Lucene search
K

220 matches found

OSV
OSV
added 2026/05/26 9:48 a.m.9 views

CLSA-2026-1779788913 Fix CVE(s): CVE-2026-9256

SECURITY UPDATE: fix heap buffer overflow in ngxhttprewritemodule with overlapping captures - debian/patches/CVE-2026-9256.patch: fix heap buffer overflow in ngxhttprewritemodule with overlapping captures - CVE-2026-9256...

9.2CVSS6AI score0.04261EPSS
Exploits3References1
CloudLinux
CloudLinux
added 2026/05/26 9:21 a.m.12 views

nginx: Fix of CVE-2026-9256

CVE-2026-9256: fix heap buffer overflow with overlapping captures in ngxhttprewritemodule...

9.2CVSS6AI score0.04261EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.12 views

FreeBSD : nginx -- heap buffer overflow in ngx_http_rewrite_module (36a3131d-5600-11f1-b339-3497f65b111b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 36a3131d-5600-11f1-b339-3497f65b111b advisory. The nginx developers report: A heap memory buffer overflow might occur in a worker process when using a...

9.2CVSS6.3AI score0.04261EPSS
Exploits3References3
OSV
OSV
added 2026/05/25 12:31 p.m.6 views

CLSA-2026-1779712300 Fix CVE(s): CVE-2026-9256

SECURITY UPDATE: heap buffer overflow in ngxhttprewritemodule with overlapping captures - debian/patches/CVE-2026-9256.patch: fix heap buffer overflow in ngxhttpscriptregexstartcode when a rewrite replacement string with no variables has overlapping captures, by moving the per-capture length...

9.2CVSS6AI score0.04261EPSS
Exploits3References1
SUSE CVE
SUSE CVE
added 2026/05/23 1:30 a.m.30 views

SUSE CVE-2026-9256

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...

8.1CVSS6.2AI score0.04261EPSS
Exploits3References11
NVD
NVD
added 2026/05/22 3:16 p.m.15 views

CVE-2026-9256

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...

9.2CVSS0.04261EPSS
Exploits3References13
UbuntuCve
UbuntuCve
added 2026/05/22 3:16 p.m.13 views

CVE-2026-9256

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...

9.2CVSS6.1AI score0.04261EPSS
Exploits3References3
OSV
OSV
added 2026/05/22 3:16 p.m.8 views

UBUNTU-CVE-2026-9256

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...

9.2CVSS6.2AI score0.04261EPSS
Exploits3References6
AlpineLinux
AlpineLinux
added 2026/05/22 2:11 p.m.28 views

CVE-2026-9256

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...

9.2CVSS6.2AI score0.04261EPSS
Exploits3
CVE
CVE
added 2026/05/22 2:11 p.m.289 views

CVE-2026-9256

NGINX Plus and NGINX Open Source expose a vulnerability in the ngx_http_rewrite_module when a rewrite directive uses distinct, overlapping PCRE captures (e.g., ^/((.*))$) and the replacement references multiple captures (e.g., $1$2) in redirects or arguments. An unauthenticated attacker can send ...

9.2CVSS6.2AI score0.04261EPSS
Exploits3References13Affected Software2
Vulnrichment
Vulnrichment
added 2026/05/22 2:11 p.m.11 views

CVE-2026-9256 NGINX ngx_http_rewrite_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...

9.2CVSS6.2AI score0.04261EPSS
Exploits3References1
EUVD
EUVD
added 2026/05/22 2:11 p.m.16 views

EUVD-2026-31444

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...

9.2CVSS6.2AI score0.04261EPSS
Exploits3References1
F5 Networks
F5 Networks
added 2026/05/22 1:48 p.m.108 views

K000161377: NGINX ngx_http_rewrite_module vulnerability CVE-2026-9256

Security Advisory Description NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a...

9.2CVSS6.3AI score0.04261EPSS
Exploits3Affected Software9
OSV
OSV
added 2026/05/22 1:18 p.m.9 views

OESA-2026-2407 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when the rewrite directive is followed by a...

9.2CVSS6.6AI score0.61469EPSS
Exploits40References2
FreeBSD
FreeBSD
added 2026/05/22 12:0 a.m.85 views

nginx -- heap buffer overflow in ngx_http_rewrite_module

The nginx developers report: A heap memory buffer overflow might occur in a worker process when using a configuration with overlapping captures in ngxhttprewritemodule, potentially resulting in arbitrary code execution CVE-2026-9256...

9.2CVSS6.3AI score0.04261EPSS
Exploits3References1
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.13 views

TencentOS Server 3: nginx:1.24 (TSSA-2026:0338)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0338 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

9.2CVSS6.9AI score0.61469EPSS
Exploits40References2
OSV
OSV
added 2026/05/21 12:49 p.m.7 views

CLSA-2026-1779367740 Fix CVE(s): CVE-2026-42945

SECURITY UPDATE: fix heap buffer overrun in ngxhttprewritemodule when rewrite is followed by set/if/rewrite with unnamed PCRE captures - debian/patches/CVE-2026-42945.patch: fix heap buffer overrun in ngxhttprewritemodule when rewrite is followed by set/if/rewrite with unnamed PCRE captures -...

9.2CVSS6.1AI score0.61469EPSS
Exploits40References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Wireshark

A buffer overflow in the C12.22 dissector in Wireshark versions 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows for denial of service through packet injection or malicious capture files...

7.5CVSS7.1AI score0.05178EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Wireshark

A crash in the DNP dissector in Wireshark versions 3.4.0 to 3.4.6, as well as 3.2.0 to 3.2.14, allows for denial of service through packet injection or malicious capture files...

7.5CVSS7.2AI score0.03296EPSS
Exploits1References2
OSV
OSV
added 2026/05/18 5:54 p.m.8 views

CLSA-2026-1779126860 nginx: Fix of CVE-2026-42945

CVE-2026-42945: fix heap buffer overrun in ngxhttprewritemodule when rewrite is followed by set/if/rewrite with unnamed PCRE captures...

9.2CVSS5.9AI score0.61469EPSS
Exploits40References1
Rows per page
Query Builder