177 matches found
uWSGI PHP Plugin Local File Inclusion
uWSGI PHP Plugin before 2.0.17 mishandles a DOCUMENTROOT check during use of the --php-docroot option, making it susceptible to local file inclusion. id: CVE-2018-7490 info: name: uWSGI PHP Plugin Local File Inclusion author: madrobot severity: high description: uWSGI PHP Plugin before 2.0.17...
Astra Linux – Vulnerability in Apache2
An HTTP response smuggling vulnerability exists in the Apache HTTP Server via modproxyuwsgi. This issue affects the Apache HTTP Server: from version 2.4.30 through 2.4.55. Special characters in the origin response header can cause the response forwarded to the client to be truncated or split...
SUSE SLES15 Security Update : nginx (SUSE-SU-2026:2370-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2370-1 advisory. This update for nginx fixes the following issues - CVE-2026-9256: heap buffer overflow in the ngxhttprewritemodule when using a...
Security update for nginx
This update for nginx fixes the following issues CVE-2026-9256: heap buffer overflow in the ngxhttprewritemodule when using a configuration with overlapping captures bsc1266215. CVE-2026-27651: denial of service via undisclosed requests when the ngxmailauthhttpmodule is enabled bsc1260415...
SUSE-SU-2026:2370-1 Security update for nginx
This update for nginx fixes the following issues - CVE-2026-9256: heap buffer overflow in the ngxhttprewritemodule when using a configuration with overlapping captures bsc1266215. - CVE-2026-27651: denial of service via undisclosed requests when the ngxmailauthhttpmodule is enabled bsc1260415. -...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : nginx vulnerabilities (USN-8354-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8354-1 advisory. It was discovered that nginx did not properly validate source addresses in the HTTP/3 QUIC module. A remote attacker coul...
USN-8354-1: nginx vulnerabilities
It was discovered that nginx did not properly validate source addresses in the HTTP/3 QUIC module. A remote attacker could possibly use this issue to bypass authorization checks or rate limiting. This issue only affected Ubuntu 25.04 and Ubuntu 25.10. CVE-2026-40460 It was discovered that nginx...
openSUSE 16 Security Update : nginx (openSUSE-SU-2026:20796-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20796-1 advisory. This update for nginx fixes the following issues - CVE-2026-27651: denial of service via undisclosed requests when the ngxmailauthhttpmodule is...
MGASA-2026-0156 Updated nginx packages fix security vulnerabilities
NGINX ngxquicmodule vulnerability. CVE-2026-40460 NGINX ngxhttpsslmodule vulnerability. CVE-2026-40701 NGINX ngxhttpproxyv2module vulnerability. CVE-2026-42926 NGINX ngxhttpcharsetmodule vulnerability. CVE-2026-42934 NGINX ngxhttprewritemodule vulnerability. CVE-2026-42945 NGINX ngxhttpscgimodule...
Updated nginx packages fix security vulnerabilities
NGINX ngxquicmodule vulnerability. CVE-2026-40460 NGINX ngxhttpsslmodule vulnerability. CVE-2026-40701 NGINX ngxhttpproxyv2module vulnerability. CVE-2026-42926 NGINX ngxhttpcharsetmodule vulnerability. CVE-2026-42934 NGINX ngxhttprewritemodule vulnerability. CVE-2026-42945 NGINX ngxhttpscgimodule...
SUSE SLES15 Security Update : nginx (SUSE-SU-2026:2050-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2050-1 advisory. This update for nginx fixes the following issues - CVE-2026-27651: denial of service via undisclosed requests when the...
Security update for nginx
This update for nginx fixes the following issues CVE-2026-27651: denial of service via undisclosed requests when the ngxmailauthhttpmodule is enabled bsc1260415. CVE-2026-32647: NGINX worker memory over-read or over-write via a specially crafted MP4 file bsc1260420. CVE-2026-40701: heap...
SUSE-SU-2026:2050-1 Security update for nginx
This update for nginx fixes the following issues - CVE-2026-27651: denial of service via undisclosed requests when the ngxmailauthhttpmodule is enabled bsc1260415. - CVE-2026-32647: NGINX worker memory over-read or over-write via a specially crafted MP4 file bsc1260420. - CVE-2026-40701: heap...
OPENSUSE-SU-2026:20796-1 Security update for nginx
This update for nginx fixes the following issues - CVE-2026-27651: denial of service via undisclosed requests when the ngxmailauthhttpmodule is enabled bsc1260415. - CVE-2026-32647: NGINX worker memory over-read or over-write via a specially crafted MP4 file bsc1260420. - CVE-2026-40701: heap...
CVE-2026-42946
A flaw was found in the ngxhttpscgimodule and ngxhttpuwsgimodule modules of NGINX. When scgipass or uwsgipass is configured, an unauthenticated attacker able to intercept and modify network traffic via a Man-In-The-Middle MITM attack and control the responses from an upstream server may be able t...
FreeBSD : nginx-devel -- multiple vulnerabilities (1ed77d8e-53bb-11f1-b339-3497f65b111b)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 1ed77d8e-53bb-11f1-b339-3497f65b111b advisory. The nginx project reports: nginx 1.31.0 fixes multiple security issues affecting HTTP/2...
NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability
...
BIT-NGINX-GATEWAY-2026-42946 NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability
A vulnerability exists in the ngxhttpscgimodule and ngxhttpuwsgimodule modules that may result in excessive memory allocation or an over-read of data. When scgipass or uwsgipass is configured, an unauthenticated attacker with man-in-the-middle MITM ability to control responses from an upstream...
BIT-NGINX-2026-42946 NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability
A vulnerability exists in the ngxhttpscgimodule and ngxhttpuwsgimodule modules that may result in excessive memory allocation or an over-read of data. When scgipass or uwsgipass is configured, an unauthenticated attacker with man-in-the-middle MITM ability to control responses from an upstream...
SUSE CVE-2026-42946
A vulnerability exists in the ngxhttpscgimodule and ngxhttpuwsgimodule modules that may result in excessive memory allocation or an over-read of data. When scgipass or uwsgipass is configured, an unauthenticated attacker with man-in-the-middle MITM ability to control responses from an upstream...