[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-42945":6},{"stargazers_count":4,"fetched_at":5},5,"2026-05-15T08:03:46.741Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":24,"aliases":25,"duplicate_of":9,"upstream":26,"downstream":27,"duplicates":34,"related":35,"reserved_at":9,"published_at":36,"modified_at":37,"state":38,"summary":39,"references_raw":48,"kevs":64,"epss":65,"epss_history":68,"metrics":70,"affected":84},"CVE-2026-42945","NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR ) disabled, code execution is possible.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-122","Heap-based Buffer Overflow","A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().","weakness","Draft","Variant","High",[20],{"id":21,"name":22,"techniques":23},"CAPEC-92","Forced Integer Overflow",[],[],[],[],[28,30,32],{"_key":29},"DEBIAN-CVE-2026-42945",{"_key":31},"UBUNTU-CVE-2026-42945",{"_key":33},"ALPINE-CVE-2026-42945",[],[],"2026-05-13T14:12:43.971Z","2026-05-14T18:54:21.853Z","Awaiting Analysis",{"cisa_kev":40,"cisa_ransomware":40,"cisa_vendor":9,"epss_severity":41,"epss_score":42,"severity":43,"severity_score":44,"severity_version":45,"severity_source":46,"severity_vector":47,"severity_status":38},false,"low",0.00166,"critical",9.2,"v4.0","cve.org","CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",[49,56,60],{"url":50,"sources":51,"tags":53},"https://my.f5.com/manage/s/article/K000161019",[46,52],"nvd",[54,55],"Vendor Advisory","Patch",{"url":57,"sources":58,"tags":59},"https://depthfirst.com/nginx-rift",[46,52],[],{"url":61,"sources":62,"tags":63},"https://github.com/DepthFirstDisclosures/Nginx-Rift",[46,52],[],[],{"date":66,"score":42,"percentile":67},"2026-05-14",0.3722,[69],{"date":66,"score":42,"percentile":67},[71,80],{"source":46,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":72,"cvss_v4_0":78},{"baseScore":73,"baseSeverity":74,"vectorString":75,"impactScore":76,"exploitabilityScore":77},8.1,"HIGH","CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",9.8,5.6,{"baseScore":44,"baseSeverity":79,"vectorString":47,"impactScore":9,"exploitabilityScore":9},"CRITICAL",{"source":52,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":81,"cvss_v4_0":82},{"baseScore":73,"baseSeverity":74,"vectorString":75,"impactScore":76,"exploitabilityScore":77},{"baseScore":44,"baseSeverity":79,"vectorString":83,"impactScore":9,"exploitabilityScore":9},"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",[85,98],{"ecosystem":9,"name":86,"vendor":87,"product":88,"cpe_part":89,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":90},"NGINX Open Source","f5","nginx open source","a",[91],{"version":92,"is_range":93,"range_type":46,"version_start":94,"version_start_type":95,"version_end":96,"version_end_type":97,"fixed_in":9},">= 0.6.27, \u003C 1.30.1",true,"0.6.27","including","1.30.1","excluding",{"ecosystem":9,"name":99,"vendor":87,"product":100,"cpe_part":89,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":101},"NGINX Plus","nginx plus",[102,106],{"version":103,"is_range":93,"range_type":46,"version_start":104,"version_start_type":95,"version_end":105,"version_end_type":97,"fixed_in":9},">= R36, \u003C R36 P4","R36","R36 P4",{"version":107,"is_range":93,"range_type":46,"version_start":108,"version_start_type":95,"version_end":109,"version_end_type":97,"fixed_in":9},">= R32, \u003C R32 P6","R32","R32 P6"]