40 matches found
[SECURITY] Fedora 43 Update: nginx-1.30.3-1.fc43
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...
RLSA-2026:28921 Important: nginx:1.24 security update
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: ngxhttprewritemodule: code execution and denial of service CVE-2026-9256 For more details about the security issues, including the impac...
Important: nginx:1.26 security update
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: ngxhttprewritemodule: code execution and denial of service CVE-2026-9256 For more details about the security issues, including the impac...
ALSA-2026:28921 Important: nginx:1.24 security update
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: ngxhttprewritemodule: code execution and denial of service CVE-2026-9256 For more details about the security issues, including the impac...
SUSE CVE-2026-42530
NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This m...
Security Bulletin: Multiple vulnerabilities with the Nginx web server used in IBM Aspera Shares 1.9.2 and earlier
Question Security Bulletin: Multiple vulnerabilities with the Nginx web server used in IBM Aspera Shares 1.9.2 and earlier "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform...
ROS-20260609-73-0011
The vulnerability of the ngxhttpcharsetmodule module in NGINX Plus and NGINX Open Source web servers is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality and accessibility of the protected...
Imperva Customers Protected Against CVE-2026-49975 (HTTP/2 Bomb) DoS
TL;DR: CVE-2026-49975, dubbed the “HTTP/2 Bomb,” is a critical remote Denial-of-Service DoS vulnerability affecting default HTTP/2 configurations of major web servers including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. Discovered by security firm Calif using OpenAI’s Code...
NGINX ngx_http_ssl_module vulnerability
...
NGINX ngx_quic_module vulnerability
...
Important: Red Hat Security Advisory: nginx security update
An update for nginx is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Linux Distros Unpatched Vulnerability : CVE-2026-32647
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module module, which might allow an attacker to trigger a buffer over-read or over-write ...
K000160336: Out-of-band Security Notification (March 24, 2026)
Security Advisory Description On March 24, 2026, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. High CVEs...
Advisory ROSA-SA-2026-3214
software: nginx 1.26.3 WASP: ROSA-CHROME unaffected versions = nginx-1.26.3-1 affected versions nginx-1.26.3-1 CVE-ID: CVE-2025-23419 BDU-ID: 2025-03281 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the TLS 1.3 protocol implementation of the NGINX Plus and NGINX Open Source web servers is relate...
EUVD-2024-43404
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-24660
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL- based access control to protected Virtual Hosts by...
FreeBSD : nginx -- worker process memory disclosure (eb03714d-79f0-11f0-b4c1-ac5afc632ba3)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the eb03714d-79f0-11f0-b4c1-ac5afc632ba3 advisory. F5 reports: NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might...
The vulnerability of the lua-nginx-module in NGINX web servers, related to inconsistent interpretation of HTTP requests, allows attackers to send hidden HTTP requests (HTTP Request Smuggling attack).
The vulnerability of the lua-nginx-module in NGINX web servers is related to inconsistent interpretation of HTTP requests. Exploiting this vulnerability allows a malicious actor to send hidden HTTP requests a type of HTTP Request Smuggling attack...
CVE-2024-13869
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'uploadfiles' function in all versions up to, and including, 0.9.112. This makes it possible for authenticated attackers, with...
EUVD-2025-4422
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'uploadfiles' function in all versions up to, and including, 0.9.112. This makes it possible for authenticated attackers, with...