SUSE CVE-2026-9256

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...

CVE-2026-9256

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...

CVE-2026-9256

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...

OESA-2026-2407 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when the rewrite directive is followed by a...

TencentOS Server 3: nginx:1.24 (TSSA-2026:0338)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0338 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

PT-2026-42148

Summary The BaseHandler.set trap in bridge.js line 1231 ignores the receiver parameter and unconditionally writes to the host target object. Per the Proxy set trap specification, when receiver !== proxy e.g., when a child object inherits from the proxy via Object.create, the property assignment...

CLSA-2026-1779126860 nginx: Fix of CVE-2026-42945

CVE-2026-42945: fix heap buffer overrun in ngxhttprewritemodule when rewrite is followed by set/if/rewrite with unnamed PCRE captures...

SUSE CVE-2026-42945

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression PCRE capture for example, $1, $2 with a replacement strin...

CVE-2026-42945

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression PCRE capture for example, $1, $2 with a replacement strin...

CVE-2026-42945 NGINX ngx_http_rewrite_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression PCRE capture for example, $1, $2 with a replacement strin...

CVE-2026-42945

CVE-2026-42945 affects NGINX Open Source and NGINX Plus via the ngx_http_rewrite_module when a rewrite/if/set directive is followed by a PCRE capture and a replacement containing a question mark. This can cause a heap buffer overflow in the worker process and, on systems with ASLR disabled, poten...

CLSA-2026-1777454193 pcre2: Fix of 2 CVEs

CVE-2022-1586: fix out-of-bounds read in JIT compilexclassmatchingpath - CVE-2022-41409: diagnose negative repeat value in pcre2test...

CLSA-2026-1777454082 pcre2: Fix of 2 CVEs

CVE-2022-1586: fix out-of-bounds read in JIT compilexclassmatchingpath - CVE-2022-41409: diagnose negative repeat value in pcre2test...

CVE-2026-40489

editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ecglob that allows an attacker to crash any application using libeditorconfig by providing a specially crafted directo...

OSV-2026-145 Heap-buffer-overflow in pcre2_compile_32

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=478301105 Crash type: Heap-buffer-overflow WRITE 4 Crash state: pcre2compile32 pcre2fuzzsupport.c...

MiracleLinux 8 : pcre-8.42-6.el8 (AXSA:2021-2716:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2716:01 advisory. pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1 CVE-2019-20838 pcre: Integer overflow when parsi...

MiracleLinux 8 : php:7.3 (AXSA:2020-779:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-779:01 advisory. php: Out-of-bounds read due to integer overflow in iconvmimedecodeheaders CVE-2019-11039 php: Buffer over-read in exifreaddata CVE-2019-11040 php:...

MiracleLinux 9 : pcre2-10.37-5.el9 (AXSA:2022-3985:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3985:02 advisory. pcre2: Out-of-bounds read in compilexclassmatchingpath in pcre2jitcompile.c CVE-2022-1586 pcre2: Out-of-bounds read in getrecursedatalength in...

MiracleLinux 8 : pcre2-10.32-3.el8 (AXSA:2022-3702:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3702:01 advisory. pcre2: Out-of-bounds read in compilexclassmatchingpath in pcre2jitcompile.c CVE-2022-1586 Tenable has extracted the preceding description block directly from...

MiracleLinux 7 : grep-2.20-2.el7 (AXSA:2015-669:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2015-669:01 advisory. The GNU versions of commonly used grep utilities. Grep searches through textual input for lines which contain a match to a specified pattern and then prints t...