ROS-20260505-73-0074

A vulnerability in the ngxstreamsslmodule module of the NGINX Plus and NGINX Open Source HTTP server is related to a flaw in the authorization procedure. Exploitation of the vulnerability may allow a remote intruder to bypass security restrictions and gain unauthorized access to protected...

ROS-20260429-73-0042

A vulnerability in the ngxstreamsslmodule module of the NGINX Plus and NGINX Open Source HTTP server is related to a flaw in the authorization procedure. Exploitation of the vulnerability may allow a remote intruder to bypass security restrictions and gain unauthorized access to protected...

nginx 1.27.2 < 1.28.3 / 1.29.x < 1.29.7 OCSP Result Bypass

The installed version of nginx is 1.27.2 prior to 1.28.3, or 1.29.x prior to 1.29.7. It is, therefore, affected by the following issue : - NGINX Plus and NGINX Open Source have a vulnerability in the ngxstreamsslmodule module due to the improper handling of revoked certificates when configured wi...

DEBIAN-CVE-2026-28755

NGINX Plus and NGINX Open Source have a vulnerability in the ngxstreamsslmodule module due to the improper handling of revoked certificates when configured with the sslverifyclient on and sslocsp on directives, allowing the TLS handshake to succeed even after an OCSP check identifies the...

CVE-2026-28755

CVE-2026-28755 affects both NGINX Plus and NGINX Open Source via the ngx_stream_ssl_module . The vulnerability arises from improper handling of revoked certificates when ssl_verify_client is enabled and ssl_ocsp is on, causing the TLS handshake to succeed even after an OCSP revocation check ident...

K000160368: NGINX ngx_stream_ssl_module vulnerability CVE-2026-28755

Security Advisory Description NGINX Plus and NGINX Open Source have a vulnerability in the ngxstreamsslmodule module due to the improper handling of revoked certificates when configured with the sslverifyclient on and sslocsp on directives, allowing the TLS handshake to succeed even after an OCSP...

F5 NGINX Plus和F5 NGINX Open Source 安全漏洞

F5 NGINX Plus and F5 NGINX Open Source are both products of the American company F5. F5 NGINX Plus is a software-based application delivery platform. F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway. Both F5 NGINX Plus and F5 NGINX Open...

Malicious code in stratigraphy-stream-module-deneb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d977c2fcbc1ef3bde1d1344b871cea0952fe5c9401c83122d0b5e68a327e606f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

The vulnerability of the Message Stream module of the XWiki Platform, a platform for creating collaborative web applications. The XWiki Platform allows attackers to gain unauthorized access to protected information.

The vulnerability of the Message Stream module of the XWiki Platform, a platform for creating collaborative web applications, involves the disclosure of information in an unauthorized manner. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected informatio...

Unspecified Vulnerability in Google Chrome (CNVD-2024-35186)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security vulnerability that stems from a post-release usage issue found in the Media Stream module. No details of the vulnerability are provided at this time...