Lucene search
K

178 matches found

OSV
OSV
added 2026/05/15 8:50 a.m.9 views

BIT-NGINX-2026-42934 NGINX ngx_http_charset_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When charset, sourcecharset, and charsetmap and proxypass with disabled buffering "off" directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers' contr...

6.3CVSS6.1AI score0.00717EPSS
Exploits0References2
OSV
OSV
added 2026/05/15 8:50 a.m.11 views

BIT-NGINX-GATEWAY-2026-40701 NGINX ngx_http_ssl_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpsslmodule module when the sslverifyclient directive is set to "on" or "optional," and the sslocsp directive is set to "on" or the leaf parameters are configured with a resolver. With this configuration, an unauthenticated attacke...

6.3CVSS6AI score0.00677EPSS
Exploits0References2
OSV
OSV
added 2026/05/15 8:50 a.m.7 views

BIT-NGINX-2026-40460 NGINX ngx_quic_module vulnerability

When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.9CVSS5.8AI score0.00367EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2026/05/15 12:0 a.m.3 views

The vulnerability of the ngx_http_rewrite_module module in NGINX Plus and NGINX Open Source web servers allows a perpetrator to execute arbitrary code.

The vulnerability of the ngxhttprewritemodule module in NGINX Plus and NGINX Open Source web servers is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

8.1CVSS6.6AI score0.61469EPSS
Exploits40References8Affected Software12
EUVD
EUVD
added 2026/05/13 6:30 p.m.12 views

EUVD-2026-29974

When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.9CVSS5.8AI score0.00367EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 4:16 p.m.15 views

CVE-2026-42934

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When charset, sourcecharset, and charsetmap and proxypass with disabled buffering "off" directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers' contr...

6.3CVSS0.00717EPSS
Exploits0References1
OSV
OSV
added 2026/05/13 4:16 p.m.7 views

ALPINE-CVE-2026-40460

When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.9CVSS5.8AI score0.00367EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/13 2:12 p.m.9 views

CVE-2026-40460

When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.9CVSS5.8AI score0.00367EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/13 2:12 p.m.12 views

CVE-2026-40460

When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.9CVSS5.8AI score0.00367EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/05/13 2:12 p.m.9 views

CVE-2026-42934

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When charset, sourcecharset, and charsetmap and proxypass with disabled buffering "off" directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers' contr...

6.3CVSS5.9AI score0.00717EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/13 2:12 p.m.12 views

CVE-2026-40701

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpsslmodule module when the sslverifyclient directive is set to "on" or "optional," and the sslocsp directive is set to "on" or the leaf parameters are configured with a resolver. With this configuration, an unauthenticated attacke...

6.3CVSS6AI score0.00677EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/05/13 12:25 p.m.28 views

K000161019: NGINX ngx_http_rewrite_module vulnerability CVE-2026-42945

Security Advisory Description NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when the "rewrite" directive with a query string is followed in the same location by the "if" or "set" directive with an unnamed Perl-Compatible Regula...

9.2CVSS6.6AI score0.61469EPSS
Exploits40Affected Software9
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

F5 NGINX Plus和F5 NGINX Open Source 资源管理错误漏洞

F5 NGINX Plus and F5 NGINX Open Source are both products of the American company F5. F5 NGINX Plus is a software-based application delivery platform. F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway. Both F5 NGINX Plus and F5 NGINX Open...

6.3CVSS6AI score0.00677EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

F5 NGINX Plus和F5 NGINX Open Source 安全漏洞

F5 NGINX Plus and F5 NGINX Open Source are both products of the American company F5. F5 NGINX Plus is a software-based application delivery platform. F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway. Both F5 NGINX Plus and F5 NGINX Open...

6.9CVSS5.8AI score0.00367EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

F5 NGINX Plus和F5 NGINX Open Source 安全漏洞

F5 NGINX Plus and F5 NGINX Open Source are both products of the American company F5. F5 NGINX Plus is a software-based application delivery platform. F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway. Both F5 NGINX Plus and F5 NGINX Open...

9.2CVSS6.3AI score0.61469EPSS
Exploits40References5
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.13 views

PT-2026-40648

Name of the Vulnerable Software and Affected Versions NGINX Plus affected versions not specified NGINX Open Source affected versions not specified Description When configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address. This can lead to the bypass of...

6.9CVSS5.8AI score0.00367EPSS
Exploits0References41
Redos
Redos
added 2026/05/12 12:0 a.m.10 views

ROS-20260512-73-0005

A vulnerability in the ngxhttpdavmodule module of the NGINX Plus and NGINX Open Source HTTP server is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

8.8CVSS6.1AI score0.21621EPSS
Exploits0
Redos
Redos
added 2026/05/05 12:0 a.m.8 views

ROS-20260505-73-0074

A vulnerability in the ngxstreamsslmodule module of the NGINX Plus and NGINX Open Source HTTP server is related to a flaw in the authorization procedure. Exploitation of the vulnerability may allow a remote intruder to bypass security restrictions and gain unauthorized access to protected...

5.4CVSS5.8AI score0.00133EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: nginx (UTSA-2026-014284)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014284 advisory. NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module module, which might allow an attacker to trigger a buffer over-read or over-write to th...

8.5CVSS9.1AI score0.00918EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.7 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: nginx (UTSA-2026-014290)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014290 advisory. NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX worker...

8.8CVSS5.8AI score0.21621EPSS
Exploits0References4
Rows per page
Query Builder