ALPINE-CVE-2026-9256

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...

OESA-2026-2408 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when the rewrite directive is followed by a...

PT-2026-42776

Name of the Vulnerable Software and Affected Versions NGINX Plus versions prior to 37.0.1.1 NGINX Plus versions prior to R32 P7 NGINX Plus versions prior to R36 P5 NGINX Open Source versions 0.1.17 through 1.30.1 NGINX Open Source versions prior to 1.31.1 Description A heap buffer overflow exists...

Astra Linux - уязвимость в pcre2

A out-of-bounds read vulnerability was discovered in the PCRE2 library, specifically in the pcre2jitcompile.c file’s compilexclassmatchingpath function. This issue relates to a Unicode property matching problem in JIT-compiled regular expressions. The vulnerability arises because the character is...

CVE-2026-42945: Imperva Customers Protected Against Critical NGINX Rewrite Module Vulnerability

TL;DR: Researchers recently disclosed CVE-2026-42945, a critical heap-based buffer overflow vulnerability affecting both NGINX Open Source and NGINX Plus. The flaw exists within the ngxhttprewritemodule component and can allow unauthenticated attackers to trigger denial-of-service conditions and...

VulnCheck KEV: CVE-2026-42945

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression PCRE capture for example, $1, $2 with a replacement strin...

BIT-NGINX-GATEWAY-2026-42945 NGINX ngx_http_rewrite_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression PCRE capture for example, $1, $2 with a replacement strin...

CVE-2026-42945

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression PCRE capture for example, $1, $2 with a replacement strin...

K000161019: NGINX ngx_http_rewrite_module vulnerability CVE-2026-42945

Security Advisory Description NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when the "rewrite" directive with a query string is followed in the same location by the "if" or "set" directive with an unnamed Perl-Compatible Regula...

PT-2026-40681

Name of the Vulnerable Software and Affected Versions NGINX Plus affected versions not specified NGINX Open Source versions 0.6.27 through 1.30.0 Description A heap buffer overflow exists in the ngx http rewrite module module of NGINX. The issue occurs when a rewrite directive is followed by a...

JLSEC-2026-176

libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454...

JLSEC-2026-177

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a ?C substring...

MiracleLinux 7 : pcre-8.32-15.el7.1 (AXSA:2016-391:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-391:01 advisory. Perl-compatible regular expression library. PCRE has its own native API, but a set of wrapper functions that are based on the POSIX API are also...

[SECURITY] Fedora 42 Update: pcre2-10.46-1.fc42

PCRE2 is a re-working of the original PCRE Perl-compatible regular expression library to provide an entirely new API. PCRE2 is written in C, and it has its own API. There are three sets of functions, one for the 8-bit library, which processes strings of bytes, one for the 16-bit library, which...

USN-7777-1: PCRE2 vulnerability

It was discovered that PCRE2 incorrectly handled the Scan SubString verb. An attacker could possibly use this issue to cause applications using PCRE2 to expose sensitive information...

CVE-2025-58050

Concrete details confirm CVE-2025-58050 affects PCRE2 10.45, with a heap-buffer-overflow in the regex engine when processing the Scan SubString verb combined with ACCEPT in pcre2_match.c. The issue can cause information disclosure via out-of-bounds reads that may influence final match results. A ...

UBUNTU-CVE-2025-29918

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A PCRE rule can be written that leads to an infinite loop when negated PCRE is used. Packet processing thread becomes stuck in infinite loop limiting visibility and availability i...

Suricata 安全漏洞

Suricata is a network IDS, IPS and NSM engine from the Open Information Security Foundation. A security vulnerability exists in Suricata that stems from a PCRE rule issue that could lead to an infinite loop...

PT-2024-40672 · Pcre2 · Pcre2

Name of the Vulnerable Software and Affected Versions: PCRE2 affected versions not specified Description: The issue is related to a heap-buffer-overflow read crash. Technical details include a crash type of Heap-buffer-overflow READ 4, with the crash state involving the pcre2 fuzzsupport.c file...

Vulnerabilities fixed in IBM DB2

IBM has fixed vulnerabilities in DB2. A malicious party could exploit the exploit the vulnerabilities to grant himself elevated privileges, or to cause a denial-of-service by executing a specially prepared query. These updates also include several updates to third-party products to include older...