Lucene search
K

846 matches found

Rockylinux
Rockylinux
added 2026/04/07 12:1 a.m.11 views

nginx:1.24 security update

An update is available for module.nginx, nginx. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list nginx is a web and proxy server supporting HTTP and other...

8.2CVSS6AI score0.00339EPSS
Exploits0
OSV
OSV
added 2026/04/07 12:1 a.m.9 views

RLSA-2026:5581 Moderate: nginx:1.24 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections CVE-2026-1642 For more details about the security issues,...

5.9CVSS6AI score0.00339EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/06 5:59 p.m.18 views

@nestjs/core Improperly Neutralizes Special Elements in Output Used by a Downstream Component ('Injection')

Impact What kind of vulnerability is it? Who is impacted? SseStream.transform interpolates message.type and message.id directly into Server-Sent Events text protocol output without sanitizing newline characters \r, \n. Since the SSE protocol treats both \r and \n as field delimiters and \n\n as...

6.3CVSS6.1AI score0.00234EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/04/06 5:59 p.m.3 views

GHSA-36XV-JGW5-4Q75 @nestjs/core Improperly Neutralizes Special Elements in Output Used by a Downstream Component ('Injection')

Impact What kind of vulnerability is it? Who is impacted? SseStream.transform interpolates message.type and message.id directly into Server-Sent Events text protocol output without sanitizing newline characters \r, \n. Since the SSE protocol treats both \r and \n as field delimiters and \n\n as...

6.3CVSS6.1AI score0.00234EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.4 views

PT-2026-30760

Name of the Vulnerable Software and Affected Versions Nest versions prior to 11.1.18 Description The SseStream. transform function interpolates message.type and message.id directly into Server-Sent Events text protocol output without sanitizing newline characters r, . Because the SSE protocol use...

6.3CVSS6.1AI score0.00234EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2026/04/02 7:42 a.m.7 views

nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections

A flaw was found in NGINX. When NGINX is configured to proxy to upstream Transport Layer Security TLS servers, An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response...

8.2CVSS6AI score0.00339EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/02 12:0 a.m.12 views

RHEL 9 : nginx:1.24 (RHSA-2026:6302)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:6302 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...

8.2CVSS6.1AI score0.00339EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/02 12:0 a.m.7 views

RHEL 9 : nginx (RHSA-2026:6408)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:6408 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...

8.2CVSS6.1AI score0.00339EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/02 12:0 a.m.17 views

RHEL 10 : nginx (RHSA-2026:6311)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:6311 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...

8.2CVSS6.1AI score0.00339EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/02 12:0 a.m.4 views

RHEL 9 : nginx:1.26 (RHSA-2026:6427)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:6427 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...

8.2CVSS6.1AI score0.00339EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/02 12:0 a.m.3 views

RHEL 9 : nginx:1.24 (RHSA-2026:6407)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:6407 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...

8.2CVSS6.1AI score0.00339EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/01 10:57 p.m.6 views

Moderate: Red Hat Security Advisory: nginx:1.24 security update

An update for the nginx:1.24 module is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.2CVSS6.1AI score0.00339EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/04/01 10:57 p.m.3 views

nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections

A flaw was found in NGINX. When NGINX is configured to proxy to upstream Transport Layer Security TLS servers, An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response...

8.2CVSS6AI score0.00339EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/01 8:24 p.m.6 views

nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections

A flaw was found in NGINX. When NGINX is configured to proxy to upstream Transport Layer Security TLS servers, An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response...

8.2CVSS5.8AI score0.00339EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/01 8:24 p.m.12 views

Moderate: Red Hat Security Advisory: nginx security update

An update for nginx is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.2CVSS5.9AI score0.00339EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/04/01 2:29 a.m.3 views

Moderate: Red Hat Security Advisory: nginx security update

An update for nginx is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

8.2CVSS6.1AI score0.00339EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/04/01 2:29 a.m.3 views

nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections

A flaw was found in NGINX. When NGINX is configured to proxy to upstream Transport Layer Security TLS servers, An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response...

8.2CVSS6AI score0.00339EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.5 views

PT-2026-29497

Name of the Vulnerable Software and Affected Versions xmldom versions 0.6.0 and prior, and @xmldom/xmldom prior to versions 0.8.12 and 0.9.9 Description The xmldom library contains a flaw where attacker-controlled strings including the CDATA terminator can be inserted into a CDATASection node...

7.5CVSS5.8AI score0.00472EPSS
Exploits0References19
RedHat Linux
RedHat Linux
added 2026/03/31 10:5 p.m.9 views

nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections

A flaw was found in NGINX. When NGINX is configured to proxy to upstream Transport Layer Security TLS servers, An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response...

8.2CVSS6AI score0.00339EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/03/31 10:5 p.m.4 views

Moderate: Red Hat Security Advisory: nginx:1.24 security update

An update for the nginx:1.24 module is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.2CVSS6.1AI score0.00339EPSS
Exploits0References2
Rows per page
Query Builder