Lucene search
+L

304 matches found

NVD
NVD
added 3 days ago7 views

CVE-2026-56434

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpssimodule module. This vulnerability may exist when the Server-Side Includes SSI, proxypass, and proxybuffering off directives are configured. With this configuration, an unauthenticated attacker with man-in-the-middle MITM abili...

8.3CVSS0.00387EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago37 views

CVE-2026-60005 NGINX ngx_http_slice_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpslicemodule module. When the slice directive and unnamed regex captures are configured or when a background cache update happens, unauthenticated attackers can send requests that may cause uninitialized memory access in the NGINX...

8.8CVSS0.0061EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-44684

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpssimodule module. This vulnerability may exist when the Server-Side Includes SSI, proxypass, and proxybuffering off directives are configured. With this configuration, an unauthenticated attacker with man-in-the-middle MITM abili...

8.3CVSS6.1AI score0.00387EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-44683

A vulnerability exists in NGINX Plus and NGINX Open Source when a map directive uses regex matching and a string expression references the map's regex capture variables before referencing the map output variable. Alternatively, the same result could be achieved by using a non-cacheable variable i...

9.2CVSS6.4AI score0.0083EPSS
Exploits0References1
Amazon
Amazon
added 2026/07/08 12:0 a.m.6 views

Important: nginx

Issue Overview: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and...

9.2CVSS6.3AI score0.03552EPSS
Exploits1
Ubuntu
Ubuntu
added 2026/07/02 12:3 p.m.11 views

USN-8398-4: nginx vulnerability

USN-8398-3 fixed a vulnerability in nginx. This update provides the corresponding fix for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that nginx incorrectly handled certain cookie headers in the HTTP/2 implementation. A...

7.5CVSS5.8AI score0.11471EPSS
Exploits8
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.13 views

RockyLinux 10 : nginx (RLSA-2026:29874)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:29874 advisory. nginx: ngxhttprewritemodule: code execution and denial of service CVE-2026-9256 Tenable has extracted the preceding description block directly from the RockyLin...

9.2CVSS6.3AI score0.04261EPSS
Exploits3References3
RedhatCVE
RedhatCVE
added 2026/06/25 7:28 p.m.9 views

CVE-2026-42055

A flaw was found in NGINX. When NGINX is configured to proxy HTTP/2 traffic using the ngxhttpproxyv2module or ngxhttpgrpcmodule with specific settings, a remote, unauthenticated attacker can send specially crafted large headers. This can trigger a heap-based buffer overflow, leading to a restart ...

9.2CVSS6.5AI score0.03552EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.12 views

AlmaLinux 9 : nginx (ALSA-2026:28973)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:28973 advisory. nginx: ngxhttprewritemodule: code execution and denial of service CVE-2026-9256 Tenable has extracted the preceding description block directly from the AlmaLinux...

9.2CVSS6.4AI score0.04261EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.8 views

RHEL 9 : nginx (RHSA-2026:28973)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28973 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...

9.2CVSS6.4AI score0.04261EPSS
Exploits3References4
OSV
OSV
added 2026/06/22 5:47 a.m.3 views

BIT-NGINX-GATEWAY-2026-48142 NGINX ngx_http_charset_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both sourcecharset utf-8; and a charset directive for example, charset koi8-r; configured, remote, unauthenticated attackers can send requests ...

6.3CVSS6AI score0.00398EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.32 views

nginx 0.3.50 < 1.30.3 / 1.31.x < 1.31.2 Buffer Overread in ngx_http_charset_module

The installed version of nginx is 0.3.50 prior to 1.30.3, or 1.31.x prior to 1.31.2. It is, therefore, affected by the following issue : - NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both...

6.3CVSS6AI score0.00398EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-42055

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the...

9.2CVSS7.3AI score0.03552EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/06/19 1:53 a.m.8 views

SUSE CVE-2026-42055

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

8.1CVSS6.5AI score0.03552EPSS
Exploits1References8
OSV
OSV
added 2026/06/15 12:44 p.m.19 views

USN-8398-3 nginx vulnerability

USN-8398-1 fixed a vulnerability in nginx. The update caused a regression and was temporarily reverted in USN-8398-2. This update introduces a complete fix for CVE-2026-49975. We apologize for the inconvenience. Original advisory details: It was discovered that nginx incorrectly handled certain...

7.5CVSS5.4AI score0.11471EPSS
Exploits8References2
Amazon
Amazon
added 2026/06/08 12:0 a.m.13 views

Important: nginx

Issue Overview: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string...

9.2CVSS6.1AI score0.04261EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.17 views

TencentOS Server 4: nginx (TSSA-2026:0398)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0398 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

9.2CVSS6.5AI score0.04261EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.12 views

Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2026-1773)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1773 advisory. NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-...

9.2CVSS6.1AI score0.04261EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.11 views

Amazon Linux 2 : nginx, --advisory ALAS2NGINX1-2026-013 (ALASNGINX1-2026-013)

The version of nginx installed on the remote host is prior to 1.30.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NGINX1-2026-013 advisory. NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a...

9.2CVSS6.2AI score0.04261EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.14 views

RockyLinux 10 : nginx (RLSA-2026:19159)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19159 advisory. nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 Tenable has extracted the preceding description block directly from the RockyLinux security...

9.2CVSS6.1AI score0.61469EPSS
Exploits40References3
Rows per page
Query Builder