90 matches found
CVE-2026-45406
Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filenames, unescaped, into a single-quoted shell string that is later parsed by eval. A filename...
EUVD-2026-39803
Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filenames, unescaped, into a single-quoted shell string that is later parsed by eval. A filename...
CVE-2026-45406
Technical details are not publicly available in the provided documents; monitor for updates.
CVE-2026-45406 Dokku: Host RCE via Maliciously Named OpenResty Include Files Injected Through eval
Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filenames, unescaped, into a single-quoted shell string that is later parsed by eval. A filename...
CVE-2026-45406
Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filenames, unescaped, into a single-quoted shell string that is later parsed by eval. A filename...
[R1] Sensor Proxy Version 1.4.0 Fixes Multiple Vulnerabilities
R1 Sensor Proxy Version 1.4.0 Fixes Multiple Vulnerabilities Jason Schavel Thu, 05/21/2026 - 16:00 Sensor Proxy leverages third-party software to help provide underlying functionality. Several of the third-party components openresty, openresty - nginx were found to contain vulnerabilities, and...
Exploit for CVE-2026-42945
NGINX CVE-2026-42945 Local Checker This repository provides t...
choreo-waf-poc
waf-poc — Choreo CP WAF Bake-Off OpenResty Three-way WAF ev...
EUVD-2020-23851
Malware in sbrugna...
EUVD-2020-4066
Malware in sbrugna...
EUVD-2024-31190
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-33452
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request. CVE-2024-3345...
BIT-OPENRESTY-2024-33452
An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request...
TencentOS Server 4: openresty (TSSA-2024:1002)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1002 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
CVE-2020-36309
ngxhttpluamodule aka lua-nginx-module before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header...
CVE-2020-11724
An issue was discovered in OpenResty before 1.15.8.4. ngxhttpluasubrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API...
CVE-2024-33452
An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request...
DEBIAN-CVE-2024-33452
An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request...
CVE-2024-33452
An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request...
UBUNTU-CVE-2024-33452
An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request...