Lucene search
+L

97 matches found

NVD
NVD
added 2026/07/10 9:16 p.m.14 views

CVE-2026-55233

OpenResty is a high performance web platform. From 1.29.2.1 to before 1.29.2.5, an out-of-bounds write vulnerability exists in the upstream PROXY protocol v2 implementation. When OpenResty is configured to send PROXY protocol version 2 headers to upstream servers, constructing the header in the...

7.5CVSS0.00343EPSS
Exploits0References2
CVE
CVE
added 2026/07/10 7:59 p.m.13 views

CVE-2026-55233

OpenResty vulnerable versions: 1.29.2.1–1.29.2.4. A PROXY protocol v2 header construction in the stream patch can cause an out-of-bounds write, crashing the worker and causing a denial of service. This affects only configurations that enable PROXY protocol v2 for upstream connections. The issue i...

7.5CVSS6.1AI score0.00343EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/10 7:59 p.m.32 views

CVE-2026-55233 OpenResty: Buffer overflow when writing PROXY protocol v2 header to upstream

OpenResty is a high performance web platform. From 1.29.2.1 to before 1.29.2.5, an out-of-bounds write vulnerability exists in the upstream PROXY protocol v2 implementation. When OpenResty is configured to send PROXY protocol version 2 headers to upstream servers, constructing the header in the...

7.5CVSS0.00343EPSS
Exploits0References2
OSV
OSV
added 2026/07/10 7:59 p.m.3 views

CVE-2026-55233 OpenResty: Buffer overflow when writing PROXY protocol v2 header to upstream

OpenResty is a high performance web platform. From 1.29.2.1 to before 1.29.2.5, an out-of-bounds write vulnerability exists in the upstream PROXY protocol v2 implementation. When OpenResty is configured to send PROXY protocol version 2 headers to upstream servers, constructing the header in the...

7.5CVSS6.1AI score0.00343EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/10 12:0 a.m.12 views

PT-2026-57280

Name of the Vulnerable Software and Affected Versions OpenResty versions 1.29.2.1 through 1.29.2.4 Description An out-of-bounds write occurs in the upstream PROXY protocol v2 implementation. When the platform is configured to send PROXY protocol version 2 headers to upstream servers, the process ...

7.5CVSS6AI score0.00343EPSS
Exploits0References7
NVD
NVD
added 2026/06/26 5:16 p.m.10 views

CVE-2026-45406

Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filenames, unescaped, into a single-quoted shell string that is later parsed by eval. A filename...

9CVSS0.00274EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 4:22 p.m.35 views

CVE-2026-45406 Dokku: Host RCE via Maliciously Named OpenResty Include Files Injected Through eval

Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filenames, unescaped, into a single-quoted shell string that is later parsed by eval. A filename...

9CVSS0.00274EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 4:22 p.m.10 views

EUVD-2026-39803

Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filenames, unescaped, into a single-quoted shell string that is later parsed by eval. A filename...

9CVSS6.1AI score0.00274EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 4:22 p.m.26 views

CVE-2026-45406

Technical details are not publicly available in the provided documents; monitor for updates.

9CVSS6.1AI score0.00274EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/26 4:22 p.m.4 views

CVE-2026-45406 Dokku: Host RCE via Maliciously Named OpenResty Include Files Injected Through eval

Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filenames, unescaped, into a single-quoted shell string that is later parsed by eval. A filename...

9CVSS6.2AI score0.00274EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/26 4:22 p.m.8 views

CVE-2026-45406

Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filenames, unescaped, into a single-quoted shell string that is later parsed by eval. A filename...

9CVSS6.1AI score0.00274EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.14 views

PT-2026-52851

Name of the Vulnerable Software and Affected Versions Dokku versions prior to 0.38.2 Description The openresty-vhosts plugin copies files from an application's openresty/http-includes/ git repository directory to the host. The plugin then interpolates these filenames, without escaping, into a...

9CVSS6.1AI score0.00274EPSS
Exploits0References5
Tenable Product Security Advisories
Tenable Product Security Advisories
added 2026/05/21 8:0 p.m.10 views

[R1] Sensor Proxy Version 1.4.0 Fixes Multiple Vulnerabilities

R1 Sensor Proxy Version 1.4.0 Fixes Multiple Vulnerabilities Jason Schavel Thu, 05/21/2026 - 16:00 Sensor Proxy leverages third-party software to help provide underlying functionality. Several of the third-party components openresty, openresty - nginx were found to contain vulnerabilities, and...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/15 1:4 p.m.128 views

Exploit for CVE-2026-42945

NGINX CVE-2026-42945 Local Checker This repository provides t...

9.2CVSS6AI score0.61469EPSS
Exploits40
GithubExploit
GithubExploit
added 2026/05/11 4:19 a.m.129 views

choreo-waf-poc

waf-poc — Choreo CP WAF Bake-Off OpenResty Three-way WAF ev...

5.8AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-23851

Malware in sbrugna...

5.3CVSS5.2AI score0.01313EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-4066

Malware in sbrugna...

7.5CVSS7.4AI score0.02599EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-31190

Malicious code in bioql PyPI...

7.7CVSS7.4AI score0.00721EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2024-33452

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request. CVE-2024-3345...

7.7CVSS7.3AI score0.00721EPSS
Exploits1References2
OSV
OSV
added 2025/06/24 2:52 p.m.11 views

BIT-OPENRESTY-2024-33452

An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request...

7.7CVSS7.1AI score0.00721EPSS
Exploits1References4
Rows per page
Query Builder