Lucene search
K

180 matches found

OSV
OSV
•added 2026/05/26 1:55 a.m.•17 views

MGASA-2026-0156 Updated nginx packages fix security vulnerabilities

NGINX ngxquicmodule vulnerability. CVE-2026-40460 NGINX ngxhttpsslmodule vulnerability. CVE-2026-40701 NGINX ngxhttpproxyv2module vulnerability. CVE-2026-42926 NGINX ngxhttpcharsetmodule vulnerability. CVE-2026-42934 NGINX ngxhttprewritemodule vulnerability. CVE-2026-42945 NGINX ngxhttpscgimodule...

9.2CVSS5.8AI score0.61469EPSS
Exploits41References3
Mageia
Mageia
•added 2026/05/26 1:55 a.m.•22 views

Updated nginx packages fix security vulnerabilities

NGINX ngxquicmodule vulnerability. CVE-2026-40460 NGINX ngxhttpsslmodule vulnerability. CVE-2026-40701 NGINX ngxhttpproxyv2module vulnerability. CVE-2026-42926 NGINX ngxhttpcharsetmodule vulnerability. CVE-2026-42934 NGINX ngxhttprewritemodule vulnerability. CVE-2026-42945 NGINX ngxhttpscgimodule...

9.2CVSS6AI score0.61469EPSS
Exploits41References2
Amazon
Amazon
•added 2026/05/26 12:0 a.m.•22 views

Important: nginx

Issue Overview: When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are...

9.2CVSS6.3AI score0.61469EPSS
Exploits41
Amazon
Amazon
•added 2026/05/26 12:0 a.m.•17 views

Important: nginx

Issue Overview: When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are...

9.2CVSS6.5AI score0.61469EPSS
Exploits41
Tenable Nessus
Tenable Nessus
•added 2026/05/26 12:0 a.m.•19 views

nginx 0.6.27 < 1.30.1 ngx_http_rewrite_module Heap Buffer Overflow

According to its Server response header, the installed version of nginx is 0.6.27 prior to 1.30.1. It is, therefore, affected by the following issue : - NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when the rewrite directive i...

9.2CVSS6.8AI score0.61469EPSS
Exploits40References3
Tenable Nessus
Tenable Nessus
•added 2026/05/26 12:0 a.m.•22 views

SUSE SLES15 Security Update : nginx (SUSE-SU-2026:2050-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2050-1 advisory. This update for nginx fixes the following issues - CVE-2026-27651: denial of service via undisclosed requests when the...

9.2CVSS9AI score0.61469EPSS
Exploits40References19
Tenable Nessus
Tenable Nessus
•added 2026/05/26 12:0 a.m.•12 views

FreeBSD : nginx -- heap buffer overflow in ngx_http_rewrite_module (36a3131d-5600-11f1-b339-3497f65b111b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 36a3131d-5600-11f1-b339-3497f65b111b advisory. The nginx developers report: A heap memory buffer overflow might occur in a worker process when using a...

9.2CVSS6.3AI score0.04261EPSS
Exploits3References3
SUSE Linux
SUSE Linux
•added 2026/05/25 1:58 p.m.•23 views

Security update for nginx

This update for nginx fixes the following issues CVE-2026-27651: denial of service via undisclosed requests when the ngxmailauthhttpmodule is enabled bsc1260415. CVE-2026-32647: NGINX worker memory over-read or over-write via a specially crafted MP4 file bsc1260420. CVE-2026-40701: heap...

8.6CVSS7.6AI score0.61469EPSS
Exploits40References24
OSV
OSV
•added 2026/05/25 1:58 p.m.•11 views

SUSE-SU-2026:2050-1 Security update for nginx

This update for nginx fixes the following issues - CVE-2026-27651: denial of service via undisclosed requests when the ngxmailauthhttpmodule is enabled bsc1260415. - CVE-2026-32647: NGINX worker memory over-read or over-write via a specially crafted MP4 file bsc1260420. - CVE-2026-40701: heap...

9.2CVSS7.6AI score0.61469EPSS
Exploits40References13
OSV
OSV
•added 2026/05/25 12:31 p.m.•7 views

CLSA-2026-1779712300 Fix CVE(s): CVE-2026-9256

SECURITY UPDATE: heap buffer overflow in ngxhttprewritemodule with overlapping captures - debian/patches/CVE-2026-9256.patch: fix heap buffer overflow in ngxhttpscriptregexstartcode when a rewrite replacement string with no variables has overlapping captures, by moving the per-capture length...

9.2CVSS6AI score0.04261EPSS
Exploits3References1
OSV
OSV
•added 2026/05/25 7:42 a.m.•7 views

OPENSUSE-SU-2026:20796-1 Security update for nginx

This update for nginx fixes the following issues - CVE-2026-27651: denial of service via undisclosed requests when the ngxmailauthhttpmodule is enabled bsc1260415. - CVE-2026-32647: NGINX worker memory over-read or over-write via a specially crafted MP4 file bsc1260420. - CVE-2026-40701: heap...

9.2CVSS7.6AI score0.61469EPSS
Exploits40References12
GithubExploit
GithubExploit
•added 2026/05/25 1:35 a.m.•114 views

Exploit for CVE-2026-42945

CVE-2026-42945 - ngxhttprewritemodule module. This vulnerab...

9.2CVSS6.4AI score0.61469EPSS
Exploits40
BDU FSTEC
BDU FSTEC
•added 2026/05/25 12:0 a.m.•4 views

The vulnerability of the ngx_http_rewrite_module module in NGINX Plus and NGINX Open Source web servers allows a attacker to execute arbitrary code or cause service interruptions.

The vulnerability of the ngxhttprewritemodule module in NGINX Plus and NGINX Open Source web servers is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a denial-of-service attack by sending a specially crafte...

8.1CVSS6.3AI score0.04261EPSS
Exploits3References10Affected Software12
GithubExploit
GithubExploit
•added 2026/05/23 3:21 p.m.•100 views

Exploit for CVE-2026-42945

CVE-2026-42945 - Critical NGINX RCE CVSS 9.2 Classifi...

9.2CVSS6.3AI score0.61469EPSS
Exploits40
SUSE CVE
SUSE CVE
•added 2026/05/23 1:30 a.m.•30 views

SUSE CVE-2026-9256

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...

8.1CVSS6.2AI score0.04261EPSS
Exploits3References11
GithubExploit
GithubExploit
•added 2026/05/22 6:23 p.m.•123 views

Exploit for CVE-2026-42945

NGINX Rift — CVE-2026-42945 RCE proof-of-concept for CVE-20...

9.2CVSS6.8AI score0.61469EPSS
Exploits40
OSV
OSV
•added 2026/05/22 3:16 p.m.•12 views

ALPINE-CVE-2026-9256

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...

9.2CVSS6.2AI score0.04261EPSS
Exploits3References1
NVD
NVD
•added 2026/05/22 3:16 p.m.•15 views

CVE-2026-9256

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...

9.2CVSS0.04261EPSS
Exploits3References13
OSV
OSV
•added 2026/05/22 3:16 p.m.•9 views

UBUNTU-CVE-2026-9256

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...

9.2CVSS6.2AI score0.04261EPSS
Exploits3References6
CVE
CVE
•added 2026/05/22 2:11 p.m.•303 views

CVE-2026-9256

NGINX Plus and NGINX Open Source expose a vulnerability in the ngx_http_rewrite_module when a rewrite directive uses distinct, overlapping PCRE captures (e.g., ^/((.*))$) and the replacement references multiple captures (e.g., $1$2) in redirects or arguments. An unauthenticated attacker can send ...

9.2CVSS6.2AI score0.04261EPSS
Exploits3References13Affected Software2
Rows per page
Query Builder