#nginx

[ follow ]
#cve-2026-42945 #heap-buffer-overflow #remote-code-execution #denial-of-service #web-server
#cve-2026-42945
fromSecurityWeek
2 weeks ago
Information security

PoC Code Published for Critical NGINX Vulnerability

CVE-2026-42945 enables heap buffer overflow in NGINX rewrite module, causing DoS and potential RCE when ASLR is disabled.
fromThe Hacker News
2 weeks ago
Information security

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

NGINX Rift is a critical ngx_http_rewrite_module heap buffer overflow enabling remote code execution or denial-of-service via crafted requests.
Information security
fromtheregister
1 week ago

NGINX Rift attackers waste no time targeting exposed servers

An unauthenticated heap buffer overflow in NGINX can crash worker processes and, under rare conditions, enable code execution, with active exploitation observed days after disclosure.
Information security
fromSecurityWeek
1 week ago

Exploitation of Critical NGINX Vulnerability Begins

CVE-2026-42945 enables remote heap buffer overflow exploitation in NGINX rewrite, with DoS on default setups and possible RCE when ASLR is disabled.
Information security
fromThe Hacker News
1 week ago

NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

CVE-2026-42945 in NGINX heap overflow is actively exploited, enabling unauthenticated worker crashes and potential RCE when ASLR is disabled and specific configuration is known.
Information security
fromThe Hacker News
2 weeks ago

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

NGINX Rift is a critical ngx_http_rewrite_module heap buffer overflow enabling remote code execution or denial-of-service via crafted requests.
more#cve-2026-42945
fromThe Hacker News
3 months ago

Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign

Datadog Security Labs said it observed threat actors associated with the recent React2Shell ( CVE-2025-55182, CVSS score: 10.0) exploitation using malicious NGINX configurations to pull off the attack. "The malicious configuration intercepts legitimate web traffic between users and websites and routes it through attacker-controlled backend servers," security researcher Ryan Simon said. "The campaign targets Asian TLDs (.in, .id, .pe, .bd, .th), Chinese hosting infrastructure (Baota Panel), and government and educational TLDs (.edu, .gov)."
Information security
fromMedium
10 months ago

Deploying Wazuh on Docker: Simplifying Security Monitoring Configuration

Minimum 6 GB of dedicated RAM and a multi-core CPU are recommended for optimal performance in a complete Wazuh stack deployment.
Software development
fromNew Relic
11 months ago

How to troubleshoot common NGINX errors

NGINX errors can severely impact web server performance and user experience, making it critical for administrators to understand and troubleshoot these issues.
Web development
[ Load more ]