Lucene search
K

178 matches found

Nuclei
Nuclei
added yesterday37 views

uWSGI PHP Plugin Local File Inclusion

uWSGI PHP Plugin before 2.0.17 mishandles a DOCUMENTROOT check during use of the --php-docroot option, making it susceptible to local file inclusion. id: CVE-2018-7490 info: name: uWSGI PHP Plugin Local File Inclusion author: madrobot severity: high description: uWSGI PHP Plugin before 2.0.17...

7.5CVSS7AI score0.69907EPSS
Exploits5References5
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.9 views

SUSE SLES15 Security Update : nginx (SUSE-SU-2026:2370-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2370-1 advisory. This update for nginx fixes the following issues - CVE-2026-9256: heap buffer overflow in the ngxhttprewritemodule when using a...

9.2CVSS9AI score0.61469EPSS
Exploits43References22
SUSE Linux
SUSE Linux
added 2026/06/11 1:23 p.m.9 views

Security update for nginx

This update for nginx fixes the following issues CVE-2026-9256: heap buffer overflow in the ngxhttprewritemodule when using a configuration with overlapping captures bsc1266215. CVE-2026-27651: denial of service via undisclosed requests when the ngxmailauthhttpmodule is enabled bsc1260415...

9.2CVSS8.2AI score0.61469EPSS
Exploits43References28
OSV
OSV
added 2026/06/11 1:23 p.m.5 views

SUSE-SU-2026:2370-1 Security update for nginx

This update for nginx fixes the following issues - CVE-2026-9256: heap buffer overflow in the ngxhttprewritemodule when using a configuration with overlapping captures bsc1266215. - CVE-2026-27651: denial of service via undisclosed requests when the ngxmailauthhttpmodule is enabled bsc1260415. -...

9.2CVSS6.3AI score0.61469EPSS
Exploits43References15
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.120 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : nginx vulnerabilities (USN-8354-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8354-1 advisory. It was discovered that nginx did not properly validate source addresses in the HTTP/3 QUIC module. A remote attacker coul...

9.2CVSS6.6AI score0.04261EPSS
Exploits3References6
Ubuntu
Ubuntu
added 2026/06/01 1:52 p.m.41 views

USN-8354-1: nginx vulnerabilities

It was discovered that nginx did not properly validate source addresses in the HTTP/3 QUIC module. A remote attacker could possibly use this issue to bypass authorization checks or rate limiting. This issue only affected Ubuntu 25.04 and Ubuntu 25.10. CVE-2026-40460 It was discovered that nginx...

9.2CVSS6.2AI score0.04261EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.21 views

openSUSE 16 Security Update : nginx (openSUSE-SU-2026:20796-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20796-1 advisory. This update for nginx fixes the following issues - CVE-2026-27651: denial of service via undisclosed requests when the ngxmailauthhttpmodule is...

9.2CVSS9AI score0.61469EPSS
Exploits40References18
Mageia
Mageia
added 2026/05/26 1:55 a.m.22 views

Updated nginx packages fix security vulnerabilities

NGINX ngxquicmodule vulnerability. CVE-2026-40460 NGINX ngxhttpsslmodule vulnerability. CVE-2026-40701 NGINX ngxhttpproxyv2module vulnerability. CVE-2026-42926 NGINX ngxhttpcharsetmodule vulnerability. CVE-2026-42934 NGINX ngxhttprewritemodule vulnerability. CVE-2026-42945 NGINX ngxhttpscgimodule...

9.2CVSS6AI score0.61469EPSS
Exploits41References2
OSV
OSV
added 2026/05/26 1:55 a.m.17 views

MGASA-2026-0156 Updated nginx packages fix security vulnerabilities

NGINX ngxquicmodule vulnerability. CVE-2026-40460 NGINX ngxhttpsslmodule vulnerability. CVE-2026-40701 NGINX ngxhttpproxyv2module vulnerability. CVE-2026-42926 NGINX ngxhttpcharsetmodule vulnerability. CVE-2026-42934 NGINX ngxhttprewritemodule vulnerability. CVE-2026-42945 NGINX ngxhttpscgimodule...

9.2CVSS5.8AI score0.61469EPSS
Exploits41References3
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.23 views

SUSE SLES15 Security Update : nginx (SUSE-SU-2026:2050-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2050-1 advisory. This update for nginx fixes the following issues - CVE-2026-27651: denial of service via undisclosed requests when the...

9.2CVSS9AI score0.61469EPSS
Exploits40References19
SUSE Linux
SUSE Linux
added 2026/05/25 1:58 p.m.23 views

Security update for nginx

This update for nginx fixes the following issues CVE-2026-27651: denial of service via undisclosed requests when the ngxmailauthhttpmodule is enabled bsc1260415. CVE-2026-32647: NGINX worker memory over-read or over-write via a specially crafted MP4 file bsc1260420. CVE-2026-40701: heap...

8.6CVSS7.6AI score0.61469EPSS
Exploits40References24
OSV
OSV
added 2026/05/25 1:58 p.m.11 views

SUSE-SU-2026:2050-1 Security update for nginx

This update for nginx fixes the following issues - CVE-2026-27651: denial of service via undisclosed requests when the ngxmailauthhttpmodule is enabled bsc1260415. - CVE-2026-32647: NGINX worker memory over-read or over-write via a specially crafted MP4 file bsc1260420. - CVE-2026-40701: heap...

9.2CVSS7.6AI score0.61469EPSS
Exploits40References13
OSV
OSV
added 2026/05/25 7:42 a.m.8 views

OPENSUSE-SU-2026:20796-1 Security update for nginx

This update for nginx fixes the following issues - CVE-2026-27651: denial of service via undisclosed requests when the ngxmailauthhttpmodule is enabled bsc1260415. - CVE-2026-32647: NGINX worker memory over-read or over-write via a specially crafted MP4 file bsc1260420. - CVE-2026-40701: heap...

9.2CVSS7.6AI score0.61469EPSS
Exploits40References12
RedhatCVE
RedhatCVE
added 2026/05/20 10:3 p.m.15 views

CVE-2026-42946

A flaw was found in the ngxhttpscgimodule and ngxhttpuwsgimodule modules of NGINX. When scgipass or uwsgipass is configured, an unauthenticated attacker able to intercept and modify network traffic via a Man-In-The-Middle MITM attack and control the responses from an upstream server may be able t...

8.3CVSS5.8AI score0.00932EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Apache2

An HTTP response smuggling vulnerability exists in the Apache HTTP Server via modproxyuwsgi. This issue affects the Apache HTTP Server: from version 2.4.30 through 2.4.55. Special characters in the origin response header can cause the response forwarded to the client to be truncated or split...

7.5CVSS7.4AI score0.02134EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.11 views

FreeBSD : nginx-devel -- multiple vulnerabilities (1ed77d8e-53bb-11f1-b339-3497f65b111b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 1ed77d8e-53bb-11f1-b339-3497f65b111b advisory. The nginx project reports: nginx 1.31.0 fixes multiple security issues affecting HTTP/2...

9.2CVSS6AI score0.61469EPSS
Exploits41References9
BDU FSTEC
BDU FSTEC
added 2026/05/18 12:0 a.m.4 views

The vulnerabilities of the ngx_http_scgi_module and ngx_http_uwsgi_module modules in NGINX Plus and NGINX Open Source web servers allow a attacker to perform a “man-in-the-middle” attack.

The vulnerability of the ngxhttpscgimodule and ngxhttpuwsgimodule modules in NGINX Plus and NGINX Open Source web servers is related to uncontrolled memory consumption. Exploiting this vulnerability can allow a remote attacker to perform a “man-in-the-middle” attack...

6.5CVSS6.1AI score0.00932EPSS
Exploits0References6Affected Software11
Microsoft CVE
Microsoft CVE
added 2026/05/16 8:5 a.m.16 views

NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability

...

8.3CVSS6AI score0.00932EPSS
Exploits0
OSV
OSV
added 2026/05/15 8:50 a.m.7 views

BIT-NGINX-GATEWAY-2026-42946 NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability

A vulnerability exists in the ngxhttpscgimodule and ngxhttpuwsgimodule modules that may result in excessive memory allocation or an over-read of data. When scgipass or uwsgipass is configured, an unauthenticated attacker with man-in-the-middle MITM ability to control responses from an upstream...

8.3CVSS6AI score0.00932EPSS
Exploits0References2
OSV
OSV
added 2026/05/15 8:50 a.m.5 views

BIT-NGINX-2026-42946 NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability

A vulnerability exists in the ngxhttpscgimodule and ngxhttpuwsgimodule modules that may result in excessive memory allocation or an over-read of data. When scgipass or uwsgipass is configured, an unauthenticated attacker with man-in-the-middle MITM ability to control responses from an upstream...

8.3CVSS6AI score0.00932EPSS
Exploits0References2
Rows per page
Query Builder