ROS-20260429-73-0040

A vulnerability in the incoming traffic controller in the Kubernetes ingress-nginx cluster is related to flaws in the input validation mechanism. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

Fedora 44 : nginx / nginx-mod-brotli / nginx-mod-fancyindex / etc (2026-4de4d247a0)

The remote Fedora 44 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-4de4d247a0 advisory. nginx-mod-brotli: - Rebuild for 1.28.3 nginx-mod-fancyindex: - Rebuild for 1.28.3 nginx-mod-naxsi: - Rebuild for 1.28.3 nginx-mod-headers-more: -...

CLSA-2026-1777396606 nginx: Fix of CVE-2026-27654

CVE-2026-27654: fix heap buffer overflow in ngxhttpdavmodule COPY/MOVE with alias...

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4Shell Security Lab — nginx + Coraza WAF Mục đích giáo...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : nginx vulnerabilities (USN-8210-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8210-1 advisory. It was discovered that the nginx ngxmailauthhttpmodule module incorrectly handled certain requests. An attacker could possibly use th...

Juniper Junos OS Multiple Vulnerabilities (JSA88135)

The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA88135 advisory. - NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer...

USN-8210-1 nginx vulnerabilities

It was discovered that the nginx ngxmailauthhttpmodule module incorrectly handled certain requests. An attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service. CVE-2026-27651 It was discovered that the nginx ngxhttpdavmodule module incorrectly handled...

PT-2026-36922

Name of the Vulnerable Software and Affected Versions Nginx UI version 2.3.5 Description Nginx UI, a web user interface for the Nginx web server, contains a flaw allowing an unauthenticated bootstrap takeover. This occurs during the initial installation window via the 'POST /api/install' endpoint...

[SECURITY] Fedora 44 Update: nginx-mod-headers-more-0.39-7.fc44

This module allows adding, setting, or clearing specified input/output header s. This is an enhanced version of the standard headers module because it provides more utilities like resetting or clearing "builtin headers" like Content-Type, Content-Length, and Server...

[SECURITY] Fedora 44 Update: nginx-1.28.3-1.fc44

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

[SECURITY] Fedora 44 Update: nginx-mod-naxsi-1.6-15.fc44

naxsi is an nginx module that provides score based Web Application Firewall WAF abilities in a highly granular fashion...

[SECURITY] Fedora 44 Update: nginx-mod-modsecurity-1.0.4-8.fc44

The ModSecurity-nginx connector is the connection point between nginx and libmodsecurity ModSecurity v3. Said another way, this project provides a communication channel between nginx and libmodsecurity. This connector is required to use LibModSecurity with nginx. The ModSecurity-nginx connector...

[SECURITY] Fedora 44 Update: nginx-mod-fancyindex-0.6.0-2.fc44

The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...

[SECURITY] Fedora 44 Update: nginx-mod-vts-0.2.4-7.fc44

Nginx virtual host traffic status module...

CLSA-2026-1777022242 nginx: Fix of 2 CVEs

CVE-2026-32647: fix buffer over-read/over-write in ngxhttpmp4module via integer overflow, off-by-one boundary checks, and zero sync sample validation in stss atom - CVE-2026-27651: fix NULL pointer dereference in ngxmailauthhttpmodule when using CRAM-MD5 or APOP authentication with Auth-Wait...

Exploit for Incorrect Authorization in Vercel Next.Js

ALPR Dashboard runtime patches Two drop-in patches for the a...

EUVD-2026-25377

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 8.2.6.4 have a SQL injection vulnerability in the haproxysectionsave function in app/routes/config/routes.py. The serverip parameter, sourced from the URL path, is passed unsanitized through...

EUVD-2026-25376

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the oldconfig parameter in the haproxysectionsave interface has an arbitrary file read vulnerability. Version 8.2.6.4 fixes the issue...

EUVD-2026-25375

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the haproxysectionsave interface presents a vulnerability that could lead to remote code execution due to path traversal and writing into scheduled tasks. Version 8.2.6.4 fixes the iss...

PT-2026-34833

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the haproxy section save interface presents a vulnerability that could lead to remote code execution due to path traversal and writing into scheduled tasks. Version 8.2.6.4 fixes the...