RockyLinux 10 : nginx (RLSA-2026:19159)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19159 advisory. nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 Tenable has extracted the preceding description block directly from the RockyLinux security...

New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. The vulnerability has been codenamed HTTP/2 Bomb by Calif. "The vulnerable behavior exists in each server's...

CVE-2026-9256 vulnerabilities

Vulnerabilities for packages: nginx-mainline, nginx-stable...

GHSA-H78R-86C6-JGP4 vulnerabilities

Vulnerabilities for packages: nginx-mainline, nginx-stable...

CVE-2026-9256 vulnerabilities

Vulnerabilities for packages: nginx-stable, nginx-mainline...

GHSA-H78R-86C6-JGP4 vulnerabilities

Vulnerabilities for packages: nginx-stable, nginx-mainline...

Exploit for CVE-2026-9256

CVE-2026-9...

RockyLinux 9 : nginx:1.24 (RLSA-2026:19371)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19371 advisory. nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 Tenable has extracted the preceding description block directly from the RockyLinux security...

PT-2026-45945

Name of the Vulnerable Software and Affected Versions Apache HTTP Server affected versions not specified mod http2 versions prior to 2.0.41 Description Apache HTTP Server incorrectly handles certain cookie headers in its HTTP/2 implementation, leading to a denial of service. This issue, known as...

May Linux Patch Wednesday

May Linux Patch Wednesday. A total of 1,638 vulnerabilities 474 in the Linux kernel. For comparison, in April there were 1,035 vulnerabilities a record!. And this time it turns out to be a record again, more than one and a half times higher! The acceleration is both impressive and alarming. But w...

USN-8354-1: nginx vulnerabilities

It was discovered that nginx did not properly validate source addresses in the HTTP/3 QUIC module. A remote attacker could possibly use this issue to bypass authorization checks or rate limiting. This issue only affected Ubuntu 25.04 and Ubuntu 25.10. CVE-2026-40460 It was discovered that nginx...

USN-8354-1 nginx vulnerabilities

It was discovered that nginx did not properly validate source addresses in the HTTP/3 QUIC module. A remote attacker could possibly use this issue to bypass authorization checks or rate limiting. This issue only affected Ubuntu 25.04 and Ubuntu 25.10. CVE-2026-40460 It was discovered that nginx...

BIT-NGINX-2026-9256 NGINX ngx_http_rewrite_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...

[SECURITY] Fedora 43 Update: nginx-mod-fancyindex-0.6.0-5.fc43

The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...

[SECURITY] Fedora 43 Update: nginx-1.30.2-1.fc43

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

[SECURITY] Fedora 43 Update: nginx-mod-naxsi-1.6-18.fc43

naxsi is an nginx module that provides score based Web Application Firewall WAF abilities in a highly granular fashion...

[SECURITY] Fedora 43 Update: nginx-mod-headers-more-0.39-10.fc43

This module allows adding, setting, or clearing specified input/output header s. This is an enhanced version of the standard headers module because it provides more utilities like resetting or clearing "builtin headers" like Content-Type, Content-Length, and Server...

[SECURITY] Fedora 43 Update: nginx-mod-brotli-1.0.0~rc-10.fc43

NGINX module for Brotli compression...

[SECURITY] Fedora 43 Update: nginx-mod-modsecurity-1.0.4-11.fc43

The ModSecurity-nginx connector is the connection point between nginx and libmodsecurity ModSecurity v3. Said another way, this project provides a communication channel between nginx and libmodsecurity. This connector is required to use LibModSecurity with nginx. The ModSecurity-nginx connector...

[SECURITY] Fedora 43 Update: nginx-mod-vts-0.2.4-10.fc43

Nginx virtual host traffic status module...