CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6238 matches found

SUSE CVE•added 2026/03/25 12:26 a.m.•4 views

SUSE CVE-2026-28753

NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation...

3.7CVSS6AI score0.0025EPSS

Exploits0References5

Tenable Nessus•added 2026/03/25 12:0 a.m.•8 views

Ingress-NGINX Controller < 1.13.9 / 1.14.x < 1.14.5 / 1.15.x < 1.15.1 Configuration Injection

The version of Ingress-NGINX controller installed on the remote host is prior to 1.13.9, 1.14.5, or 1.15.1. It is, therefore, affected by a configuration injection vulnerability. A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject...

8.8CVSS6.5AI score0.01494EPSS

Exploits1References2

Tenable Nessus•added 2026/03/25 12:0 a.m.•6 views

Oracle Linux 9 : nginx (ELSA-2026-5599)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-5599 advisory. - Resolves: RHEL-146525 - nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections CVE-2026-1642 - Resolves: RHEL-84477 - nginx:...

8.2CVSS6.8AI score0.01069EPSS

Exploits2References2

Oracle linux•added 2026/03/25 12:0 a.m.•10 views

nginx security update

1.20.1-24.0.1.el97.1 - Reference oracle-indexhtml within Requires Orabug: 33802044 - Remove Red Hat references Orabug: 29498217 - Update upstream references Orabug: 36579090 2:1.20.1-24.1 - Resolves: RHEL-146525 - nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connection...

8.2CVSS6AI score0.00331EPSS

Exploits0

Tenable Nessus•added 2026/03/25 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-28753

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allo...

6.3CVSS5.7AI score0.0025EPSS

Exploits0References2

Tenable Nessus•added 2026/03/25 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-27784

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 32-bit implementation of NGINX Open Source has a vulnerability in the ngxhttpmp4module module, which might allow an attacker to over-read or over-write NGIN...

8.5CVSS5.8AI score0.00285EPSS

Exploits0References2

Tenable Nessus•added 2026/03/25 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2026-27654

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX work...

8.8CVSS6.1AI score0.0047EPSS

Exploits0References2

OSV•added 2026/03/25 12:0 a.m.•4 views

OPENSUSE-SU-2026:10423-1 nginx-1.29.7-1.1 on GA media

These are all security issues fixed in the nginx-1.29.7-1.1 package on the GA media of openSUSE Tumbleweed...

8.8CVSS5.9AI score0.00481EPSS

Exploits0References6

Tenable Nessus•added 2026/03/25 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-28755

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Plus and NGINX Open Source have a vulnerability in the ngxstreamsslmodule module due to the improper handling of revoked certificates when configured with...

5.4CVSS5.8AI score0.00128EPSS

Exploits0References2

Tenable Nessus•added 2026/03/25 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2026-32647

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module module, which might allow an attacker to trigger a buffer over-read or over-write ...

8.5CVSS7.8AI score0.00333EPSS

Exploits0References2

RedhatCVE•added 2026/03/24 8:51 p.m.•3 views

CVE-2026-27654

A flaw was found in NGINX. A remote attacker can exploit a buffer overflow vulnerability within the ngxhttpdavmodule module. This occurs when the NGINX configuration uses DAV module MOVE or COPY methods in conjunction with prefix location and alias directives. Successful exploitation may lead to...

8.8CVSS5.7AI score0.0047EPSS

Exploits0References4

RedhatCVE•added 2026/03/24 8:51 p.m.•2 views

CVE-2026-27784

A flaw was found in NGINX Open Source, specifically within the ngxhttpmp4module. An attacker can exploit this memory corruption vulnerability by providing a specially crafted MP4 file. This can lead to an over-read or over-write of NGINX worker memory, causing the worker to terminate and resultin...

8.5CVSS5.6AI score0.00285EPSS

Exploits0References4

RedhatCVE•added 2026/03/24 8:51 p.m.•1 views

CVE-2026-28755

A flaw was found in NGINX, specifically within its ngxstreamsslmodule. When NGINX is configured to verify client certificates and use the Online Certificate Status Protocol OCSP for revocation checks, it fails to properly enforce the revocation status. This allows a Transport Layer Security TLS...

5.4CVSS5.5AI score0.00128EPSS

Exploits0References4

EUVD•added 2026/03/24 3:30 p.m.•1 views

EUVD-2026-14887

NGINX Plus and NGINX Open Source have a vulnerability in the ngxstreamsslmodule module due to the improper handling of revoked certificates when configured with the sslverifyclient on and sslocsp on directives, allowing the TLS handshake to succeed even after an OCSP check identifies the...

5.4CVSS5.9AI score0.00128EPSS

Exploits0References2

EUVD•added 2026/03/24 3:30 p.m.•2 views

EUVD-2026-14885

6.3CVSS5.9AI score0.0025EPSS

Exploits0References2

EUVD•added 2026/03/24 3:30 p.m.•2 views

EUVD-2026-14883

The 32-bit implementation of NGINX Open Source has a vulnerability in the ngxhttpmp4module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The issue only affects 32-bit NGINX Open Source if it i...

8.5CVSS5.8AI score0.00285EPSS

Exploits0References2

EUVD•added 2026/03/24 3:30 p.m.•2 views

EUVD-2026-14881

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names...

8.8CVSS6.1AI score0.0047EPSS

Exploits0References2

EUVD•added 2026/03/24 3:30 p.m.•2 views

EUVD-2026-14897

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution, using a specially crafted MP4 file. This issue affect...

8.5CVSS6.1AI score0.00333EPSS

Exploits0References2