Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6256 matches found

Tenable Nessus
Tenable Nessusadded 2024/06/08 12:0 a.m.31 views

Fedora 40 : nginx (2024-06e6dcbb42)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-06e6dcbb42 advisory. Security: when using HTTP/3, processing of a specially crafted QUIC session might cause a worker process crash, worker process memory disclosure on...

6.5CVSS6.5AI score0.00917EPSS
Exploits0References5
OSV
OSVadded 2024/06/06 7:16 p.m.15 views

CVE-2024-3149

A Server-Side Request Forgery SSRF vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin roles, processes uploaded links through an internal Collector API using a headless browser. An attacker can exploit this by...

8.8CVSS6.9AI score
Exploits0References2
NVD
NVDadded 2024/06/06 7:16 p.m.30 views

CVE-2024-3149

A Server-Side Request Forgery SSRF vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin roles, processes uploaded links through an internal Collector API using a headless browser. An attacker can exploit this by...

9.6CVSS0.00519EPSS
Exploits1References2
Cvelist
Cvelistadded 2024/06/06 6:43 p.m.31 views

CVE-2024-3149 SSRF in mintplex-labs/anything-llm

A Server-Side Request Forgery SSRF vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin roles, processes uploaded links through an internal Collector API using a headless browser. An attacker can exploit this by...

9.6CVSS0.00519EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2024/06/06 6:43 p.m.16 views

CVE-2024-3149 SSRF in mintplex-labs/anything-llm

A Server-Side Request Forgery SSRF vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin roles, processes uploaded links through an internal Collector API using a headless browser. An attacker can exploit this by...

9.6CVSS7AI score0.00519EPSS
Exploits1References2
BDU FSTEC
BDU FSTECadded 2024/06/05 12:0 a.m.4 views

The vulnerability of the HTTP/3 QUIC module (ngx_http_v3_module) in NGINX Plus and NGINX OSS web servers allows a attacker to cause a service failure.

The vulnerability of the HTTP/3 QUIC module ngxhttpv3module in NGINX Plus and NGINX OSS relates to the assignment of the zero pointer. Exploiting this vulnerability can allow a malicious actor to cause service interruptions by sending specially crafted HTTP/3 requests...

7.8CVSS6.6AI score0.00917EPSS
Exploits0References7Affected Software3
BDU FSTEC
BDU FSTECadded 2024/06/05 12:0 a.m.3 views

The vulnerability of the HTTP/3 QUIC module (ngx_http_v3_module) in NGINX Plus and NGINX OSS web servers allows a attacker to cause a service failure.

The vulnerability of the HTTP/3 QUIC module ngxhttpv3module in NGINX Plus and NGINX OSS servers is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause service interruptions by sending specially crafted HTTP/3 requests...

7.8CVSS7.1AI score0.00848EPSS
Exploits0References7Affected Software3
BDU FSTEC
BDU FSTECadded 2024/06/05 12:0 a.m.2 views

The vulnerability of the HTTP/3 QUIC module (ngx_http_v3_module) in NGINX Plus and NGINX OSS web servers allows a attacker to cause a service failure.

The vulnerability of the HTTP/3 QUIC module ngxhttpv3module in NGINX Plus and NGINX OSS servers is related to buffer overflow in the stack. Exploiting this vulnerability can allow a malicious actor to cause service interruptions by sending specially crafted HTTP/3 requests...

6.5CVSS6.9AI score0.00872EPSS
Exploits0References7Affected Software3
OSV
OSVadded 2024/06/04 9:50 a.m.27 views

BIT-NGINX-2024-24989 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

7.5CVSS7.5AI score0.01061EPSS
Exploits0References3
OSV
OSVadded 2024/06/04 9:50 a.m.45 views

BIT-NGINX-2024-24990 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

7.5CVSS7.5AI score0.00914EPSS
Exploits0References3
OSV
OSVadded 2024/06/04 9:50 a.m.21 views

BIT-NGINX-2024-31079 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacke...

4.8CVSS5.1AI score0.00872EPSS
Exploits0References5
OSV
OSVadded 2024/06/04 9:49 a.m.33 views

BIT-NGINX-2024-32760 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact...

6.5CVSS6.5AI score0.00848EPSS
Exploits0References5
OSV
OSVadded 2024/06/04 9:49 a.m.23 views

BIT-NGINX-2024-34161 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit MTU of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory...

5.3CVSS5.3AI score0.00867EPSS
Exploits0References5
OSV
OSVadded 2024/06/04 9:49 a.m.21 views

BIT-NGINX-2024-35200 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate...

5.3CVSS5.4AI score0.00917EPSS
Exploits0References5
Tenable Nessus
Tenable Nessusadded 2024/06/03 12:0 a.m.32 views

RHEL 8 : 1.14_nginx (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nginx: Off-by-one in ngxresolvercopy when labels are followed by a pointer to a root domain name CVE-2021-23017 Not...

7.7CVSS7.8AI score0.52838EPSS
Exploits10References1
Tenable Nessus
Tenable Nessusadded 2024/06/03 12:0 a.m.23 views

RHEL 9 : nginx (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nginx: memory leak in IPv4 Off Handler CVE-2022-3638 Note that Nessus has not tested for this issue but has instead...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2024/06/03 12:0 a.m.21 views

RHEL 8 : nginx (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nginx: memory leak in IPv4 Off Handler CVE-2022-3638 Note that Nessus has not tested for this issue but has instead...

6.4AI score
Exploits0References1
SUSE CVE
SUSE CVEadded 2024/05/31 3:14 a.m.3 views

SUSE CVE-2024-34161

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit MTU of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory...

5.3CVSS8.4AI score0.00867EPSS
Exploits0References3
SUSE CVE
SUSE CVEadded 2024/05/31 3:14 a.m.2 views

SUSE CVE-2024-35200

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate...

5.3CVSS8.5AI score0.00917EPSS
Exploits0References3
OpenVAS
OpenVASadded 2024/05/31 12:0 a.m.39 views

Nginx 1.25.0 - 1.26.0 Multiple HTTP/3 Vulnerabilities

Nginx is prone to multiple HTTP/3 vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nginx:nginx"; ifdescription...

6.5CVSS7.2AI score0.00917EPSS
Exploits0References5
Rows per page
Query Builder