Lucene search
K

662 matches found

CVE
CVE
added 4 days ago9 views

CVE-2026-41880

CVE-2026-41880: R-SOFT DMS OCR module is vulnerable to OS Command Injection via unsanitized user-controllable file paths passed to the system shell through SSH. An authenticated attacker triggering OCR on an uploaded file can execute commands as root. The issue is mitigated by fixes in v3.19-2862...

9CVSS6.2AI score0.01331EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/07/07 9:54 a.m.5 views

perl-HTTP-Daemon: HTTP::Daemon: Arbitrary code execution via OS command injection in send_file()

A flaw was found in HTTP::Daemon, a Perl module used for creating HTTP servers. A remote attacker can exploit this vulnerability by providing specially crafted input to the sendfile function, leading to OS command injection. This allows the attacker to execute arbitrary commands on the system wit...

9.1CVSS6.2AI score0.01452EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.12 views

AlmaLinux 9 : nginx:1.24 (ALSA-2026:28212)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:28212 advisory. nginx: ngxhttprewritemodule: code execution and denial of service CVE-2026-9256 Tenable has extracted the preceding description block directly from the AlmaLinux...

9.2CVSS6.3AI score0.04261EPSS
Exploits3References3
OSV
OSV
added 2026/06/19 12:0 a.m.7 views

UBUNTU-CVE-2026-42530

NGINX Open Source has a vulnerability in the ngxhttpv3modulemodule...

9.2CVSS6.1AI score0.03225EPSS
Exploits3References4
EUVD
EUVD
added 2026/06/09 7:14 a.m.17 views

EUVD-2026-35365

Race condition vulnerability in the IPC module. Impact: Successful exploitation of this vulnerability may affect availability...

6.4CVSS5.4AI score0.00133EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.21 views

PT-2026-47667

Permission management vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect service integrity...

6.3CVSS5.5AI score0.00067EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.16 views

TencentOS Server 4: nginx (TSSA-2026:0398)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0398 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

9.2CVSS6.5AI score0.04261EPSS
Exploits3References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.9 views

CVE-2026-41967

Permission control vulnerability in the manufacturability design module. Impact: Successful exploitation of this vulnerability may affect availability...

5.9CVSS5.4AI score0.00078EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/27 3:12 a.m.24 views

CVE-2026-48962

IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. parseOutputGlob wraps the caller-supplied output glob string in double quotes and stores it in the parser state; getFiles then runs the stored expression through eval...

7.8CVSS6.2AI score0.00292EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-44095

A path traversal vulnerability exists in WOSDefaultHttpModule.dll when processing a URL path starting with /woshome...

7.5CVSS5.8AI score0.00351EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2026/05/25 12:0 a.m.6 views

The vulnerability of the ngx_http_rewrite_module module in NGINX Plus and NGINX Open Source web servers allows a attacker to execute arbitrary code or cause service interruptions.

The vulnerability of the ngxhttprewritemodule module in NGINX Plus and NGINX Open Source web servers is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a denial-of-service attack by sending a specially crafte...

8.1CVSS6.3AI score0.04261EPSS
Exploits3References10Affected Software12
OSV
OSV
added 2026/05/22 1:18 p.m.10 views

OESA-2026-2405 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when the rewrite directive is followed by a...

9.2CVSS6.6AI score0.61469EPSS
Exploits40References2
BDU FSTEC
BDU FSTEC
added 2026/05/18 12:0 a.m.7 views

The vulnerability of the ngx_quic_module module in NGINX Plus and NGINX Open Source web servers allows a attacker to cause a service failure.

The vulnerability of the ngxquicmodule module in NGINX Plus and NGINX Open Source web servers relates to the bypassing of authentication processes through spoofing. Exploiting this vulnerability can allow a malicious actor to cause service failures...

6.5CVSS5.9AI score0.00367EPSS
Exploits0References6Affected Software12
BDU FSTEC
BDU FSTEC
added 2026/05/18 12:0 a.m.6 views

The vulnerability of the ngx_http_charset_module module in NGINX Plus and NGINX Open Source web servers allows attackers to compromise the confidentiality and accessibility of protected information.

The vulnerability of the ngxhttpcharsetmodule module in NGINX Plus and NGINX Open Source web servers is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality and accessibility of protected information...

4.8CVSS6.3AI score0.00717EPSS
Exploits0References6Affected Software12
Microsoft CVE
Microsoft CVE
added 2026/05/16 8:4 a.m.14 views

NGINX ngx_http_ssl_module vulnerability

...

6.3CVSS6AI score0.00677EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/05/16 8:4 a.m.16 views

NGINX ngx_quic_module vulnerability

...

6.9CVSS5.8AI score0.00367EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/13 2:12 p.m.10 views

CVE-2026-42946 NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability

A vulnerability exists in the ngxhttpscgimodule and ngxhttpuwsgimodule modules that may result in excessive memory allocation or an over-read of data. When scgipass or uwsgipass is configured, an unauthenticated attacker with man-in-the-middle MITM ability to control responses from an upstream...

8.3CVSS5.8AI score0.00932EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/11 7:5 p.m.19 views

CVE-2026-34059

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the ajpparsedata function attempts to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue potentially lea...

8.2CVSS5.8AI score0.00394EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.8 views

Debian dla-4577 : p7zip-rar - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4577 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4577-1 [email protected] https://www.debian.org/lts/security/...

7.5CVSS7.2AI score0.00635EPSS
Exploits1References4
CVE
CVE
added 2026/05/10 8:15 p.m.26 views

CVE-2026-45191

Net::CIDR::Lite (Perl) is affected in versions before 0.24. The flaw is in CIDR mask handling: extraneous zero characters in masks are not properly validated, causing /00 and /01 (and other zero-padded forms) to pass validation and be parsed to the same prefix as the unpadded value, potentially a...

6.5CVSS5.8AI score0.003EPSS
Exploits0References3
Rows per page
Query Builder