Lucene search
K

5 matches found

OSV
OSV
added 2026/06/01 9:16 a.m.7 views

PYSEC-2026-171

Apache Airflow's JWTRefreshMiddleware set the JWT auth cookie without the Secure flag, so deployments running the Airflow API server behind an HTTPS-terminating reverse proxy e.g. nginx / Envoy / a managed load balancer that terminates TLS and forwards plaintext to the API server, the default...

5.9CVSS5.9AI score0.00265EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.6 views

AlmaLinux 8 : nginx:1.24 (ALSA-2026:5581)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:5581 advisory. nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections CVE-2026-1642 Tenable has extracted the preceding description block directly...

8.2CVSS6.1AI score0.00339EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/11 12:0 a.m.15 views

AlmaLinux 9 : nginx:1.26 (ALSA-2026:4235)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:4235 advisory. nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections CVE-2026-1642 Tenable has extracted the preceding description block directly...

8.2CVSS6.1AI score0.00339EPSS
Exploits0References3
OSV
OSV
added 2026/03/10 12:0 a.m.7 views

ALSA-2026:4235 Moderate: nginx:1.26 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections CVE-2026-1642 For more details about the security issues,...

8.2CVSS5.8AI score0.00339EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.3 views

RockyLinux 9 : nginx:1.24 (RLSA-2026:3638)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:3638 advisory. nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections CVE-2026-1642 Tenable has extracted the preceding description block directly...

8.2CVSS6.1AI score0.00339EPSS
Exploits0References3
Rows per page
Query Builder