19468 matches found
CVE-2026-42926
When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...
ALPINE-CVE-2026-42926
When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...
ALPINE-CVE-2026-40460
When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
neo-pocs
neo-pocs Containerized proof-of-concept packages for reviewed...
CVE-2026-42926
When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...
CVE-2026-42926
When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...
CVE-2026-42926
When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...
CVE-2026-40460
When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-40701
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpsslmodule module when the sslverifyclient directive is set to "on" or "optional," and the sslocsp directive is set to "on" or the leaf parameters are configured with a resolver. With this configuration, an unauthenticated attacke...
K000161131: NGINX ngx_http_proxy_v2_module vulnerability CVE-2026-42926
Security Advisory Description When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody , an attacker may be able to inject frame headers and payload bytes to the upstream peer. CVE-2026-42926 Impact This vulnerability allows a remot...
K000161019: NGINX ngx_http_rewrite_module vulnerability CVE-2026-42945
Security Advisory Description NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when the "rewrite" directive with a query string is followed in the same location by the "if" or "set" directive with an unnamed Perl-Compatible Regula...
Malicious code in hardhat-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb86c79e7ed3cd429c0f28bc08e00ce020df2ec42fdda086ad8bfca99f259930 package.json declares a postinstall script that base64-decodes the string 'aHR0cDovLzguMjE3Ljc1LjE0NzozMDAwL3BheWxvYWQ=' to the URL...
MAL-2026-3715 Malicious code in solc-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2016baa4fe29c296464b8381f88440457a113d79e2773d2252eb609a15ea2e03 package.json's postinstall lifecycle script runs node -e to base64-decode a hidden URL and pipe its contents to bash: curl -s...
Malicious code in web3-core-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46f9612aaab12b9656a1f1b5fbd7684fdcd57833bbf76d14b2a243f679cb0977 package.json declares a lifecycle hook that invokes require'childprocess' and execSync with a curl command at install time. This pattern fetches remo...
Malicious code in @design-system-coopeuch/web (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a871445c3913d747a2f1383bcfdac02d6dec26ddb2053260340284cf4ee02233 Package @design-system-coopeuch/[email protected] is a dependency-confusion squat of an internal-looking scope, published at an inflated 999.x version to...
angr 9.2.215
angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic "concolic" analysis, providing tools to solve a variety of tasks...
F5 NGINX Open Source 安全漏洞
F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway provided by the F5 company. There is a security vulnerability in F5 NGINX Open Source, which stems from the use of proxysetbody when configuring HTTP/2 traffic. This vulnerability may lead ...
Grafana OSS 安全漏洞
Grafana OSS is an open-source visualization dashboard developed by Grafana. There is a security vulnerability in Grafana OSS, which stems from the editor’s ability to overwrite dashboards that it does not own. This could potentially lead to obtaining administrator privileges on specific dashboard...
Grafana OSS 安全漏洞
Grafana OSS is an open-source visualization dashboard developed by Grafana. There is a security vulnerability in Grafana OSS, which arises from using the timeGroup macro, potentially leading to server overload and OOM issues...
Grafana OSS 安全漏洞
Grafana OSS is an open-source visualization dashboard developed by Grafana. There is a security vulnerability in Grafana OSS, which stems from a race condition in Live. This condition may allow authenticated users with the Viewer role to trigger a fatal mapping access error by sending concurrent...