Analyst20750m ago

NGINX Flaw CVE-2026-42945 Actively Exploited, Threatens Worker Crashes and RCE

A newly discovered NGINX flaw, CVE-2026-42945, is being actively exploited, posing a significant threat of worker crashes and remote code execution (RCE) through specially crafted HTTP requests. This high-severity vulnerability, with a CVSS score of 9.2, has been lurking in NGINX versions since 2008,…

https://osintsights.com/nginx-flaw-cve-2026-42945-actively-exploited-threatens-worker-crashes-and-rce?utm_source=mastodon&utm_medium=social

#Nginx #Cve202642945 #RemoteCodeExecution #HeapBufferOverflow #VulnerabilityExploitation

NGINX Flaw CVE-2026-42945 Actively Exploited, Threatens Worker Crashes and RCE

Learn how to protect against CVE-2026-42945, a critical NGINX flaw that can lead to worker crashes and RCE, and take immediate action to secure your systems now.

OSINTSights
Schwerdtfegr (beta)4h ago

Aber nginx ist doch ein sichererer websörver als apache

Nginx-Webserver sollen sich durch eine seit 2008 präsente Lücke zum Absturz bringen lassen. Manchmal ist wohl auch eine Schadcodeausführung möglich

Huj, seit achtzehn jahren. Dieses kleine problemchen ist ja richtig erwaxen geworden…

#Fail #Golem #Link #nginx #Security #Webserver
Webserver gefährdet: 18 Jahre alte Sicherheitslücke in Nginx entdeckt - Golem.de

Nginx-Webserver sollen sich durch eine seit 2008 präsente Lücke zum Absturz bringen lassen. Manchmal ist wohl auch eine Schadcodeausführung möglich.

Golem.de
Show threadFossery Tech  5h ago

(more Linux and FOSS news in previous posts of thread)

Godot 4.7 Beta 2 Released with Over 100 Regression Fixes for Testing:
https://www.linuxcompatible.org/story/godot-47-beta-2-released/

Zed 1.2.4 released with updates to agent system, git history navigation, etc.:
https://www.linuxcompatible.org/story/zed-124-released/

Apache NetBeans IDE 30 Released: Faster Git, Better Java Completion, and PHP 8.5 Support:
https://www.linuxcompatible.org/story/apache-netbeans-ide-30-released/

Python 3.14.5 released with Incremental Garbage Collector reverted:
https://www.linuxcompatible.org/story/python-3145-released/

Node.js 22.22.3 (LTS) released:
https://www.linuxcompatible.org/story/nodejs-22223-lts-released/

nginx-1.31.0 Mainline Release Patches HTTP/2 Injection and Adds Least Time Load Balancing:
https://www.linuxcompatible.org/story/nginx-1310-released/

Tailwind CSS v4.3: scrollbar utilities, new colors, and faster webpack support:
https://alternativeto.net/news/2026/5/tailwind-css-v4-3-scrollbar-utilities-new-colors-and-faster-webpack-support/

BleachBit’s new TUI makes it perfect for headless servers:
https://www.omgubuntu.co.uk/2026/05/bleachbit-tui

OpenProject 17.4 brings Jira Migrator with custom fields & backlog updates for agile teams:
https://alternativeto.net/news/2026/5/openproject-17-4-brings-jira-migrator-with-custom-fields-and-backlog-updates-for-agile-teams/

Vulkan 1.4.351 adds Opacity Micromaps to ray tracing:
https://www.igorslab.de/en/vulkan-1-4-351-opacity-micromaps-ray-tracing/

FreeBSD 15.2 Will Aim For The Nice KDE Desktop Installation Experience:
https://www.phoronix.com/news/FreeBSD-15.2-KDE-Desktop

Sculpt OS release 26.04:
https://genode.org/news/sculpt-os-release-26.04

#WeeklyNews #OpenSource #FOSSNews #OpenSourceNews #FOSS #News #Godot #Zed #NetBeans #Python #NodeJS #Nginx #Tailwind #BleachBit #OpenProject #Vulkan #FreeBSD #SculptOS #GameDev #IDE #CodeEditor #Programming #ProgrammingLanguage #WebServer #WebDev #SelfHosting #OS #BSD #FosseryTech

Godot 4.7 Beta 2 released

Godot 4.7 beta 2 has arrived with over one hundred regression fixes aimed at stabilizing the engine after the first beta release. Key improvements include patching a critical resource loading race condition, refining HDR support for Wayland systems, and removing experimental warnings from Android Gradle builds.

Linux Compatible
mastodon.raddemo.host18h ago
🚀 Install and Run Self-hosted #Mattermost Instance on Linux #VPS This article provides a comprehensive guide to install and run self-hosted Mattermost instance on Linux VPS (Ubuntu/Debian). This guide will set up Mattermost with #PostgreSQL and #NGINX as a reverse proxy with HTTPS.
What is Mattermost?
Mattermost is a self-hosted, open-source collaboration platform ...
Continued 👉 https://blog.radwebhosting.com/self-hosted-mattermost-instance/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.raddemo.host #letsencrypt #reverseproxy #selfhosting #selfhosted #unifiedcommunications #opensource
OffSequence1d ago
🚨 PoC code for CRITICAL NGINX vuln (CVE-2026-42945) now public! Heap buffer overflow in ngx_http_rewrite_module — can cause DoS or RCE if ASLR is disabled. Patch NGINX Plus/open source ASAP. https://radar.offseq.com/threat/poc-code-published-for-critical-nginx-vulnerabilit-3d78edaa #OffSeq #NGINX #Vuln #InfoSec
bot1d ago

Passenger 6.1.1 릴리스: Ruby 4 호환성 개선 및 Nginx 업로드 버그 수정

Nginx 모듈에서 요청 버퍼링을 끌 경우 대용량 본문 데이터가 손상되던 치명적인 버그를 해결했다.

🔗 원문 보기

Passenger 6.1.1 릴리스: Ruby 4 호환성 개선 및 Nginx 업로드 버그 수정

Nginx 모듈에서 요청 버퍼링을 끌 경우 대용량 본문 데이터가 손상되던 치명적인 버그를 해결했다.

Ruby-News | 루비 AI 뉴스
Bill1d ago

Nice writeup of NGINX Rift by @securityaffairs.

https://securityaffairs.com/192132/hacking/nginx-rift-an-18-year-old-flaw-in-the-worlds-most-deployed-web-server-just-came-to-light.html

#vulnerability #nginx

NGINX Rift: an 18-year-old flaw in the world's most deployed web server just came to light

Researchers found a critical 18-year-old buffer overflow flaw in NGINX, tracked as CVE-2026-42945 and named NGINX Rift.

Security Affairs
Steve's Place1d ago

This vulnerability affects Mastodon servers.

https://social.linux.pizza/@MichaelRoss/116581163812957512

#nginx #Linux #Mastodon

지지 ᚠᚱᛖᛃᚨ Daniel 黄法官 CyReVolt1d ago
I was wondering why none of my #FreeBSD systems got the latest #nginx - so I searched... and it took me a good hour again to figure out that the OS is by default insecure; you need to actively change the repo settings in order to get recent software with bug fixes - latest instead of quarterly:
https://unix.stackexchange.com/questions/483990/change-between-quarterly-and-latest-package-set-used-by-pkg-tool-in-freebs
Change between `quarterly` and `latest` package set used by `pkg` tool in FreeBSD

The pkg tool in FreeBSD is usually set to draw upon either the quarterly or latest package set. The latest set may churn more often with updates, while the quarterly is meant to be more stable but ...

Unix & Linux Stack Exchange
BjoernAusGE2d ago
Top Lücke in Nginx die den Server zum Absturz bringen kann und potentiell zur Schadcodeausführung taugt. Und noch kein Patch in Debian ausser Sid. https://security-tracker.debian.org/tracker/CVE-2026-42945
#linux #nginx #debian
CVE-2026-42945