Lucene search
+L

624 matches found

amazon
amazon
added 2026/07/08 12:0 a.m.6 views

Important: nginx

Issue Overview: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and...

9.2CVSS6.3AI score0.03552EPSS
Exploits1
nvd
nvd
added 2026/07/07 9:17 p.m.9 views

CVE-2026-58471

GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...

7.1CVSS0.00221EPSS
Exploits0References2
cvelist
cvelist
added 2026/07/07 7:47 p.m.42 views

CVE-2026-58471 GNU Wget 1.25.0 Heap Buffer Overflow via convert_fname() in url.c

GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...

6CVSS0.00221EPSS
Exploits0References2
euvd
euvd
added 2026/07/07 7:47 p.m.5 views

EUVD-2026-42083

GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...

6CVSS6.2AI score0.00221EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/07/07 7:47 p.m.6 views

CVE-2026-58471 GNU Wget 1.25.0 Heap Buffer Overflow via convert_fname() in url.c

GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...

6CVSS6.2AI score0.00221EPSS
Exploits0References2
osv
osv
added 2026/07/06 6:25 a.m.4 views

OESA-2026-2801 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion ...

9.2CVSS6.3AI score0.03552EPSS
Exploits1References3
osv
osv
added 2026/07/06 6:25 a.m.5 views

OESA-2026-2800 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion ...

9.2CVSS6.3AI score0.03552EPSS
Exploits1References3
osv
osv
added 2026/07/06 6:25 a.m.4 views

OESA-2026-2799 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion ...

9.2CVSS6.3AI score0.03552EPSS
Exploits1References3
osv
osv
added 2026/07/06 6:25 a.m.5 views

OESA-2026-2798 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion ...

9.2CVSS6.3AI score0.03552EPSS
Exploits1References3
redhat
redhat
added 2026/06/30 2:42 p.m.8 views

mariadb: MariaDB server: SQL injection vulnerability via improper handling of big5 character set with mysql_real_escape_string()

A flaw was found in MariaDB server. An application processing non-validated user input, which then uses mysqlrealescapestring and sends data to the database via text protocol with the big5 character set, is vulnerable to SQL injection. This allows a remote attacker to execute malicious SQL...

9.8CVSS5.9AI score0.00316EPSS
Exploits0References6
redhat
redhat
added 2026/06/30 1:11 p.m.5 views

mariadb: MariaDB server: SQL injection vulnerability via improper handling of big5 character set with mysql_real_escape_string()

A flaw was found in MariaDB server. An application processing non-validated user input, which then uses mysqlrealescapestring and sends data to the database via text protocol with the big5 character set, is vulnerable to SQL injection. This allows a remote attacker to execute malicious SQL...

9.8CVSS5.9AI score0.00316EPSS
Exploits0References6
redhat
redhat
added 2026/06/30 11:22 a.m.4 views

mariadb: MariaDB server: SQL injection vulnerability via improper handling of big5 character set with mysql_real_escape_string()

A flaw was found in MariaDB server. An application processing non-validated user input, which then uses mysqlrealescapestring and sends data to the database via text protocol with the big5 character set, is vulnerable to SQL injection. This allows a remote attacker to execute malicious SQL...

9.8CVSS5.9AI score0.00316EPSS
Exploits0References6
redhat
redhat
added 2026/06/30 7:8 a.m.5 views

mariadb: MariaDB server: SQL injection vulnerability via improper handling of big5 character set with mysql_real_escape_string()

A flaw was found in MariaDB server. An application processing non-validated user input, which then uses mysqlrealescapestring and sends data to the database via text protocol with the big5 character set, is vulnerable to SQL injection. This allows a remote attacker to execute malicious SQL...

9.8CVSS5.9AI score0.00316EPSS
Exploits0References6
redhat
redhat
added 2026/06/29 10:57 p.m.7 views

mariadb: MariaDB server: SQL injection vulnerability via improper handling of big5 character set with mysql_real_escape_string()

A flaw was found in MariaDB server. An application processing non-validated user input, which then uses mysqlrealescapestring and sends data to the database via text protocol with the big5 character set, is vulnerable to SQL injection. This allows a remote attacker to execute malicious SQL...

9.8CVSS5.9AI score0.00316EPSS
Exploits0References6
redhat
redhat
added 2026/06/25 9:7 p.m.2 views

mariadb: MariaDB server: SQL injection vulnerability via improper handling of big5 character set with mysql_real_escape_string()

A flaw was found in MariaDB server. An application processing non-validated user input, which then uses mysqlrealescapestring and sends data to the database via text protocol with the big5 character set, is vulnerable to SQL injection. This allows a remote attacker to execute malicious SQL...

9.1CVSS6.2AI score0.00316EPSS
Exploits0References6
nessus
nessus
added 2026/06/23 12:0 a.m.74 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : nginx vulnerabilities (USN-8458-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8458-1 advisory. It was discovered that nginx incorrectly handled large headers when proxying HTTP/2 traffic. A remote attacker could use...

9.2CVSS6.5AI score0.03552EPSS
Exploits1References3
ubuntu
ubuntu
added 2026/06/22 1:28 p.m.8 views

USN-8458-1: nginx vulnerabilities

It was discovered that nginx incorrectly handled large headers when proxying HTTP/2 traffic. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the...

9.2CVSS6.2AI score0.03552EPSS
Exploits1
osv
osv
added 2026/06/22 1:28 p.m.5 views

USN-8458-1 nginx vulnerabilities

It was discovered that nginx incorrectly handled large headers when proxying HTTP/2 traffic. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the...

9.2CVSS6.2AI score0.03552EPSS
Exploits1References3
osv
osv
added 2026/06/22 5:47 a.m.3 views

BIT-NGINX-GATEWAY-2026-48142 NGINX ngx_http_charset_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both sourcecharset utf-8; and a charset directive for example, charset koi8-r; configured, remote, unauthenticated attackers can send requests ...

6.3CVSS6AI score0.00398EPSS
Exploits0References2
osv
osv
added 2026/06/22 5:47 a.m.3 views

BIT-NGINX-2026-48142 NGINX ngx_http_charset_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both sourcecharset utf-8; and a charset directive for example, charset koi8-r; configured, remote, unauthenticated attackers can send requests ...

6.3CVSS6AI score0.00398EPSS
Exploits0References2
Rows per page
Query Builder