CVE-2026-42945

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression PCRE capture for example, $1, $2 with a replacement strin...

Linux Distros Unpatched Vulnerability : CVE-2021-42717

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web serve...

Mageia: Security Advisory (MGASA-2024-0286)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Internet Bug Bounty: CVE-2024-7347: Buffer overread in the ngx_http_mp4_module

CVE-2024-7347 was a vulnerability in the ngxhttpmp4module of NGINX Open Source and NGINX Plus. The vulnerability could have allowed an attacker to over-read NGINX worker memory, resulting in its termination, using a specially crafted MP4 file. The issue only affected NGINX if it was built with th...

Internet Bug Bounty: CVE-2024-31079 in nginx

CVE-2024-31079 was discovered in the NGINX HTTP/3 QUIC module. When NGINX Plus or NGINX OSS were configured to use this module, undisclosed HTTP/3 requests could cause NGINX worker processes to terminate or experience other potential impact. The vulnerability was classified as a stack-based buffe...

CVE-2021-42717

ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large e.g., 300KB HTTP request can occupy one of the limited NGINX worke...