Lucene search
+L

430 matches found

SUSE CVE
SUSE CVE
added 3 days ago6 views

SUSE CVE-2026-42533

A vulnerability exists in NGINX Plus and NGINX Open Source when a map directive uses regex matching and a string expression references the map's regex capture variables before referencing the map output variable. Alternatively, the same result could be achieved by using a non-cacheable variable i...

9.2CVSS6.3AI score0.0083EPSS
Exploits1References3
NVD
NVD
added 4 days ago6 views

CVE-2026-59762

When an HTTP/2 profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Impact: System performance can degrade until the TMM process is either forced to restart or is manually restarted. This vulnerability allows a remote,...

8.7CVSS0.00328EPSS
Exploits0References1
NVD
NVD
added 4 days ago9 views

CVE-2026-42533

A vulnerability exists in NGINX Plus and NGINX Open Source when a map directive uses regex matching and a string expression references the map's regex capture variables before referencing the map output variable. Alternatively, the same result could be achieved by using a non-cacheable variable i...

9.2CVSS0.0083EPSS
Exploits1References1
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-44697

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpslicemodule module. When the slice directive and unnamed regex captures are configured or when a background cache update happens, unauthenticated attackers can send requests that may cause uninitialized memory access in the NGINX...

8.8CVSS6.1AI score0.0061EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago36 views

CVE-2026-60065 NGINX Plus ngx_stream_mqtt_filter_module vulnerability

When NGINX Plus is configured to use the Message Queuing Telemetry Transport MQTT filter module ngxstreammqttfiltermodule, unauthenticated attackers can send requests with conditions beyond the attacker's control to cause a heap buffer over-read in the NGINX worker process, leading to a restart...

6.3CVSS0.00265EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-44685

When NGINX Plus is configured to use the Message Queuing Telemetry Transport MQTT filter module ngxstreammqttfiltermodule, unauthenticated attackers can send requests with conditions beyond the attacker's control to cause a heap buffer over-read in the NGINX worker process, leading to a restart...

6.3CVSS6.2AI score0.00265EPSS
Exploits0References1
CVE
CVE
added 4 days ago19 views

CVE-2026-60065

CVE-2026-60065 affects NGINX Plus when the MQTT filter module (ngx_stream_mqtt_filter_module) is enabled. Unauthenticated attackers can send crafted requests to trigger a heap buffer over-read in an NGINX worker process, potentially causing a restart. Impact is limited to data-plane availability ...

6.3CVSS6.2AI score0.00265EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 4 days ago7 views

CVE-2026-56434 NGINX ngx_http_ssi_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpssimodule module. This vulnerability may exist when the Server-Side Includes SSI, proxypass, and proxybuffering off directives are configured. With this configuration, an unauthenticated attacker with man-in-the-middle MITM abili...

8.3CVSS6.1AI score0.00387EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago37 views

CVE-2026-42533 NGINX Map directive and Regex matching vulnerability

A vulnerability exists in NGINX Plus and NGINX Open Source when a map directive uses regex matching and a string expression references the map's regex capture variables before referencing the map output variable. Alternatively, the same result could be achieved by using a non-cacheable variable i...

9.2CVSS0.0083EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 4 days ago6 views

CVE-2026-42533

A vulnerability exists in NGINX Plus and NGINX Open Source when a map directive uses regex matching and a string expression references the map's regex capture variables before referencing the map output variable. Alternatively, the same result could be achieved by using a non-cacheable variable i...

9.2CVSS6.4AI score0.0083EPSS
Exploits1
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-44683

A vulnerability exists in NGINX Plus and NGINX Open Source when a map directive uses regex matching and a string expression references the map's regex capture variables before referencing the map output variable. Alternatively, the same result could be achieved by using a non-cacheable variable i...

9.2CVSS6.4AI score0.0083EPSS
Exploits1References1
CVE
CVE
added 4 days ago71 views

CVE-2026-59762

CVE-2026-59762 affects BIG-IP’s TMM when an HTTP/2 profile is configured on a virtual server. Affected: HTTP/2 profile handling can cause undisclosed requests to increase memory resource utilization, leading to degraded system performance and potential DoS. This is a remote, unauthenticated data-...

8.7CVSS6.1AI score0.00328EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-44679

When an HTTP/2 profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Impact: System performance can degrade until the TMM process is either forced to restart or is manually restarted. This vulnerability allows a remote,...

8.7CVSS6.1AI score0.00328EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-59762 BIG-IP HTTP/2 vulnerability

When an HTTP/2 profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Impact: System performance can degrade until the TMM process is either forced to restart or is manually restarted. This vulnerability allows a remote,...

8.7CVSS0.00328EPSS
Exploits0References1
F5 Networks
F5 Networks
added 4 days ago8 views

K000162101: NGINX Plus ngx_stream_mqtt_filter_module vulnerability CVE-2026-60065

Security Advisory Description When NGINX Plus is configured to use the Message Queuing Telemetry Transport MQTT filter module ngxstreammqttfiltermodule, unauthenticated attackers can send requests with conditions beyond the attacker's control to cause a heap buffer over-read in the NGINX worker...

6.3CVSS5.7AI score0.00265EPSS
Exploits0Affected Software5
F5 Networks
F5 Networks
added 4 days ago11 views

K000162231: BIG-IP HTTP/2 vulnerability CVE-2026-59762

Security Advisory Description When an HTTP/2 profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. CVE-2026-59762 Impact System performance can degrade until the TMM process is either forced to restart or is manually restarted. This...

8.7CVSS6AI score0.00328EPSS
Exploits0Affected Software14
F5 Networks
F5 Networks
added 4 days ago10 views

K000162098: NGINX ngx_http_ssi_module vulnerability CVE-2026-56434

Security Advisory Description NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpssimodule module. This vulnerability may exist when the Server-Side Includes SSI, proxypass , and proxybuffering off directives are configured. With this configuration, an unauthenticated attacker wi...

8.3CVSS5.6AI score0.00387EPSS
Exploits0Affected Software7
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-60185

Name of the Vulnerable Software and Affected Versions F5 BIG-IP affected versions not specified Description When an HTTP/2 profile is configured on a virtual server, specific undisclosed requests can lead to increased memory resource utilization. This data plane issue allows a remote,...

8.7CVSS5.2AI score0.00328EPSS
Exploits0References6
OSV
OSV
added 2026/06/30 11:39 p.m.4 views

BIT-ENVOY-2026-48090 Envoy HTTP: OAuth2 filter late async token completion after stream teardown (UAF / crash risk)

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, the HTTP OAuth2 filter envoy.filters.http.oauth2 can leave an in-flight async token exchange attached to a downstream stream that has already been torn down. A late...

5.9CVSS6.2AI score0.00579EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.16 views

PT-2026-52895

Name of the Vulnerable Software and Affected Versions Envoy versions 1.37.0 through 1.37.4 Envoy versions 1.38.0 through 1.38.2 Description The HTTP OAuth2 filter envoy.filters.http.oauth2 can leave an in-flight async token exchange attached to a downstream stream that has already been torn down....

5.9CVSS5.8AI score0.00579EPSS
Exploits1References22
Rows per page
Query Builder