Lucene search
K

19024 matches found

RedhatCVE
RedhatCVE
added 2026/05/18 2:43 p.m.11 views

CVE-2026-6735

A flaw was found in PHP, specifically within the PHP-FPM status page. Due to improper sanitation of user data, a remote attacker can craft a malicious URL. When a user views the PHP-FPM status page with this crafted URL, it can lead to the execution of arbitrary JavaScript code Cross-Site Scripti...

8.8CVSS6AI score0.0021EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/05/18 1:2 p.m.24 views

nginx: NGINX: Arbitrary Code Execution Vulnerability

A flaw was found in NGINX, specifically within the ngxhttprewritemodule. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in...

9.2CVSS6.6AI score0.61469EPSS
Exploits39References6
CVE
CVE
added 2026/05/17 12:11 p.m.18 views

CVE-2018-25333

CVE-2018-25333 concerns the Nordex N149/4.0-4.5 Wind Turbine Web Server. The vulnerability is an SQL injection in the login flow: attackers can craft POST requests to login.php (no authentication required) to execute arbitrary SQL and potentially bypass login, leaking data. Affected software is N...

8.8CVSS6.1AI score0.00343EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/17 12:11 p.m.11 views

EUVD-2018-21857

Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the login parameter in login.php. Attackers can submit crafted POST requests with SQL injection payloa...

8.8CVSS6.1AI score0.00343EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/17 12:11 p.m.7 views

CVE-2018-25333 Nordex N149/4.0-4.5 Wind Turbine Web Server SQL Injection

Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the login parameter in login.php. Attackers can submit crafted POST requests with SQL injection payloa...

8.8CVSS6.1AI score0.00343EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.16 views

PT-2026-41559

Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the login parameter in login.php. Attackers can submit crafted POST requests with SQL injection payloa...

8.8CVSS6.1AI score0.00343EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/16 9:18 a.m.109 views

Exploit for Double Free in Apache Http_Server

cve-2026-23918 Defensive audit tools for CVE-2026-23918...

8.8CVSS6AI score0.4581EPSS
Exploits16
Microsoft CVE
Microsoft CVE
added 2026/05/16 8:4 a.m.14 views

NGINX ngx_http_ssl_module vulnerability

...

6.3CVSS6AI score0.00677EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/05/16 8:4 a.m.16 views

NGINX ngx_quic_module vulnerability

...

6.9CVSS5.8AI score0.00367EPSS
Exploits0
Fedora
Fedora
added 2026/05/15 10:45 p.m.16 views

[SECURITY] Fedora 42 Update: nginx-1.30.1-1.fc42

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

9.2CVSS6AI score0.61469EPSS
Exploits40
Fedora
Fedora
added 2026/05/15 9:9 p.m.17 views

[SECURITY] Fedora 43 Update: nginx-1.30.1-1.fc43

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

9.2CVSS6AI score0.61469EPSS
Exploits40
Fedora
Fedora
added 2026/05/15 8:58 p.m.16 views

[SECURITY] Fedora 44 Update: nginx-1.30.1-1.fc44

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

9.2CVSS6AI score0.61469EPSS
Exploits40
OSV
OSV
added 2026/05/15 2:1 p.m.10 views

OESA-2026-2317 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to modproxyajp and...

9.8CVSS5.8AI score0.01325EPSS
Exploits0References2
OSV
OSV
added 2026/05/15 8:50 a.m.5 views

BIT-NGINX-2026-40701 NGINX ngx_http_ssl_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpsslmodule module when the sslverifyclient directive is set to "on" or "optional," and the sslocsp directive is set to "on" or the leaf parameters are configured with a resolver. With this configuration, an unauthenticated attacke...

6.3CVSS5.8AI score0.00677EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/14 4:55 p.m.10 views

camel-http: Apache Camel: Information disclosure and authentication bypass in embedded HTTP/management servers

A flaw was found in the Apache Camel embedded HTTP server and embedded management server camel-platform-http-main. When authentication is enabled and a non-root context path is configured, the authentication handler incorrectly matches only the exact configured path, not its subpaths. This allows...

8.2CVSS5.7AI score0.00622EPSS
Exploits0References6
NVD
NVD
added 2026/05/14 3:16 p.m.18 views

CVE-2026-42559

RMCP is an official Rust SDK for the Model Context Protocol. Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport crates/rmcp/src/transport/streamablehttpserver/ did not validate the incoming Host header. This allowed a malicious public website, via a DNS rebinding attack, to...

8.8CVSS0.00213EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/14 2:30 p.m.38 views

CVE-2026-41937 Vvveb < 1.0.8.3 Unrestricted File Upload RCE via Plugin Upload

Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoint that allows superadmin users to execute arbitrary PHP code by uploading a malicious plugin ZIP file. Attackers can craft a ZIP containing a plugin.php with a valid Slug header and a...

8.6CVSS0.00403EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/14 2:24 p.m.40 views

CVE-2026-42559 RMCP: DNS rebinding vulnerability in rmcp Streamable HTTP server transport

RMCP is an official Rust SDK for the Model Context Protocol. Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport crates/rmcp/src/transport/streamablehttpserver/ did not validate the incoming Host header. This allowed a malicious public website, via a DNS rebinding attack, to...

8.8CVSS0.00213EPSS
Exploits0References5
Ubuntu
Ubuntu
added 2026/05/14 12:3 p.m.19 views

USN-8271-1: nginx vulnerability

It was discovered that the nginx ngxhttprewritemodule component incorrectly handled certain rewrite directives. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.2CVSS6.2AI score0.61469EPSS
Exploits39
RedhatCVE
RedhatCVE
added 2026/05/14 10:18 a.m.11 views

CVE-2026-42945

A flaw was found in NGINX, specifically within the ngxhttprewritemodule. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in...

9.2CVSS6.4AI score0.61469EPSS
Exploits39References5
Rows per page
Query Builder