Lucene search
K

94 matches found

NVD
NVD
added 4 days ago9 views

CVE-2026-55233

OpenResty is a high performance web platform. From 1.29.2.1 to before 1.29.2.5, an out-of-bounds write vulnerability exists in the upstream PROXY protocol v2 implementation. When OpenResty is configured to send PROXY protocol version 2 headers to upstream servers, constructing the header in the...

7.5CVSS0.00343EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-55233 OpenResty: Buffer overflow when writing PROXY protocol v2 header to upstream

OpenResty is a high performance web platform. From 1.29.2.1 to before 1.29.2.5, an out-of-bounds write vulnerability exists in the upstream PROXY protocol v2 implementation. When OpenResty is configured to send PROXY protocol version 2 headers to upstream servers, constructing the header in the...

7.5CVSS0.00343EPSS
Exploits0References2
CVE
CVE
added 4 days ago10 views

CVE-2026-55233

OpenResty vulnerable versions: 1.29.2.1–1.29.2.4. A PROXY protocol v2 header construction in the stream patch can cause an out-of-bounds write, crashing the worker and causing a denial of service. This affects only configurations that enable PROXY protocol v2 for upstream connections. The issue i...

7.5CVSS6.1AI score0.00343EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/26 5:16 p.m.9 views

CVE-2026-45406

Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filenames, unescaped, into a single-quoted shell string that is later parsed by eval. A filename...

9CVSS0.00274EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 4:22 p.m.34 views

CVE-2026-45406 Dokku: Host RCE via Maliciously Named OpenResty Include Files Injected Through eval

Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filenames, unescaped, into a single-quoted shell string that is later parsed by eval. A filename...

9CVSS0.00274EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 4:22 p.m.8 views

EUVD-2026-39803

Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filenames, unescaped, into a single-quoted shell string that is later parsed by eval. A filename...

9CVSS6.1AI score0.00274EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 4:22 p.m.7 views

CVE-2026-45406

Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filenames, unescaped, into a single-quoted shell string that is later parsed by eval. A filename...

9CVSS6.1AI score0.00274EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/26 4:22 p.m.24 views

CVE-2026-45406

Technical details are not publicly available in the provided documents; monitor for updates.

9CVSS6.1AI score0.00274EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52851

Name of the Vulnerable Software and Affected Versions Dokku versions prior to 0.38.2 Description The openresty-vhosts plugin copies files from an application's openresty/http-includes/ git repository directory to the host. The plugin then interpolates these filenames, without escaping, into a...

9CVSS6.1AI score0.00274EPSS
Exploits0References5
Tenable Product Security Advisories
Tenable Product Security Advisories
added 2026/05/21 8:0 p.m.10 views

[R1] Sensor Proxy Version 1.4.0 Fixes Multiple Vulnerabilities

R1 Sensor Proxy Version 1.4.0 Fixes Multiple Vulnerabilities Jason Schavel Thu, 05/21/2026 - 16:00 Sensor Proxy leverages third-party software to help provide underlying functionality. Several of the third-party components openresty, openresty - nginx were found to contain vulnerabilities, and...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/15 1:4 p.m.127 views

Exploit for CVE-2026-42945

NGINX CVE-2026-42945 Local Checker This repository provides t...

9.2CVSS6AI score0.61469EPSS
Exploits40
GithubExploit
GithubExploit
added 2026/05/11 4:19 a.m.126 views

choreo-waf-poc

waf-poc — Choreo CP WAF Bake-Off OpenResty Three-way WAF ev...

5.8AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-23851

Malware in sbrugna...

5.3CVSS5.2AI score0.01313EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-4066

Malware in sbrugna...

7.5CVSS7.4AI score0.02599EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-31190

Malicious code in bioql PyPI...

7.7CVSS7.4AI score0.00721EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2024-33452

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request. CVE-2024-3345...

7.7CVSS7.3AI score0.00721EPSS
Exploits1References2
OSV
OSV
added 2025/06/24 2:52 p.m.8 views

BIT-OPENRESTY-2024-33452

An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request...

7.7CVSS7.1AI score0.00721EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.7 views

TencentOS Server 4: openresty (TSSA-2024:1002)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1002 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

5.9CVSS7.4AI score0.00556EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 5:37 p.m.11 views

CVE-2020-36309

ngxhttpluamodule aka lua-nginx-module before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header...

5.3CVSS6.7AI score0.01313EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 5:25 p.m.9 views

CVE-2020-11724

An issue was discovered in OpenResty before 1.15.8.4. ngxhttpluasubrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API...

7.5CVSS7.4AI score0.02599EPSS
Exploits0References1
Rows per page
Query Builder