Lucene search
K

168 matches found

EUVD
EUVD
added 2026/03/24 3:30 p.m.5 views

EUVD-2026-14885

NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation...

6.3CVSS5.9AI score0.00264EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/24 3:30 p.m.2 views

EUVD-2026-14887

NGINX Plus and NGINX Open Source have a vulnerability in the ngxstreamsslmodule module due to the improper handling of revoked certificates when configured with the sslverifyclient on and sslocsp on directives, allowing the TLS handshake to succeed even after an OCSP check identifies the...

5.4CVSS5.9AI score0.00133EPSS
Exploits0References2
NVD
NVD
added 2026/03/24 3:16 p.m.3 views

CVE-2026-32647

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution, using a specially crafted MP4 file. This issue affect...

8.5CVSS0.00918EPSS
Exploits0References19
OSV
OSV
added 2026/03/24 3:16 p.m.4 views

DEBIAN-CVE-2026-28753

NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation...

6.3CVSS5.6AI score0.00264EPSS
Exploits0References1
OSV
OSV
added 2026/03/24 3:16 p.m.6 views

ALPINE-CVE-2026-28755

NGINX Plus and NGINX Open Source have a vulnerability in the ngxstreamsslmodule module due to the improper handling of revoked certificates when configured with the sslverifyclient on and sslocsp on directives, allowing the TLS handshake to succeed even after an OCSP check identifies the...

5.4CVSS5.9AI score0.00133EPSS
Exploits0References1
OSV
OSV
added 2026/03/24 3:16 p.m.8 views

ALPINE-CVE-2026-27654

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names...

8.8CVSS6.1AI score0.21621EPSS
Exploits0References1
OSV
OSV
added 2026/03/24 3:16 p.m.4 views

DEBIAN-CVE-2026-27651

When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the Auth-Wait...

8.7CVSS5.4AI score0.00921EPSS
Exploits0References1
NVD
NVD
added 2026/03/24 3:16 p.m.15 views

CVE-2026-27651

When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the Auth-Wait...

8.7CVSS0.00921EPSS
Exploits0References19
OSV
OSV
added 2026/03/24 3:16 p.m.4 views

UBUNTU-CVE-2026-27651

When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the Auth-Wait...

8.7CVSS5.8AI score0.00921EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/03/24 3:16 p.m.5 views

CVE-2026-32647

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution, using a specially crafted MP4 file. This issue affect...

8.5CVSS5.9AI score0.00918EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/03/24 3:16 p.m.8 views

CVE-2026-27651

When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the Auth-Wait...

8.7CVSS5.8AI score0.00921EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/03/24 3:16 p.m.7 views

CVE-2026-27654

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names...

8.8CVSS5.8AI score0.21621EPSS
Exploits0References3
OSV
OSV
added 2026/03/24 3:16 p.m.4 views

UBUNTU-CVE-2026-27654

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names...

8.8CVSS6.1AI score0.21621EPSS
Exploits0References5
OSV
OSV
added 2026/03/24 3:16 p.m.3 views

UBUNTU-CVE-2026-28755

NGINX Plus and NGINX Open Source have a vulnerability in the ngxstreamsslmodule module due to the improper handling of revoked certificates when configured with the sslverifyclient on and sslocsp on directives, allowing the TLS handshake to succeed even after an OCSP check identifies the...

5.4CVSS5.4AI score0.00133EPSS
Exploits0References4
OSV
OSV
added 2026/03/24 3:16 p.m.9 views

UBUNTU-CVE-2026-32647

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution, using a specially crafted MP4 file. This issue affect...

8.5CVSS9.2AI score0.00918EPSS
Exploits0References5
OSV
OSV
added 2026/03/24 3:16 p.m.4 views

UBUNTU-CVE-2026-28753

NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation...

6.3CVSS5.6AI score0.00264EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/24 2:13 p.m.26 views

CVE-2026-27651

When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the Auth-Wait...

8.7CVSS5.8AI score0.00921EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/03/24 2:13 p.m.4 views

CVE-2026-27651

When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the Auth-Wait...

8.7CVSS5.4AI score0.00921EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/24 2:13 p.m.47 views

CVE-2026-27654

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names...

8.8CVSS6.1AI score0.21621EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/24 2:13 p.m.5 views

CVE-2026-28755

NGINX Plus and NGINX Open Source have a vulnerability in the ngxstreamsslmodule module due to the improper handling of revoked certificates when configured with the sslverifyclient on and sslocsp on directives, allowing the TLS handshake to succeed even after an OCSP check identifies the...

5.4CVSS5.9AI score0.00133EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder