nginx: ngx_http_rewrite_module: code execution and denial of service

A flaw was found in the ngxhttprewritemodule module of NGINX. When a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures and a replacement string that references multiple such captures in a redirect or arguments context, an...

nginx: ngx_http_rewrite_module: code execution and denial of service

A flaw was found in the ngxhttprewritemodule module of NGINX. When a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures and a replacement string that references multiple such captures in a redirect or arguments context, an...

Important: Red Hat Security Advisory: nginx:1.24 security update

An update for the nginx:1.24 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

nginx:1.24 security update

An update is available for nginx, module.nginx. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list nginx is a web and proxy server supporting HTTP and other...

nginx: ngx_http_rewrite_module: code execution and denial of service

A flaw was found in the ngxhttprewritemodule module of NGINX. When a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures and a replacement string that references multiple such captures in a redirect or arguments context, an...

CVE-2026-55249

@rtk-ai/rtk-rewrite transparently rewrites shell commands executed via OpenClaw's exec tool to their RTK equivalents. In 1.0.0, the @rtk-ai/rtk-rewrite OpenClaw plugin passes attacker-controlled input directly into a shell-backed execSync template string without shell-safe escaping. JSON.stringif...

CVE-2026-54555

CVE-2026-54555 affects rtK prior to 0.42.2. The issue lies in the permission splitter, which failed to conservatively split or reject shell constructs Bash treats as command boundaries or nested execution. Consequently, a command starting with an allowed prefix (e.g., git) could conceal a second,...

EUVD-2026-38571

@rtk-ai/rtk-rewrite transparently rewrites shell commands executed via OpenClaw's exec tool to their RTK equivalents. In 1.0.0, the @rtk-ai/rtk-rewrite OpenClaw plugin passes attacker-controlled input directly into a shell-backed execSync template string without shell-safe escaping. JSON.stringif...

CVE-2026-55249

The CVE-2026-55249 entry concerns @rtk-ai/rtk-rewrite, an OpenClaw plugin that rewrites shell commands via execSync using a template string. The root cause is attacker-controlled input injected directly into the shell-backed template without proper escaping; JSON.stringify wraps the value in quot...

PT-2026-51583

Name of the Vulnerable Software and Affected Versions rtk versions prior to 0.42.2 Description A flaw in the permission splitter logic fails to conservatively split or reject certain Bash shell constructs that create command-execution boundaries or nested execution. This improper input validation...

CVE-2026-54911 UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps or ujson.dump or ujson.encode have a rejectbytes=False option. When set, they may accept malformed or truncated UTF-8 byte sequences, silently rewriting them into different...

UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()

Summary ujson.dumps or ujson.dump or ujson.encode have a rejectbytes=False option. When set, they may accept malformed or truncated UTF-8 byte sequences, silently rewriting them into different Unicode characters instead of rejecting them. This leads to input validation bypass and data integrity...

Astra Linux – Vulnerability in Tomcat9

Apache Tomcat has a Relative Path Traversal vulnerability. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This created the possibility that, for rewrite rules that modify query parameters into the URL, an attacker could manipulate the...

Astra Linux – Vulnerability in Apache2

A potential vulnerability in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly set up URLs to be handled by modproxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

Astra Linux – Vulnerability in SQLite3

SQLite 3.30.1 improperly handles certain parser-tree rewrites, related to files expr.c, vdbeaux.c, and window.c. This issue is caused by incorrect error handling in the sqlite3WindowRewrite function...

Exploit for CVE-2026-42945

CVE-2026-42945 — NGINX Rift Critical heap buffer overflow in...

Exploit for CVE-2026-42945

CVE-2026-42945 NGINX Rift RCE PoC with Reverse Shell Remote...

SUSE SLES15 Security Update : nginx (SUSE-SU-2026:2370-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2370-1 advisory. This update for nginx fixes the following issues - CVE-2026-9256: heap buffer overflow in the ngxhttprewritemodule when using a...

SUSE SLES15 Security Update : nginx (SUSE-SU-2026:2307-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2307-1 advisory. This update for nginx fixes the following issue - CVE-2026-9256: heap buffer overflow in the ngxhttprewritemodule when using a configuration...

Budibase: Basic app users can exfiltrate stored REST datasource auth by rewriting datasource base URL

Summary Budibase stores external REST datasource credentials server-side and documents that database credentials are applied server-side and are not exposed in the UI. The REST datasource implementation redacts stored Basic/Bearer/OAuth2 auth secrets before returning datasource data to clients...