12418 matches found
CVE-2026-5674
A flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape sandboxed applications, such as Flatpak, by exploiting PipeWire's PulseAudio compatibility layer. An attacker with minimal permissions within a sandboxed environment can load a malicious library,...
CVE-2026-60065
When NGINX Plus is configured to use the Message Queuing Telemetry Transport MQTT filter module ngxstreammqttfiltermodule, unauthenticated attackers can send requests with conditions beyond the attacker's control to cause a heap buffer over-read in the NGINX worker process, leading to a restart...
EUVD-2026-44697
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpslicemodule module. When the slice directive and unnamed regex captures are configured or when a background cache update happens, unauthenticated attackers can send requests that may cause uninitialized memory access in the NGINX...
CVE-2026-60005
NGINX Plus and NGINX Open Source are affected by a vulnerability in the ngx_http_slice_module. When the slice directive and unnamed regex captures are configured, or during a background cache update, unauthenticated remote attackers can trigger uninitialized memory access in the worker process, p...
CVE-2026-56434
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpssimodule module. This vulnerability may exist when the Server-Side Includes SSI, proxypass, and proxybuffering off directives are configured. With this configuration, an unauthenticated attacker with man-in-the-middle MITM abili...
CVE-2026-56434 NGINX ngx_http_ssi_module vulnerability
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpssimodule module. This vulnerability may exist when the Server-Side Includes SSI, proxypass, and proxybuffering off directives are configured. With this configuration, an unauthenticated attacker with man-in-the-middle MITM abili...
EUVD-2026-44684
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpssimodule module. This vulnerability may exist when the Server-Side Includes SSI, proxypass, and proxybuffering off directives are configured. With this configuration, an unauthenticated attacker with man-in-the-middle MITM abili...
EUVD-2026-44685
When NGINX Plus is configured to use the Message Queuing Telemetry Transport MQTT filter module ngxstreammqttfiltermodule, unauthenticated attackers can send requests with conditions beyond the attacker's control to cause a heap buffer over-read in the NGINX worker process, leading to a restart...
CVE-2026-60065 NGINX Plus ngx_stream_mqtt_filter_module vulnerability
When NGINX Plus is configured to use the Message Queuing Telemetry Transport MQTT filter module ngxstreammqttfiltermodule, unauthenticated attackers can send requests with conditions beyond the attacker's control to cause a heap buffer over-read in the NGINX worker process, leading to a restart...
CVE-2026-60065
CVE-2026-60065 affects NGINX Plus when the MQTT filter module (ngx_stream_mqtt_filter_module) is enabled. Unauthenticated attackers can send crafted requests to trigger a heap buffer over-read in an NGINX worker process, potentially causing a restart. Impact is limited to data-plane availability ...
CVE-2026-56434
Summary: CVE-2026-56434 affects the nginx ngx_http_ssi_module in NGINX Plus and NGINX Open Source when SSI, proxy_pass, and proxy_buffering are configured off. An unauthenticated attacker with MITM control over upstream responses can trigger a heap buffer over-read in the nginx worker process, po...
K000162101: NGINX Plus ngx_stream_mqtt_filter_module vulnerability CVE-2026-60065
Security Advisory Description When NGINX Plus is configured to use the Message Queuing Telemetry Transport MQTT filter module ngxstreammqttfiltermodule, unauthenticated attackers can send requests with conditions beyond the attacker's control to cause a heap buffer over-read in the NGINX worker...
K000162100: NGINX ngx_http_slice_module vulnerability CVE-2026-60005
Security Advisory Description NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpslicemodule module. When the slice directive and unnamed regex captures are configured or when a background cache update happens, unauthenticated attackers can send requests that may cause...
K000162098: NGINX ngx_http_ssi_module vulnerability CVE-2026-56434
Security Advisory Description NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpssimodule module. This vulnerability may exist when the Server-Side Includes SSI, proxypass , and proxybuffering off directives are configured. With this configuration, an unauthenticated attacker wi...
PT-2026-60206
Name of the Vulnerable Software and Affected Versions NGINX Plus affected versions not specified NGINX Open Source affected versions not specified Description A flaw exists in the ngx http slice module module, which is enabled via the --with-http slice module configuration parameter...
PT-2026-60184
Name of the Vulnerable Software and Affected Versions NGINX Plus affected versions not specified NGINX Open Source affected versions not specified Description A use-after-free issue exists in the ngx http ssi module module. This occurs when Server-Side Includes SSI, proxy pass, and proxy bufferin...
CVE-2026-62655
A security flaw was found in certain NETGEAR Orbi models that could allow an unauthorized user to cause the device to stop responding or restart unexpectedly, disrupting network connectivity and making the device temporarily unavailable...
2026-07 Cumulative Update for Windows Server 2022 Datacenter: Azure Edition for x64-based Systems (KB5099540)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...
CVE-2026-10573
The vulnerability CVE-2026-10573 affects the 1734 POINT I/O module. The issue arises from improper handling of crafted CIP messages, which can cause the module to enter a faulted state. Exploitation leads to a denial-of-service condition, with the module requiring a restart to recover. Connected ...
CVE-2026-33799
An Out-of-bounds Write vulnerability in the SNMP daemon snmpd of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated network-based attacker sending specific valid SNMPv3 queries to trigger a memory leak. Over time, continuous receipt of these queries will result in snmpd proces...