Lucene search
K

178 matches found

UbuntuCve
UbuntuCve
added 2026/03/24 3:16 p.m.9 views

CVE-2026-27651

When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the Auth-Wait...

8.7CVSS5.8AI score0.00921EPSS
Exploits0References3
OSV
OSV
added 2026/03/24 3:16 p.m.4 views

UBUNTU-CVE-2026-27651

When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the Auth-Wait...

8.7CVSS5.8AI score0.00921EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/03/24 3:16 p.m.7 views

CVE-2026-27654

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names...

8.8CVSS5.8AI score0.21621EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/03/24 3:16 p.m.6 views

CVE-2026-32647

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution, using a specially crafted MP4 file. This issue affect...

8.5CVSS5.9AI score0.00918EPSS
Exploits0References3
OSV
OSV
added 2026/03/24 3:16 p.m.3 views

UBUNTU-CVE-2026-28755

NGINX Plus and NGINX Open Source have a vulnerability in the ngxstreamsslmodule module due to the improper handling of revoked certificates when configured with the sslverifyclient on and sslocsp on directives, allowing the TLS handshake to succeed even after an OCSP check identifies the...

5.4CVSS5.4AI score0.00133EPSS
Exploits0References4
OSV
OSV
added 2026/03/24 3:16 p.m.4 views

UBUNTU-CVE-2026-28753

NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation...

6.3CVSS5.6AI score0.00264EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/24 2:13 p.m.26 views

CVE-2026-27651

When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the Auth-Wait...

8.7CVSS5.8AI score0.00921EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/03/24 2:13 p.m.4 views

CVE-2026-27651

When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the Auth-Wait...

8.7CVSS5.4AI score0.00921EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/03/24 2:13 p.m.2 views

CVE-2026-27654

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names...

8.8CVSS6.1AI score0.21621EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/03/24 2:13 p.m.3 views

CVE-2026-28755

NGINX Plus and NGINX Open Source have a vulnerability in the ngxstreamsslmodule module due to the improper handling of revoked certificates when configured with the sslverifyclient on and sslocsp on directives, allowing the TLS handshake to succeed even after an OCSP check identifies the...

5.4CVSS5.9AI score0.00133EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/24 2:13 p.m.47 views

CVE-2026-27654

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names...

8.8CVSS6.1AI score0.21621EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/24 2:13 p.m.65 views

CVE-2026-27654 NGINX ngx_http_dav_module vulnerability

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names...

8.8CVSS0.21621EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/24 2:13 p.m.5 views

CVE-2026-28755

NGINX Plus and NGINX Open Source have a vulnerability in the ngxstreamsslmodule module due to the improper handling of revoked certificates when configured with the sslverifyclient on and sslocsp on directives, allowing the TLS handshake to succeed even after an OCSP check identifies the...

5.4CVSS5.9AI score0.00133EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/24 2:13 p.m.22 views

CVE-2026-32647 NGINX ngx_http_mp4_module vulnerability

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution, using a specially crafted MP4 file. This issue affect...

8.5CVSS0.00918EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2026/03/24 1:10 p.m.20 views

K000160366: NGINX ngx_http_mp4_module vulnerability CVE-2026-32647

Security Advisory Description NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution, using a specially craft...

8.5CVSS6.1AI score0.00918EPSS
Exploits0Affected Software2
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.12 views

F5 NGINX Plus和F5 NGINX Open Source 安全漏洞

F5 NGINX Plus and F5 NGINX Open Source are both products of the American company F5. F5 NGINX Plus is a software-based application delivery platform. F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway. Both F5 NGINX Plus and F5 NGINX Open...

5.4CVSS5.7AI score0.00133EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.12 views

F5 NGINX Plus和F5 NGINX Open Source 注入漏洞

F5 NGINX Plus and F5 NGINX Open Source are both products of the American company F5. F5 NGINX Plus is a software-based application delivery platform. F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway. Both F5 NGINX Plus and F5 NGINX Open...

6.3CVSS5.9AI score0.00264EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.12 views

F5 NGINX Plus和F5 NGINX Open Source 缓冲区错误漏洞

F5 NGINX Plus and F5 NGINX Open Source are both products of the American company F5. F5 NGINX Plus is a software-based application delivery platform. F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway. Both NGINX Open Source and NGINX Plus...

8.5CVSS7.8AI score0.00918EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.5 views

PT-2026-27430

Name of the Vulnerable Software and Affected Versions NGINX Open Source and NGINX Plus affected versions not specified Description NGINX Open Source and NGINX Plus are affected by a buffer overflow in the ngx http dav module module. Exploitation of this issue may allow a remote attacker to cause ...

8.8CVSS7.6AI score0.21621EPSS
Exploits0References111
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.5 views

PT-2026-27432

Name of the Vulnerable Software and Affected Versions NGINX Plus and NGINX Open Source affected versions not specified Description The software contains a flaw in the ngx mail smtp module module related to how it processes Carriage Return Line Feed CRLF sequences within DNS responses. An attacker...

8.5CVSS5.8AI score0.00918EPSS
Exploits0References45
Rows per page
Query Builder