110838 matches found
CVE-2026-42406
creationtimestamp| type| source ---|---|--- 2026-05-13 17:54:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlqunhxjd72e 2026-05-14 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/f5-products-multiple-vulnerabilities20260515...
MAL-2026-3663 Malicious code in chia-network (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c7439a1ad4a50c3852597bd31aaf7a3f15c53c2cb9f124b9b350e55517b5f592 The OpenSSF Package Analysis project identified 'chia-network' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
CVE-2026-42926
When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...
CVE-2026-42934
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When charset, sourcecharset, and charsetmap and proxypass with disabled buffering "off" directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers' contr...
ALPINE-CVE-2026-42926
When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...
ALPINE-CVE-2026-40460
When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-8463
creationtimestamp| type| source ---|---|--- 2026-05-13 16:16:19+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mlqpad2kf52e...
CVE-2026-8369
creationtimestamp| type| source ---|---|--- 2026-05-13 16:12:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlqozhmhzy2k...
GHSA-429Q-FHH4-R6HJ
creationtimestamp| type| source ---|---|--- 2026-05-13 16:10:29+00:00| seen| https://gist.github.com/alon710/81762c48278b036a7f34dc62e8a4137d...
CVE-2026-3425
creationtimestamp| type| source ---|---|--- 2026-05-13 15:56:43+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlqo5e3wo72g 2026-05-18 18:00:47+00:00| seen| https://bsky.app/profile/donwebmedia.bsky.social/post/3mm5hfskeat2c...
CVE-2026-6177
creationtimestamp| type| source ---|---|--- 2026-05-13 15:40:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlqnb4s65q2q 2026-05-15 03:50:46+00:00| seen| https://bsky.app/profile/donwebmedia.bsky.social/post/3mlugiqwy3k2a 2026-05-16 18:32:05+00:00| seen|...
GHSA-J274-39QW-32C9
creationtimestamp| type| source ---|---|--- 2026-05-13 15:40:29+00:00| seen| https://gist.github.com/alon710/ef3efe37eacc8d375596cddc56ee3bfb...
neo-pocs
neo-pocs Containerized proof-of-concept packages for reviewed...
CVE-2026-42926
When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...
CVE-2026-40460
When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-42926
When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...
CVE-2026-40460
When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-42926
When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...
CVE-2026-40701
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpsslmodule module when the sslverifyclient directive is set to "on" or "optional," and the sslocsp directive is set to "on" or the leaf parameters are configured with a resolver. With this configuration, an unauthenticated attacke...
CVE-2026-45616
creationtimestamp| type| source ---|---|--- 2026-05-13 14:00:05+00:00| seen| https://t.me/GithubRedTeam/84084 2026-05-13 21:00:04+00:00| published-proof-of-concept| Telegram/O41s4ZacceniC-zmRdA20LKtlUfLN8dJaI2Rmc1hsAXigiA...