Lucene search
K

1326 matches found

Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.9 views

PT-2026-53741

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.22 Apache Tomcat versions 10.1.0-M1 through 10.1.55 Apache Tomcat versions 9.0.0.M1 through 9.0.118 Apache Tomcat versions 8.5.0 through 8.5.100 Description An incorrect control flow implementation...

7.3CVSS5.7AI score0.00413EPSS
Exploits0References20
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.23 views

Linux Distros Unpatched Vulnerability : CVE-2026-53266

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: bridge: make ebtsnat ARP rewrite writable The ebtables SNAT target keeps the Ethernet source address rewrite behind skbensurewritableskb, 0. This is...

8.8CVSS6AI score0.00129EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:6 a.m.6 views

netfilter: bridge: make ebt_snat ARP rewrite writable

...

8.8CVSS5.8AI score0.00129EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.7 views

SUSE SLES16 Security Update : nginx (SUSE-SU-2026:22178-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:22178-1 advisory. This update for nginx fixes the following issue - CVE-2026-9256: heap buffer overflow in the ngxhttprewritemodule when using a configuratio...

9.2CVSS6.1AI score0.04261EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.10 views

AlmaLinux 9 : nginx:1.24 (ALSA-2026:28212)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:28212 advisory. nginx: ngxhttprewritemodule: code execution and denial of service CVE-2026-9256 Tenable has extracted the preceding description block directly from the AlmaLinux...

9.2CVSS6.3AI score0.04261EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.11 views

SUSE SLES16: apache2 / apache2-devel / apache2-event / apache2-manual / etc (SUSE-SU-2026:22209-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22209-1 advisory. This update for apache2 fixes the following issues - CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957...

9.8CVSS7.2AI score0.4581EPSS
Exploits18References34
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.9 views

RHEL 10 : nginx (RHSA-2026:29874)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:29874 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...

9.2CVSS6.3AI score0.04261EPSS
Exploits3References4
Redos
Redos
added 2026/06/26 12:0 a.m.9 views

ROS-20260626-73-0020

The vulnerability of the ngxhttprewritemodule module in NGINX Plus and NGINX Open Source web servers is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a denial-of-service attack by sending a specially crafte...

9.2CVSS6.3AI score0.04261EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.11 views

RockyLinux 10 : nginx (RLSA-2026:29874)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:29874 advisory. nginx: ngxhttprewritemodule: code execution and denial of service CVE-2026-9256 Tenable has extracted the preceding description block directly from the RockyLin...

9.2CVSS6.3AI score0.04261EPSS
Exploits3References3
OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5738 Contour has Lua code injection via Cookie Path Rewrite Policy in github.com/projectcontour/contour

Contour has Lua code injection via Cookie Path Rewrite Policy in github.com/projectcontour/contour...

8.1CVSS5.9AI score0.00481EPSS
Exploits0References7
Rockylinux
Rockylinux
added 2026/06/25 12:3 p.m.7 views

nginx:1.26 security update

An update is available for nginx, module.nginx. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list nginx is a web and proxy server supporting HTTP and other...

9.2CVSS6.4AI score0.04261EPSS
Exploits3
RedHat Linux
RedHat Linux
added 2026/06/25 10:49 a.m.3 views

nginx: ngx_http_rewrite_module: code execution and denial of service

A flaw was found in the ngxhttprewritemodule module of NGINX. When a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures and a replacement string that references multiple such captures in a redirect or arguments context, an...

9.2CVSS6.4AI score0.04261EPSS
Exploits3References5
Cvelist
Cvelist
added 2026/06/25 8:39 a.m.48 views

CVE-2026-53266 netfilter: bridge: make ebt_snat ARP rewrite writable

In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: make ebtsnat ARP rewrite writable The ebtables SNAT target keeps the Ethernet source address rewrite behind skbensurewritableskb, 0. This is intentional: at the bridge ebtables hooks the Ethernet header is...

8.8CVSS0.00129EPSS
Exploits0References8
CVE
CVE
added 2026/06/25 8:39 a.m.21 views

CVE-2026-53266

The CVE-2026-53266 entry concerns the Linux kernel netfilter bridge path, where ebt_snat ARP sender hardware address rewrite could be performed on non-writable memory. Root cause: ARP SHA is written via skb_store_bits() relative to skb->data, and skb_header_pointer() only safely reads the ARP ...

8.8CVSS5.7AI score0.00129EPSS
Exploits0References8Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/25 6:47 a.m.4 views

Important: Red Hat Security Advisory: nginx:1.26 security update

An update for the nginx:1.26 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.2CVSS6.4AI score0.04261EPSS
Exploits3References2
RedHat Linux
RedHat Linux
added 2026/06/25 6:47 a.m.8 views

nginx: ngx_http_rewrite_module: code execution and denial of service

A flaw was found in the ngxhttprewritemodule module of NGINX. When a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures and a replacement string that references multiple such captures in a redirect or arguments context, an...

9.2CVSS6.6AI score0.04261EPSS
Exploits3References5
OSV
OSV
added 2026/06/25 12:0 a.m.4 views

ALSA-2026:29874 Important: nginx security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: ngxhttprewritemodule: code execution and denial of service CVE-2026-9256 For more details about the security issues, including the impac...

9.2CVSS6.2AI score0.04261EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.9 views

RHEL 9 : nginx:1.26 (RHSA-2026:29151)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:29151 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...

9.2CVSS6.4AI score0.04261EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.11 views

AlmaLinux 8 : nginx:1.24 (ALSA-2026:28921)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:28921 advisory. nginx: ngxhttprewritemodule: code execution and denial of service CVE-2026-9256 Tenable has extracted the preceding description block directly from the AlmaLinux...

9.2CVSS6.4AI score0.04261EPSS
Exploits3References3
Cvelist
Cvelist
added 2026/06/24 8:55 p.m.57 views

CVE-2026-45687 Rocket.Chat: Authenticated Arbitrary Data Export Theft via Mass Assignment in sendFileMessage

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's sendFileMessage DDP method passes the entire attacker-supplied file object into Uploads.updateFileComplete, which merges it...

8.5CVSS0.00205EPSS
Exploits0References1
Rows per page
Query Builder