BIT-NGINX-GATEWAY-2026-42934 NGINX ngx_http_charset_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When charset, sourcecharset, and charsetmap and proxypass with disabled buffering "off" directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers' contr...

BIT-NGINX-2026-42945 NGINX ngx_http_rewrite_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression PCRE capture for example, $1, $2 with a replacement strin...

BIT-NGINX-2026-42926 NGINX ngx_http_proxy_v2_module vulnerability

When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...

BIT-NGINX-GATEWAY-2026-40460 NGINX ngx_quic_module vulnerability

When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

BIT-NGINX-2026-40460 NGINX ngx_quic_module vulnerability

When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

Exploit for CVE-2026-42945

nginx-rift-detect Behavioral detection script for CVE-2026-...

CVE-2025-48516

Insecure default configuration state of DDR5 memory module by AGESA Bootloader Firmware could allow an attacker with local user privilege to abuse the unprotected PMIC interface to create a permanent denial of service condition or affect the integrity of the memory module...

EUVD-2025-209875

Insecure default configuration state of DDR5 memory module by AGESA Bootloader Firmware could allow an attacker with local user privilege to abuse the unprotected PMIC interface to create a permanent denial of service condition or affect the integrity of the memory module...

Exploit for CVE-2026-42945

CVE-2026-42945 — NGINX Rewrite Module Heap Buffer Overflow → R...

CVE-2026-8612

WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution. With no explicit cache backend, WWW::Mechanize::Cached constructs a default Cache::FileCache under /tmp/FileCache without...

nginx-rift-private-lab

NGINX Rift RCE Proof of concept for CVE-2026-42945, a cri...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system developed by Huawei Technologies Co., Ltd. It is a full-scenario distributed operating system based on a microkernel architecture. There is a security vulnerability in HUAWEI HarmonyOS, which stems from issues with the permission control of the...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system developed by Huawei Technologies Co., Ltd. It is a full-scenario distributed operating system based on a microkernel architecture. There is a security vulnerability in HUAWEI HarmonyOS, which stems from issues with the permission control of the...

DHTMLX Diagram 路径遍历漏洞

DHTMLX Diagram is a JavaScript chart component developed by DHTMLX Corporation that supports interactive organizational charts, flowcharts, mind maps, and other chart types. Versions of DHTMLX Diagram prior to 1.1.1 had a path traversal vulnerability. This vulnerability stemmed from path traversa...

Trog::TOTP 安全特征问题漏洞

Trog::TOTP is a Perl module developed by TEODESIAN’s individual developers, which supports time-based one-time password generation and two-factor authentication. Versions of Trog::TOTP prior to 1.006 contained security vulnerabilities. These vulnerabilities stemmed from the use of the built-in Pe...

Crypt::DSA 安全特征问题漏洞

Crypt::DSA is a Perl cryptography module developed by TIMLEGGE’s individual developers, which supports the generation and verification of DSA digital signatures. Versions of Crypt::DSA prior to version 1.20 had security vulnerabilities. These vulnerabilities stemmed from the use of the Perl...

Crypt::DSA 安全漏洞

Crypt::DSA is a Perl cryptography module developed by TIMLEGGE’s individual developers, which supports the generation and verification of DSA digital signatures. Versions of Crypt::DSA prior to 1.19 contained security vulnerabilities; these vulnerabilities stemmed from the use of the 2-args open...

PT-2026-41292

Permission control vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

PT-2026-41283

Permission control vulnerability in the app management and control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

PT-2026-41290

Permission control vulnerability in the projection module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...