19024 matches found
CVE-2026-6735
A flaw was found in PHP, specifically within the PHP-FPM status page. Due to improper sanitation of user data, a remote attacker can craft a malicious URL. When a user views the PHP-FPM status page with this crafted URL, it can lead to the execution of arbitrary JavaScript code Cross-Site Scripti...
nginx: NGINX: Arbitrary Code Execution Vulnerability
A flaw was found in NGINX, specifically within the ngxhttprewritemodule. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in...
CVE-2018-25333
CVE-2018-25333 concerns the Nordex N149/4.0-4.5 Wind Turbine Web Server. The vulnerability is an SQL injection in the login flow: attackers can craft POST requests to login.php (no authentication required) to execute arbitrary SQL and potentially bypass login, leaking data. Affected software is N...
EUVD-2018-21857
Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the login parameter in login.php. Attackers can submit crafted POST requests with SQL injection payloa...
CVE-2018-25333 Nordex N149/4.0-4.5 Wind Turbine Web Server SQL Injection
Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the login parameter in login.php. Attackers can submit crafted POST requests with SQL injection payloa...
PT-2026-41559
Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the login parameter in login.php. Attackers can submit crafted POST requests with SQL injection payloa...
Exploit for Double Free in Apache Http_Server
cve-2026-23918 Defensive audit tools for CVE-2026-23918...
NGINX ngx_http_ssl_module vulnerability
...
NGINX ngx_quic_module vulnerability
...
[SECURITY] Fedora 42 Update: nginx-1.30.1-1.fc42
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...
[SECURITY] Fedora 43 Update: nginx-1.30.1-1.fc43
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...
[SECURITY] Fedora 44 Update: nginx-1.30.1-1.fc44
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...
OESA-2026-2317 httpd security update
Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to modproxyajp and...
BIT-NGINX-2026-40701 NGINX ngx_http_ssl_module vulnerability
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpsslmodule module when the sslverifyclient directive is set to "on" or "optional," and the sslocsp directive is set to "on" or the leaf parameters are configured with a resolver. With this configuration, an unauthenticated attacke...
camel-http: Apache Camel: Information disclosure and authentication bypass in embedded HTTP/management servers
A flaw was found in the Apache Camel embedded HTTP server and embedded management server camel-platform-http-main. When authentication is enabled and a non-root context path is configured, the authentication handler incorrectly matches only the exact configured path, not its subpaths. This allows...
CVE-2026-42559
RMCP is an official Rust SDK for the Model Context Protocol. Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport crates/rmcp/src/transport/streamablehttpserver/ did not validate the incoming Host header. This allowed a malicious public website, via a DNS rebinding attack, to...
CVE-2026-41937 Vvveb < 1.0.8.3 Unrestricted File Upload RCE via Plugin Upload
Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoint that allows superadmin users to execute arbitrary PHP code by uploading a malicious plugin ZIP file. Attackers can craft a ZIP containing a plugin.php with a valid Slug header and a...
CVE-2026-42559 RMCP: DNS rebinding vulnerability in rmcp Streamable HTTP server transport
RMCP is an official Rust SDK for the Model Context Protocol. Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport crates/rmcp/src/transport/streamablehttpserver/ did not validate the incoming Host header. This allowed a malicious public website, via a DNS rebinding attack, to...
USN-8271-1: nginx vulnerability
It was discovered that the nginx ngxhttprewritemodule component incorrectly handled certain rewrite directives. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code...
CVE-2026-42945
A flaw was found in NGINX, specifically within the ngxhttprewritemodule. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in...