Explore

Rapid Read Rapid Read
NGINX Vulnerability Exposes Web Servers to Potential Remote Code Execution

NGINX Vulnerability Exposes Web Servers to Potential Remote Code Execution

A critical vulnerability has been discovered in the NGINX open-source web server, which has been present for 18 years. This flaw, identified as CVE-2026-42945, allows for denial of service (DoS) attacks and potentially remote code execution (RCE) under certain conditions. The vulnerability was uncovered by DepthFirst AI using an autonomous scanning system and has been given a critical severity rating of 9.2 by the Common Vulnerability Scoring System (CVSS). The issue affects NGINX versions 0.6.27 through 1.30.0 and is related to a heap buffer overflow in the ngx_http_rewrite_module. This flaw can be triggered when NGINX configurations use both 'rewrite' and 'set' directives, a common pattern in API gateways and reverse proxy setups. The vulnerability stems from inconsistent state handling in NGINX's internal script engine, leading to a heap buffer overflow. DepthFirst AI demonstrated unauthenticated code execution via specially crafted HTTP requests, although this was achieved on systems with Address Space...
Rapid Read Rapid Read
Critical NGINX Vulnerability Exploited: PoC Code Released, Raising Security Concerns

Critical NGINX Vulnerability Exploited: PoC Code Released, Raising Security Concerns

A critical vulnerability in the NGINX web server, identified as CVE-2026-42945, has been disclosed with the release of proof-of-concept (PoC) exploit code. This vulnerability, which has a CVSS score of 9.2, was patched recently by F5 as part of their quarterly update. The flaw is a heap buffer overflow in the ngx_http_rewrite_module, which can lead to a denial-of-service (DoS) condition and potentially remote code execution (RCE) if Address Space Layout Randomization (ASLR) is disabled. The vulnerability affects NGINX servers using rewrite and set directives, and it involves a two-pass process in the script engine that can result in an undersized buffer allocation. This allows attacker-controlled data to overflow the buffer, potentially leading to RCE. F5 has released patches for NGINX Plus and open-source versions to address this issue.
Rapid Read Rapid Read
NGINX Vulnerability Exploit Code Released, Poses Security Risks

NGINX Vulnerability Exploit Code Released, Poses Security Risks

Technical details and proof-of-concept (PoC) exploit code for a critical vulnerability in NGINX have been published. The vulnerability, identified as CVE-2026-42945, has a CVSS score of 9.2 and was recently patched by F5. It involves a heap buffer overflow in the ngx_http_rewrite_module component, which can lead to a denial-of-service (DoS) condition or remote code execution (RCE) if Address Space Layout Randomization (ASLR) is disabled. The issue affects NGINX servers using rewrite and set directives, stemming from a two-pass process in the script engine that can result in an undersized buffer allocation. This allows attacker-controlled data to overflow the buffer. The vulnerability was introduced 16 years ago and has now been addressed in NGINX Plus versions 37.0.0, R36 P4, and R32 P6, as well as in NGINX open source versions 1.31.0 and 1.30.1.
Rapid Read Rapid Read
Linux Kernel Vulnerability Exposes Root-Owned Files to Unprivileged Users

Linux Kernel Vulnerability Exposes Root-Owned Files to Unprivileged Users

A new vulnerability in the Linux kernel, identified as ssh-keysign-pwn, has been discovered, allowing unprivileged users to access root-owned files. This security flaw affects all Linux kernel releases up to the latest Git state as of May 14, 2026. The vulnerability was reported by Qualys and has been addressed by a patch in the mainline Linux kernel, which modifies the kernel's ptrace behavior to resolve the issue. This development follows a series of recent vulnerabilities in the Linux kernel, including Dirty Frag Fragnesia.
Trendline Trendline
F5 Networks Addresses Over 50 Vulnerabilities in BIG-IP and NGINX Systems

F5 Networks Addresses Over 50 Vulnerabilities in BIG-IP and NGINX Systems

F5 Networks Addresses Over 50 Vulnerabilities in BIG-IP and NGINX Systems
Trendline Trendline
F5 Networks Addresses Over 50 Vulnerabilities in BIG-IP, BIG-IQ, and NGINX Systems

F5 Networks Addresses Over 50 Vulnerabilities in BIG-IP, BIG-IQ, and NGINX Systems

F5 Networks Addresses Over 50 Vulnerabilities in BIG-IP, BIG-IQ, and NGINX Systems
Trendline Trendline
New Windows Zero-Days Expose BitLocker Bypasses and Privilege Escalation Risks

New Windows Zero-Days Expose BitLocker Bypasses and Privilege Escalation Risks

New Windows Zero-Days Expose BitLocker Bypasses and Privilege Escalation Risks
Rapid Read Rapid Read
Security Researcher Reveals Vulnerability in Windows BitLocker Allowing Unauthorized Access

Security Researcher Reveals Vulnerability in Windows BitLocker Allowing Unauthorized Access

A security researcher, known by the aliases 'Nightmare-Eclipse' and 'Chaotic Eclipse', has disclosed a vulnerability in Microsoft's BitLocker disk encryption technology. The exploit, named YellowKey, allows unauthorized access to encrypted drives on Windows 11 and Windows Server 2022/2025 using a USB stick with specially crafted files. The vulnerability requires physical access to the target computer and involves using a feature called Transactional NTFS to bypass security measures. The researcher also hinted at another vulnerability, GreenPlasma, which could escalate privileges on Windows systems. The disclosure follows previous exploits by the same researcher, who criticized Microsoft's handling of security issues.
Trendline Trendline
Broadcom Releases Patch for High-Severity Vulnerability in VMware Fusion

Broadcom Releases Patch for High-Severity Vulnerability in VMware Fusion

Broadcom Releases Patch for High-Severity Vulnerability in VMware Fusion
Trendline Trendline
Fragnesia Flaw in Linux Kernel Allows Local Users Root Access, Raising Security Concerns

Fragnesia Flaw in Linux Kernel Allows Local Users Root Access, Raising Security Concerns

Fragnesia Flaw in Linux Kernel Allows Local Users Root Access, Raising Security Concerns
Trendline Trendline
OpenAI Confirms Data Breach Following Supply-Chain Attack on TanStack

OpenAI Confirms Data Breach Following Supply-Chain Attack on TanStack

OpenAI Confirms Data Breach Following Supply-Chain Attack on TanStack
Rapid Read Rapid Read
Linux Distributions Address Fragnesia Vulnerability Allowing Root Privilege Escalation

Linux Distributions Address Fragnesia Vulnerability Allowing Root Privilege Escalation

A new vulnerability in the Linux kernel, named Fragnesia and tracked as CVE-2026-46300, has been identified, affecting a majority of Linux distributions. This vulnerability resides in the kernel’s XFRM ESP-in-TCP subsystem and allows a local attacker to escalate privileges to root by overwriting sensitive system files. The vulnerability is similar to previously disclosed exploits known as Dirty Frag and Copy Fail. While a proof-of-concept exploit is available, there is currently no evidence of Fragnesia being exploited in the wild. Linux distributions have begun releasing patches to address this issue, and Microsoft has urged organizations to apply these patches promptly to mitigate potential risks.