BIT-NGINX-2026-42926 NGINX ngx_http_proxy_v2_module vulnerability

When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...

Security feature bypass

A security feature bypass vulnerability exists in the PowerShellGet V2 module. An attacker who successfully exploited this vulnerability could bypass WDAC Windows Defender Application Control policy and execute arbitrary code on a policy locked-down machine. An attacker must have administrator...

CVE-2020-16886

PowerShellGet 2.2+ module WDAC security feature bypass (CVE-2020-16886) affects Windows where WDAC policy allows the PowerShellGet V2 module to run. An attacker with administrator privileges can configure a policy to install the module from the PowerShell Gallery; once installed, a PowerShell scr...

DEBIAN-CVE-2018-16844

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngxhttpv2module not compiled by default if the 'http2' option of the 'listen' directive is used in a configuration file...