662 matches found
CVE-2026-41880
CVE-2026-41880: R-SOFT DMS OCR module is vulnerable to OS Command Injection via unsanitized user-controllable file paths passed to the system shell through SSH. An authenticated attacker triggering OCR on an uploaded file can execute commands as root. The issue is mitigated by fixes in v3.19-2862...
perl-HTTP-Daemon: HTTP::Daemon: Arbitrary code execution via OS command injection in send_file()
A flaw was found in HTTP::Daemon, a Perl module used for creating HTTP servers. A remote attacker can exploit this vulnerability by providing specially crafted input to the sendfile function, leading to OS command injection. This allows the attacker to execute arbitrary commands on the system wit...
AlmaLinux 9 : nginx:1.24 (ALSA-2026:28212)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:28212 advisory. nginx: ngxhttprewritemodule: code execution and denial of service CVE-2026-9256 Tenable has extracted the preceding description block directly from the AlmaLinux...
UBUNTU-CVE-2026-42530
NGINX Open Source has a vulnerability in the ngxhttpv3modulemodule...
EUVD-2026-35365
Race condition vulnerability in the IPC module. Impact: Successful exploitation of this vulnerability may affect availability...
PT-2026-47667
Permission management vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect service integrity...
TencentOS Server 4: nginx (TSSA-2026:0398)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0398 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
CVE-2026-41967
Permission control vulnerability in the manufacturability design module. Impact: Successful exploitation of this vulnerability may affect availability...
CVE-2026-48962
IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. parseOutputGlob wraps the caller-supplied output glob string in double quotes and stores it in the parser state; getFiles then runs the stored expression through eval...
PT-2026-44095
A path traversal vulnerability exists in WOSDefaultHttpModule.dll when processing a URL path starting with /woshome...
The vulnerability of the ngx_http_rewrite_module module in NGINX Plus and NGINX Open Source web servers allows a attacker to execute arbitrary code or cause service interruptions.
The vulnerability of the ngxhttprewritemodule module in NGINX Plus and NGINX Open Source web servers is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a denial-of-service attack by sending a specially crafte...
OESA-2026-2405 nginx security update
NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when the rewrite directive is followed by a...
The vulnerability of the ngx_quic_module module in NGINX Plus and NGINX Open Source web servers allows a attacker to cause a service failure.
The vulnerability of the ngxquicmodule module in NGINX Plus and NGINX Open Source web servers relates to the bypassing of authentication processes through spoofing. Exploiting this vulnerability can allow a malicious actor to cause service failures...
The vulnerability of the ngx_http_charset_module module in NGINX Plus and NGINX Open Source web servers allows attackers to compromise the confidentiality and accessibility of protected information.
The vulnerability of the ngxhttpcharsetmodule module in NGINX Plus and NGINX Open Source web servers is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality and accessibility of protected information...
NGINX ngx_http_ssl_module vulnerability
...
NGINX ngx_quic_module vulnerability
...
CVE-2026-42946 NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability
A vulnerability exists in the ngxhttpscgimodule and ngxhttpuwsgimodule modules that may result in excessive memory allocation or an over-read of data. When scgipass or uwsgipass is configured, an unauthenticated attacker with man-in-the-middle MITM ability to control responses from an upstream...
CVE-2026-34059
A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the ajpparsedata function attempts to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue potentially lea...
Debian dla-4577 : p7zip-rar - security update
The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4577 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4577-1 [email protected] https://www.debian.org/lts/security/...
CVE-2026-45191
Net::CIDR::Lite (Perl) is affected in versions before 0.24. The flaw is in CIDR mask handling: extraneous zero characters in masks are not properly validated, causing /00 and /01 (and other zero-padded forms) to pass validation and be parsed to the same prefix as the unpadded value, potentially a...