 NGINX Plus and F5 NGINX Open...

6.3CVSS5.9AI score0.00264EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.4 views

PT-2026-27433

Name of the Vulnerable Software and Affected Versions NGINX Plus affected versions not specified NGINX Open Source affected versions not specified Description The ngx stream ssl module module contains an issue with the improper handling of revoked certificates. When configured with the ssl verify...

8.8CVSS6.1AI score0.21621EPSS
Exploits0References39
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.5 views

PT-2026-27429

Name of the Vulnerable Software and Affected Versions NGINX Open Source affected versions not specified NGINX Plus affected versions not specified Description When the ngx mail auth http module module is enabled, certain undisclosed requests can lead to the termination of worker processes. This...

8.7CVSS5.8AI score0.00921EPSS
Exploits0References108
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.8 views

F5 NGINX Plus和F5 NGINX Open Source 代码问题漏洞

F5 NGINX Plus and F5 NGINX Open Source are both products of the American company F5. F5 NGINX Plus is a software-based application delivery platform. F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway. Both F5 NGINX Plus and F5 NGINX Open...

8.7CVSS5.9AI score0.00921EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.8 views

F5 NGINX Plus和F5 NGINX Open Source 安全漏洞

F5 NGINX Plus and F5 NGINX Open Source are both products of the American company F5. F5 NGINX Plus is a software-based application delivery platform. F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway. Both F5 NGINX Plus and F5 NGINX Open...

8.8CVSS6.1AI score0.21621EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.11 views

F5 NGINX Plus和F5 NGINX Open Source 缓冲区错误漏洞

F5 NGINX Plus and F5 NGINX Open Source are both products of the American company F5. F5 NGINX Plus is a software-based application delivery platform. F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway. Both NGINX Open Source and NGINX Plus...

8.5CVSS7.8AI score0.00918EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.4 views

PT-2026-27430

Name of the Vulnerable Software and Affected Versions NGINX Open Source and NGINX Plus affected versions not specified Description NGINX Open Source and NGINX Plus are affected by a buffer overflow in the ngx http dav module module. Exploitation of this issue may allow a remote attacker to cause ...

8.8CVSS7.6AI score0.21621EPSS
Exploits0References111
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.5 views

PT-2026-27431

Name of the Vulnerable Software and Affected Versions NGINX Open Source affected versions not specified Description The 32-bit implementation of NGINX Open Source contains an issue within the ngx http mp4 module module. This can allow an attacker to read from or write to NGINX worker memory,...

8.8CVSS5.8AI score0.21621EPSS
Exploits0References94
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.5 views

PT-2026-27432

Name of the Vulnerable Software and Affected Versions NGINX Plus and NGINX Open Source affected versions not specified Description The software contains a flaw in the ngx mail smtp module module related to how it processes Carriage Return Line Feed CRLF sequences within DNS responses. An attacker...

8.5CVSS5.8AI score0.00918EPSS
Exploits0References45
Redos
Redos
added 2026/02/24 12:0 a.m.8 views

ROS-20260224-73-0002

A vulnerability in the TLS 1.3 protocol implementation of NGINX Plus and NGINX Open Source web servers is related to a flaw in the authentication procedure. Exploitation of the vulnerability may allow an intruder acting remotely to gain unauthorized access to protected information...

5.3CVSS5.3AI score0.02646EPSS
Exploits0
OSV
OSV
added 2026/02/04 3:16 p.m.6 views

ALPINE-CVE-2026-1642

A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security TLS servers. An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data in...

8.2CVSS5.4AI score0.00339EPSS
Exploits0References1
NVD
NVD
added 2026/02/04 3:16 p.m.8 views

CVE-2026-1642

A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security TLS servers. An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data in...

8.2CVSS0.00339EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/04 3:2 p.m.12 views

EUVD-2026-5498

A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security TLS servers. An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data in...

8.2CVSS5.5AI score0.00339EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/02/04 3:2 p.m.14 views

CVE-2026-1642

A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security TLS servers. An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data in...

8.2CVSS5.5AI score0.00339EPSS
Exploits0
Rows per page
Query Builder