Lucene search
+L

68 matches found

FreeBSD
FreeBSD
added 2026/05/14 12:0 a.m.23 views

www/nginx -- Remote Code Execution/DoS

nginx development team reports: When using the "proxysetbody" directive, an attacker might inject data in the proxied request to an HTTP/2 backend A heap memory buffer overflow might occur in a worker process while handling a specially crafted request by ngxhttprewritemodule, potentially resultin...

9.2CVSS6.1AI score0.61469EPSS
Exploits41
EUVD
EUVD
added 2026/05/13 6:30 p.m.17 views

EUVD-2026-30011

A vulnerability exists in the ngxhttpscgimodule and ngxhttpuwsgimodule modules that may result in excessive memory allocation or an over-read of data. When scgipass or uwsgipass is configured, an unauthenticated attacker with man-in-the-middle MITM ability to control responses from an upstream...

8.3CVSS5.8AI score0.00932EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 4:16 p.m.14 views

CVE-2026-42946

A vulnerability exists in the ngxhttpscgimodule and ngxhttpuwsgimodule modules that may result in excessive memory allocation or an over-read of data. When scgipass or uwsgipass is configured, an unauthenticated attacker with man-in-the-middle MITM ability to control responses from an upstream...

8.3CVSS0.00932EPSS
Exploits0References1
OSV
OSV
added 2026/05/13 4:16 p.m.1 views

CVE-2026-42946

A vulnerability exists in the ngxhttpscgimodule and ngxhttpuwsgimodule modules that may result in excessive memory allocation or an over-read of data. When scgipass or uwsgipass is configured, an unauthenticated attacker with man-in-the-middle MITM ability to control responses from an upstream...

7.4CVSS5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/13 4:16 p.m.9 views

ALPINE-CVE-2026-42946

A vulnerability exists in the ngxhttpscgimodule and ngxhttpuwsgimodule modules that may result in excessive memory allocation or an over-read of data. When scgipass or uwsgipass is configured, an unauthenticated attacker with man-in-the-middle MITM ability to control responses from an upstream...

7.4CVSS6AI score0.00932EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/13 2:12 p.m.25 views

CVE-2026-42946

A vulnerability exists in the ngxhttpscgimodule and ngxhttpuwsgimodule modules that may result in excessive memory allocation or an over-read of data. When scgipass or uwsgipass is configured, an unauthenticated attacker with man-in-the-middle MITM ability to control responses from an upstream...

8.3CVSS5.8AI score0.00932EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:12 p.m.16 views

CVE-2026-42946

A vulnerability exists in the ngxhttpscgimodule and ngxhttpuwsgimodule modules that may result in excessive memory allocation or an over-read of data. When scgipass or uwsgipass is configured, an unauthenticated attacker with man-in-the-middle MITM ability to control responses from an upstream...

8.3CVSS5.8AI score0.00932EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/13 2:12 p.m.57 views

CVE-2026-42946

A vulnerability CVE-2026-42946 affects the NGINX ngx_http_scgi_module and ngx_http_uwsgi_module. When scgi_pass or uwsgi_pass is configured, an unauthenticated attacker with MITM control over upstream responses may trigger excessive memory allocation or an out-of-bounds read in the NGINX worker, ...

8.3CVSS5.8AI score0.00932EPSS
Exploits0References1Affected Software7
Cvelist
Cvelist
added 2026/05/13 2:12 p.m.43 views

CVE-2026-42946 NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability

A vulnerability exists in the ngxhttpscgimodule and ngxhttpuwsgimodule modules that may result in excessive memory allocation or an over-read of data. When scgipass or uwsgipass is configured, an unauthenticated attacker with man-in-the-middle MITM ability to control responses from an upstream...

8.3CVSS0.00932EPSS
Exploits0References1
Nginx
Nginx
added 2026/05/13 2:12 p.m.46 views

Buffer overread in the ngx_http_scgi_module and ngx_http_uwsgi_module

Buffer overread in the ngxhttpscgimodule and ngxhttpuwsgimodule Severity: medium CVE-2026-42946 Not vulnerable: 1.31.0+, 1.30.1+ Vulnerable: 0.8.42-1.30.0...

8.3CVSS5.8AI score0.00932EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/05/13 2:12 p.m.9 views

CVE-2026-42946

A vulnerability exists in the ngxhttpscgimodule and ngxhttpuwsgimodule modules that may result in excessive memory allocation or an over-read of data. When scgipass or uwsgipass is configured, an unauthenticated attacker with man-in-the-middle MITM ability to control responses from an upstream...

8.3CVSS6AI score0.00932EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/05/13 1:11 p.m.19 views

K000161027: NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability CVE-2026-42946

Security Advisory Description A vulnerability exists in the ngxhttpscgimodule and ngxhttpuwsgimodule modules that may result in excessive memory allocation or an over-read of data. When scgipass or uwsgipass is configured, an unauthenticated attacker with man-in-the-middle MITM ability to control...

8.3CVSS6.2AI score0.00932EPSS
Exploits0Affected Software9
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.14 views

PT-2026-40682

Name of the Vulnerable Software and Affected Versions NGINX affected versions not specified Description An issue in the ngx http scgi module and ngx http uwsgi module modules can lead to excessive memory allocation or an over-read of data. When scgi pass or uwsgi pass is configured, an...

8.3CVSS6AI score0.00932EPSS
Exploits0References65
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

F5 NGINX Plus和F5 NGINX Open Source 安全漏洞

F5 NGINX Plus and F5 NGINX Open Source are both products of the American company F5. F5 NGINX Plus is a software-based application delivery platform. F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway. Both F5 NGINX Plus and F5 NGINX Open...

8.3CVSS6AI score0.00932EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2026/05/13 12:0 a.m.25 views

nginx-devel -- multiple vulnerabilities

The nginx project reports: nginx 1.31.0 fixes multiple security issues affecting HTTP/2 proxying, rewrite handling, SCGI/uWSGI response handling, charset conversion, HTTP/3 connection migration, and OCSP resolver response processing...

9.2CVSS6AI score0.61469EPSS
Exploits41References2
vulnersOsv
vulnersOsv
added 2024/12/12 2:46 p.m.5 views

@agent_z/egg (>=1.0.0 <=1.0.2), @ccci/micro-server (>=1.0.57 <=1.0.132) +16 more potentially affected by CVE-2024-21548 via bun (>=0.0.2 <=1.1.3)

bun NPM version =0.0.2, =1.0.0, =1.0.57, =1.0.0, =0.0.0, =0.0.2, =0.0.3, =0.0.2, =0.0.3, =0.2.0, =0.0.55, =0.1.0, =0.1.1 and more Source cves: CVE-2024-21548 Source advisory: SNYK:JS-BUN-8499549...

7.7CVSS5.8AI score0.00647EPSS
Exploits0
NVD
NVD
added 2024/12/02 4:15 p.m.20 views

CVE-2024-53459

Sysax Multi Server 6.99 is vulnerable to Cross Site Scripting XSS via the /scgi?sid parameter...

5.4CVSS0.00303EPSS
Exploits1References1
OSV
OSV
added 2024/12/02 4:15 p.m.3 views

CVE-2024-53459

Sysax Multi Server 6.99 is vulnerable to Cross Site Scripting XSS via the /scgi?sid parameter...

5.4CVSS5.8AI score0.00303EPSS
Exploits1References1
CVE
CVE
added 2024/12/02 12:0 a.m.58 views

CVE-2024-53459

Sysax Multi Server 6.99 is vulnerable to Cross Site Scripting (XSS) via the /scgi?sid parameter. This CVE (CVE-2024-53459) is documented across multiple sources (NVD, Red Hat, CNVD, CVE listing, etc.) with no explicit exploit details or mitigation guidance provided in the connected records. The v...

5.4CVSS5.8AI score0.00303EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/02 12:0 a.m.12 views

CVE-2024-53459

Sysax Multi Server 6.99 is vulnerable to Cross Site Scripting XSS via the /scgi?sid parameter...

6AI score0.00303EPSS
Exploits1References1
Rows per page
Query Builder