CVE-2026-42945

Overview

F5
NGINX Plus

13 May 2026

Published

14 May 2026

Updated

CVSS v3.1

HIGH (8.1)

EPSS

0.15%

MITRE

KEV

Description

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR ) disabled, code execution is possible. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Statistics

6 Posts
1 Interaction

Last activity: 5 hours ago

Bluesky

Blockchain Report @blockchainreport.bsky.social

Ledger CTO warns of critical NGINX vulnerability (CVE-2026-42945) affecting many versions. Less than 30% of servers are updated, risking widespread exploitation, including potential RCE. Urgent patching needed! #crypto #blockchain #news

0
1
0
12h ago

Information Security Briefly @infosecbriefly.bsky.social

CVE-2026-42945 in NGINX heap overflow is actively exploited, enabling unauthenticated worker crashes and potential RCE when ASLR is disabled and specific configuration is known.

0
0
0
12h ago

Ninja Owl @ninjaowl.ai

NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...

0
0
0
12h ago

Cybersecurity News Everyday @hendryadrian.bsky.social

NGINX CVE-2026-42945 is being exploited in the wild, with heap overflow attacks crashing workers and possibly enabling RCE. VulnCheck also saw chained openDCIM exploits linked to a Chinese IP. #NGINX #openDCIM #China

0
0
0
5h ago

Lead Better Today @lbtoday1.bsky.social

Nginx CVE-2026-42945 Exploited in the Wild A critical vulnerability in Nginx, a popular open-source web server software, is currently being actively exploited in the wild. The attackers are exploiting this flaw to deploy various payloads, including cryptocurrency miners and web shells.

0
0
0
5h ago

CyberVeille @cyberveille-ch.bsky.social

📢 NGINX Rift : RCE critique via un heap overflow vieux de 18 ans (CVE-2026-42945) 📝 ## 🔍 Contexte Publié le 13 mai 2026 par Zhenpeng (Leo) Lin, chercheu… https://cyberveille.ch/posts/2026-05-15-nginx-rift-rce-critique-via-un-heap-overflow-vieux-de-18-ans-cve-2026-42945/ #CVE_2026_40701 #Cyberveille

0
0
0
6h ago

CVE-2026-46333

Overview

Linux
Linux

15 May 2026

Published

17 May 2026

Updated

CVSS

Pending

EPSS

0.03%

MITRE

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'get_dumpable()' logic The 'dumpability' of a task is fundamentally about the memory image of the task - the concept comes from whether it can core dump or not - and makes no sense when you don't have an associated mm. And almost all users do in fact use it only for the case where the task has a mm pointer. But we have one odd special case: ptrace_may_access() uses 'dumpable' to check various other things entirely independently of the MM (typically explicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for threads that no longer have a VM (and maybe never did, like most kernel threads). It's not what this flag was designed for, but it is what it is. The ptrace code does check that the uid/gid matches, so you do have to be uid-0 to see kernel thread details, but this means that the traditional "drop capabilities" model doesn't make any difference for this all. Make it all make a *bit* more sense by saying that if you don't have a MM pointer, we'll use a cached "last dumpability" flag if the thread ever had a MM (it will be zero for kernel threads since it is never set), and require a proper CAP_SYS_PTRACE capability to override.

Statistics

5 Posts
8 Interactions

Last activity: 8 hours ago

Fediverse

N_{Dario Fadda} @nuke

CVE-2026-46333: ‘ssh-keysign-pwn’ Linux Kernel Flaw Exposes SSH Keys and Shadow Passwords — Public PoC Released
#CyberSecurity
https://securebulletin.com/cve-2026-46333-ssh-keysign-pwn-linux-kernel-flaw-exposes-ssh-keys-and-shadow-passwords-public-poc-released/

7
0
0
15h ago

Jon @jon

#Ubuntu still doesn't have a patch or even a security notice for #sshkeysignpwn ...

How is this everyone else has been patched for days!

#Debian had a fix Friday morning...#DomumSocial is running on Debian, but in my day job I'm stuck with Ubuntu.

If you're also stuck with Ubuntu there is a mitigation:

`sudo sysctl -w kernel.yama.ptrace_scope=3`

I've tested this against the know exploit code at https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn

This will disable the vulnerable ptrace call until the next reboot

Seeking confirmation of my theory I was able to find:
https://almalinux.org/blog/2026-05-15-ssh-keysign-pwn-cve-2026-46333/

you can also set "yama.ptrace_scope" to "2" which will only allow root to use ptrace (and will also allow resetting it w/o reboot). The link above has more explanations and directions for setting it persistently across reboot for now.

This will break `strace` and `gdb`!

#Linux #sysadmin #security

0
0
0
8h ago

Sourceware @sourceware

To make sure the latest linux kernel security issues (CVE-2026-43284, CVE-2026-43500, CVE-2026-46300, CVE-2026-46333) are properly patched we have rebooted various systems (again).

Specifically you might have seen interruptions for starfive-{1-4}, debian-i386, debian-i386-2, debian-armhf, snapshots, osuosl-arm64, osuosl-arm64-2, sw3bb1, sw3bb2, sw3runner1, sw3runner2, sourceware-builder3, rh-ospo-sourceware01, forge and forge-stage.

0
0
0
16h ago

Bluesky

Eyal Estrin ☁️ @eyalestrin.bsky.social

Linux Kernel ptrace Exit-race / ssh-keysign-pwn Vulnerability (CVE-2026-46333) #patchmanagement

0
1
0
17h ago

OMO @omo.bsky.social

SIOSセキュリティブログを更新しました。 Linux Kernelの脆弱性(ssh-keygen-pwn: Important: CVE-2026-46333) #security #vulnerability #セキュリティ #脆弱性 #linux #kernel #lpe #ptrace #ssh-keygen-pwn security.sios.jp/vulnerabilit...

0
0
0
16h ago

CVE-2026-42897

Overview

Microsoft
Microsoft Exchange Server 2016 Cumulative Update 23

14 May 2026

Published

16 May 2026

Updated

CVSS v3.1

HIGH (8.1)

EPSS

12.34%

MITRE

KEV

Description

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

Statistics

5 Posts
1 Interaction

Last activity: 3 hours ago

Fediverse

Michael I Ransier @thecybermind

This week’s intelligence brief covers active exploitation of Cisco SD-WAN (CVE-2026-20182), Microsoft Exchange CVE-2026-42897, PAN-OS RCE, AI-driven vulnerability discovery acceleration, SaaS tenant failures, and the emerging risks of autonomous AI agents inside enterprise environments.

https://thecybermind.co/2026/05/17/weekly-cyber-intelligence-brief-17may26/?utm_source=mastodon&utm_medium=jetpack_social

0
0
0
19h ago

Bluesky

Philippe Vynckier @pvynckier.bsky.social

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email thehackernews.com/2026/05/on-p...

0
1
0
19h ago

セキュリティ対策Lab @securitylab-jp.bsky.social

Microsoft Exchange Serverのゼロデイ脆弱性 CVE-2026-42897がサイバー攻撃へ悪用 rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #DataBreach #securitynews

0
0
0
4h ago

キタきつね @kitafox.bsky.social

オンプレミスのMicrosoft Exchange Serverの脆弱性CVE-2026-42897が、細工されたメールを介して悪用される On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email #HackerNews (May 15) thehackernews.com/2026/05/on-p...

0
0
0
3h ago

キタきつね @kitafox.bsky.social

CISAが既知の悪用された脆弱性を1件カタログに追加 CISA Adds One Known Exploited Vulnerability to Catalog #CISA (May 15) CVE-2026-42897 Microsoft Exchange Serverのクロスサイトスクリプティングの脆弱性 www.cisa.gov/news-events/...

0
0
0
3h ago

CVE-2026-20182

Overview

Cisco
Cisco Catalyst SD-WAN Manager

14 May 2026

Published

15 May 2026

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

31.70%

MITRE

KEV

Description

May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The section of this advisory includes Show Control Connections guidance to help with system checks.  A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to the affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.

Statistics

3 Posts

Last activity: 3 hours ago

Fediverse

Michael I Ransier @thecybermind

This week’s intelligence brief covers active exploitation of Cisco SD-WAN (CVE-2026-20182), Microsoft Exchange CVE-2026-42897, PAN-OS RCE, AI-driven vulnerability discovery acceleration, SaaS tenant failures, and the emerging risks of autonomous AI agents inside enterprise environments.

https://thecybermind.co/2026/05/17/weekly-cyber-intelligence-brief-17may26/?utm_source=mastodon&utm_medium=jetpack_social

0
0
0
19h ago

Bluesky

Philippe Vynckier @pvynckier.bsky.social

CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits thehackernews.com/2026/05/cisa...

0
0
0
20h ago

キタきつね @kitafox.bsky.social

Ciscoが、悪用されている別のSD-WANゼロデイ脆弱性（CVE-2026-20182）に対するパッチを公開 Cisco patches another actively exploited SD-WAN zero-day (CVE-2026-20182) #HelpNetSecurity (May 15) www.helpnetsecurity.com/2026/05/15/c...

0
0
0
3h ago

CVE-2026-43284

Overview

Linux
Linux

08 May 2026

Published

14 May 2026

Updated

CVSS v3.1

HIGH (8.8)

EPSS

0.01%

MITRE

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(), so later paths that may modify packet data can first make a private copy. The IPv4/IPv6 datagram append paths did not set this flag when splicing pages into UDP skbs. That leaves an ESP-in-UDP packet made from shared pipe pages looking like an ordinary uncloned nonlinear skb. ESP input then takes the no-COW fast path for uncloned skbs without a frag_list and decrypts in place over data that is not owned privately by the skb. Mark IPv4/IPv6 datagram splice frags with SKBFL_SHARED_FRAG, matching TCP. Also make ESP input fall back to skb_cow_data() when the flag is present, so ESP does not decrypt externally backed frags in place. Private nonlinear skb frags still use the existing fast path. This intentionally does not change ESP output. In esp_output_head(), the path that appends the ESP trailer to existing skb tailroom without calling skb_cow_data() is not reachable for nonlinear skbs: skb_tailroom() returns zero when skb->data_len is nonzero, while ESP tailen is positive. Thus ESP output will either use the separate destination-frag path or fall back to skb_cow_data().

Statistics

4 Posts
10 Interactions

Last activity: 13 hours ago

Fediverse

matsuu @matsuu

Dirty Pipe→Copy Fail→Dirty Flag
---
Dirty Frag (CVE-2026-43284/43500) — Copy Failの暫定策が効かない理由と未パッチ期の管理者対応
https://zenn.dev/linuxmaster/articles/dirty-frag-cve-2026-43284-43500
#bookmarks

1
0
0
13h ago

Christoph Schmees @PC_Fluesterer

Ist die Aufregung um die neuen Linux-Fehler berechtigt?

Radio Eriwan antwortet: Das kommt darauf an. Nämlich darauf, ob wir von einem Arbeitsplatz-Rechner reden oder von einem Server. Arbeitsplatz-Rechner sind nicht betroffen. - Die Rede ist von drei neu entdeckten Sicherheitslücken im Linux-Kernel:

CVE-2026-43284 ("Dirty Frag")*,
CVE-2026-43500 ("Copy Fail 2") und
CVE-2026-46300 ("Fragnesia").

Die stecken in Server-Funktionen für VPN-Zugriff über IPSec und für das verteilte Dateisystem AFS. Sie ermöglichen eine lokale Privilegien-Eskalation (LPE).

Um eine LPE Sicherheitslücke auszunutzen, muss ein/e Benutzer/in angemeldet sein, also entweder am Terminal vorm Rechner sitzen, oder eher

https://www.pc-fluesterer.info/wordpress/2026/05/17/ist-die-aufregung-um-die-neuen-linux-fehler-berechtigt/

#Allgemein #Hintergrund #cybercrime #exploits #linux #sicherheit #wissen

6
3
0
20h ago

github.com/ghostwriter @ghostwriter

#DirtyFrag #vulnerability: Universal Linux LPE

Obtains root privileges on major Linux distributions by chaining the xfrm-ESP Page-Cache Write (CVE-2026-43284) vulnerability and the RxRPC Page-Cache Write (CVE-2026-43500) vulnerability.

https://github.com/V4bel/dirtyfrag

#CVE

0
0
0
15h ago

Sourceware @sourceware

To make sure the latest linux kernel security issues (CVE-2026-43284, CVE-2026-43500, CVE-2026-46300, CVE-2026-46333) are properly patched we have rebooted various systems (again).

Specifically you might have seen interruptions for starfive-{1-4}, debian-i386, debian-i386-2, debian-armhf, snapshots, osuosl-arm64, osuosl-arm64-2, sw3bb1, sw3bb2, sw3runner1, sw3runner2, sourceware-builder3, rh-ospo-sourceware01, forge and forge-stage.

0
0
0
16h ago

CVE-2026-43500

Overview

Linux
Linux

11 May 2026

Published

17 May 2026

Updated

CVSS

Pending

EPSS

0.01%

MITRE

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpc_input_call_event() and the RESPONSE handler in rxrpc_verify_response() copy the skb to a linear one before calling into the security ops only when skb_cloned() is true. An skb that is not cloned but still carries externally-owned paged fragments (e.g. SKBFL_SHARED_FRAG set by splice() into a UDP socket via __ip_append_data, or a chained skb_has_frag_list()) falls through to the in-place decryption path, which binds the frag pages directly into the AEAD/skcipher SGL via skb_to_sgvec(). Extend the gate to also unshare when skb_has_frag_list() or skb_has_shared_frag() is true. This catches the splice-loopback vector and other externally-shared frag sources while preserving the zero-copy fast path for skbs whose frags are kernel-private (e.g. NIC page_pool RX, GRO). The OOM/trace handling already in place is reused.

Statistics

3 Posts
9 Interactions

Last activity: 15 hours ago

Fediverse

Christoph Schmees @PC_Fluesterer

Ist die Aufregung um die neuen Linux-Fehler berechtigt?

Radio Eriwan antwortet: Das kommt darauf an. Nämlich darauf, ob wir von einem Arbeitsplatz-Rechner reden oder von einem Server. Arbeitsplatz-Rechner sind nicht betroffen. - Die Rede ist von drei neu entdeckten Sicherheitslücken im Linux-Kernel:

CVE-2026-43284 ("Dirty Frag")*,
CVE-2026-43500 ("Copy Fail 2") und
CVE-2026-46300 ("Fragnesia").

Die stecken in Server-Funktionen für VPN-Zugriff über IPSec und für das verteilte Dateisystem AFS. Sie ermöglichen eine lokale Privilegien-Eskalation (LPE).

Um eine LPE Sicherheitslücke auszunutzen, muss ein/e Benutzer/in angemeldet sein, also entweder am Terminal vorm Rechner sitzen, oder eher

https://www.pc-fluesterer.info/wordpress/2026/05/17/ist-die-aufregung-um-die-neuen-linux-fehler-berechtigt/

#Allgemein #Hintergrund #cybercrime #exploits #linux #sicherheit #wissen

6
3
0
20h ago

github.com/ghostwriter @ghostwriter

#DirtyFrag #vulnerability: Universal Linux LPE

Obtains root privileges on major Linux distributions by chaining the xfrm-ESP Page-Cache Write (CVE-2026-43284) vulnerability and the RxRPC Page-Cache Write (CVE-2026-43500) vulnerability.

https://github.com/V4bel/dirtyfrag

#CVE

0
0
0
15h ago

Sourceware @sourceware

To make sure the latest linux kernel security issues (CVE-2026-43284, CVE-2026-43500, CVE-2026-46300, CVE-2026-46333) are properly patched we have rebooted various systems (again).

Specifically you might have seen interruptions for starfive-{1-4}, debian-i386, debian-i386-2, debian-armhf, snapshots, osuosl-arm64, osuosl-arm64-2, sw3bb1, sw3bb2, sw3runner1, sw3runner2, sourceware-builder3, rh-ospo-sourceware01, forge and forge-stage.

0
0
0
16h ago

CVE-2024-49767

Overview

pallets
werkzeug

25 Oct 2024

Published

03 Jan 2025

Updated

CVSS v4.0

MEDIUM (6.9)

EPSS

1.09%

MITRE

KEV

Description

Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively simple but effective resource exhaustion (denial of service) attack. A specifically crafted form submission request can cause the parser to allocate and block 3 to 8 times the upload size in main memory. There is no upper limit; a single upload at 1 Gbit/s can exhaust 32 GB of RAM in less than 60 seconds. Werkzeug version 3.0.6 fixes this issue.

Statistics

1 Post
2 Interactions

Last activity: 7 hours ago

Fediverse

defnull @defnull

How not to handle reported security issues: https://defnull.de/2024/CVE-2024-49767_flask/#timeline

#cve #infosec

1
1
0
7h ago

CVE-2026-6479

Overview

PostgreSQL

14 May 2026

Published

14 May 2026

Updated

CVSS v3.1

HIGH (7.5)

EPSS

0.04%

MITRE

KEV

Description

Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.

Statistics

1 Post
1 Interaction

Last activity: 12 hours ago

Fediverse

matsuu @matsuu

多くの脆弱性対応含む。CVE-2026-6479の謝辞に "Claude and Anthropic Research" の記述があるが、これってClaude Mythosだったりするんかな。
---
PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 Released!
https://www.postgresql.org/about/news/postgresql-184-1710-1614-1518-and-1423-released-3297/
#bookmarks

1
0
0
12h ago

CVE-2026-33017

Overview

langflow-ai
langflow

20 Mar 2026

Published

26 Mar 2026

Updated

CVSS v4.0

CRITICAL (9.3)

EPSS

43.64%

MITRE

KEV

Description

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data (containing arbitrary Python code in node definitions) instead of the stored flow data from the database. This code is passed to exec() with zero sandboxing, resulting in unauthenticated remote code execution. This is distinct from CVE-2025-3248, which fixed /api/v1/validate/code by adding authentication. The build_public_tmp endpoint is designed to be unauthenticated (for public flows) but incorrectly accepts attacker-supplied flow data containing arbitrary executable code. This issue has been fixed in version 1.9.0.

Statistics

1 Post
1 Interaction

Last activity: 19 hours ago

Bluesky

Philippe Vynckier @pvynckier.bsky.social

Langflow CVE-2026-33017 Exploited to Steal AWS Keys, Deploy NATS Worker gbhackers.com/langflow-cve...

0
1
0
19h ago

CVE-2012-1182

Overview

Pending

10 Apr 2012

Published

06 Aug 2024

Updated

CVSS

Pending

EPSS

78.55%

MITRE

KEV

Description

The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.

Statistics

1 Post
1 Interaction

Last activity: 6 hours ago

Fediverse

AnalogFeelings @analog_feelings

anyone knows how to exploit CVE-2012-1182 in samba? I wanna execute shell commands as root on an old router, so that I can get ssh/telnet access

0
1
0
6h ago