https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 22 Jun 2026 20:07:51 +0000 https://vulnerability.circl.lu/sighting/db454273-c696-4665-b4b6-6a9665935bea/export {"uuid": "db454273-c696-4665-b4b6-6a9665935bea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42530", "type": "seen", "source": "https://infosec.exchange/users/beyondmachines1/statuses/116775720185561378", "content": "F5 Patches Critical Remote Code Execution Flaws in NGINX Open Source and Plus\nF5 addressed two critical vulnerabilities (CVE-2026-42530 and CVE-2026-42055) in NGINX that allow unauthenticated remote code execution or denial-of-service. The flaws affect NGINX Open Source, NGINX Plus, and several related gateway and controller products.\n**If you run NGINX (Open Source, Plus, Ingress Controller, Gateway Fabric, Instance Manager, or App Protect WAF), update immediately to the fixed versions F5 released: NGINX Open Source 1.31.2 or 1.30.3, and NGINX Plus 37.0.2.1 or R36 P6. If you can't patch right away, temporarily disable HTTP/3 by removing \"quic\" from all listen directives, and remove the \"ignore_invalid_headers off\" directive or shrink \"large_client_header_buffers\" to block these attacks until you update.**#cybersecurity #infosec #advisory #vulnerabilityhttps://beyondmachines.net/event_details/f5-patches-critical-remote-code-execution-flaws-in-nginx-open-source-and-plus-q-l-g-f-a/gD2P6Ple2L", "creation_timestamp": "2026-06-19T13:20:05.850994Z"} {"uuid": "db454273-c696-4665-b4b6-6a9665935bea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42530", "type": "seen", "source": "https://infosec.exchange/users/beyondmachines1/statuses/116775720185561378", "content": "F5 Patches Critical Remote Code Execution Flaws in NGINX Open Source and Plus\nF5 addressed two critical vulnerabilities (CVE-2026-42530 and CVE-2026-42055) in NGINX that allow unauthenticated remote code execution or denial-of-service. The flaws affect NGINX Open Source, NGINX Plus, and several related gateway and controller products.\n**If you run NGINX (Open Source, Plus, Ingress Controller, Gateway Fabric, Instance Manager, or App Protect WAF), update immediately to the fixed versions F5 released: NGINX Open Source 1.31.2 or 1.30.3, and NGINX Plus 37.0.2.1 or R36 P6. If you can't patch right away, temporarily disable HTTP/3 by removing \"quic\" from all listen directives, and remove the \"ignore_invalid_headers off\" directive or shrink \"large_client_header_buffers\" to block these attacks until you update.**#cybersecurity #infosec #advisory #vulnerabilityhttps://beyondmachines.net/event_details/f5-patches-critical-remote-code-execution-flaws-in-nginx-open-source-and-plus-q-l-g-f-a/gD2P6Ple2L", "creation_timestamp": "2026-06-19T13:20:05.850994Z"} https://vulnerability.circl.lu/sighting/db454273-c696-4665-b4b6-6a9665935bea/export Fri, 19 Jun 2026 13:20:05 +0000 https://vulnerability.circl.lu/sighting/62ea966c-9a8e-4737-967a-8aaa917156ac/export {"uuid": "62ea966c-9a8e-4737-967a-8aaa917156ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42530", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3monjucmz5s2h", "content": "F5 Patches Critical NGINX Vulnerabilities Enabling Unauthenticated Code Execution\n\nF5 released emergency updates for critical NGINX flaws (CVE-2026-42530, CVE-2026-42055) that could enable unauthenticated code execution. F5 has issued out-of-band patches for multiple NGINX vulnera\u2026\n#hackernews #news", "creation_timestamp": "2026-06-19T14:17:40.994156Z"} {"uuid": "62ea966c-9a8e-4737-967a-8aaa917156ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42530", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3monjucmz5s2h", "content": "F5 Patches Critical NGINX Vulnerabilities Enabling Unauthenticated Code Execution\n\nF5 released emergency updates for critical NGINX flaws (CVE-2026-42530, CVE-2026-42055) that could enable unauthenticated code execution. F5 has issued out-of-band patches for multiple NGINX vulnera\u2026\n#hackernews #news", "creation_timestamp": "2026-06-19T14:17:40.994156Z"} https://vulnerability.circl.lu/sighting/62ea966c-9a8e-4737-967a-8aaa917156ac/export Fri, 19 Jun 2026 14:17:40 +0000 https://vulnerability.circl.lu/sighting/00b6b307-7f11-4e14-a88a-587dce6fd8ff/export {"uuid": "00b6b307-7f11-4e14-a88a-587dce6fd8ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42530", "type": "seen", "source": "https://bsky.app/profile/toxy4ny.bsky.social/post/3moory7o7bs2s", "content": "Friday fuck-up) this time F5-Nginx - The vulnerabilities have been assigned the identifiers CVE-2026-42530 and CVE-2026-42055 and received a CVSS score of 9.2. They allow an unauthenticated remote attacker to trigger a denial-of-service (DoS) condition or achieve arbitrary code execution.", "creation_timestamp": "2026-06-19T16:15:53.130998Z"} {"uuid": "00b6b307-7f11-4e14-a88a-587dce6fd8ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42530", "type": "seen", "source": "https://bsky.app/profile/toxy4ny.bsky.social/post/3moory7o7bs2s", "content": "Friday fuck-up) this time F5-Nginx - The vulnerabilities have been assigned the identifiers CVE-2026-42530 and CVE-2026-42055 and received a CVSS score of 9.2. They allow an unauthenticated remote attacker to trigger a denial-of-service (DoS) condition or achieve arbitrary code execution.", "creation_timestamp": "2026-06-19T16:15:53.130998Z"} https://vulnerability.circl.lu/sighting/00b6b307-7f11-4e14-a88a-587dce6fd8ff/export Fri, 19 Jun 2026 16:15:53 +0000 https://vulnerability.circl.lu/sighting/94685b2a-a351-41e7-b0d1-f0036834f8ab/export {"uuid": "94685b2a-a351-41e7-b0d1-f0036834f8ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42530", "type": "seen", "source": "https://bsky.app/profile/toxy4ny.bsky.social/post/3moory7oj2c2s", "content": "Friday fuck-up) this time F5-Nginx - The vulnerabilities have been assigned the identifiers CVE-2026-42530 and CVE-2026-42055 and received a CVSS score of 9.2. They allow an unauthenticated remote attacker to trigger a denial-of-service (DoS) condition or achieve arbitrary code execution.", "creation_timestamp": "2026-06-19T16:15:54.954092Z"} {"uuid": "94685b2a-a351-41e7-b0d1-f0036834f8ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42530", "type": "seen", "source": "https://bsky.app/profile/toxy4ny.bsky.social/post/3moory7oj2c2s", "content": "Friday fuck-up) this time F5-Nginx - The vulnerabilities have been assigned the identifiers CVE-2026-42530 and CVE-2026-42055 and received a CVSS score of 9.2. They allow an unauthenticated remote attacker to trigger a denial-of-service (DoS) condition or achieve arbitrary code execution.", "creation_timestamp": "2026-06-19T16:15:54.954092Z"} https://vulnerability.circl.lu/sighting/94685b2a-a351-41e7-b0d1-f0036834f8ab/export Fri, 19 Jun 2026 16:15:54 +0000 https://vulnerability.circl.lu/sighting/905daf71-3a8f-418f-8eda-da2592f6390d/export {"uuid": "905daf71-3a8f-418f-8eda-da2592f6390d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42530", "type": "seen", "source": "https://bsky.app/profile/toxy4ny.bsky.social/post/3moory7oly22s", "content": "Friday fuck-up) this time F5-Nginx - The vulnerabilities have been assigned the identifiers CVE-2026-42530 and CVE-2026-42055 and received a CVSS score of 9.2. They allow an unauthenticated remote attacker to trigger a denial-of-service (DoS) condition or achieve arbitrary code execution.", "creation_timestamp": "2026-06-19T16:15:56.815848Z"} {"uuid": "905daf71-3a8f-418f-8eda-da2592f6390d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42530", "type": "seen", "source": "https://bsky.app/profile/toxy4ny.bsky.social/post/3moory7oly22s", "content": "Friday fuck-up) this time F5-Nginx - The vulnerabilities have been assigned the identifiers CVE-2026-42530 and CVE-2026-42055 and received a CVSS score of 9.2. They allow an unauthenticated remote attacker to trigger a denial-of-service (DoS) condition or achieve arbitrary code execution.", "creation_timestamp": "2026-06-19T16:15:56.815848Z"} https://vulnerability.circl.lu/sighting/905daf71-3a8f-418f-8eda-da2592f6390d/export Fri, 19 Jun 2026 16:15:56 +0000 https://vulnerability.circl.lu/sighting/bfd5507b-8375-44ce-abfe-dff569584faf/export {"uuid": "bfd5507b-8375-44ce-abfe-dff569584faf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42530", "type": "seen", "source": "https://bsky.app/profile/r-netsec.bsky.social/post/3moo3tu7caf2s", "content": "Use-after-free in the QPACK encoder of nginx HTTP/3 - CVE-2026-42530", "creation_timestamp": "2026-06-19T19:39:32.454313Z"} {"uuid": "bfd5507b-8375-44ce-abfe-dff569584faf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42530", "type": "seen", "source": "https://bsky.app/profile/r-netsec.bsky.social/post/3moo3tu7caf2s", "content": "Use-after-free in the QPACK encoder of nginx HTTP/3 - CVE-2026-42530", "creation_timestamp": "2026-06-19T19:39:32.454313Z"} https://vulnerability.circl.lu/sighting/bfd5507b-8375-44ce-abfe-dff569584faf/export Fri, 19 Jun 2026 19:39:32 +0000 https://vulnerability.circl.lu/sighting/978e67c3-6215-478c-80b8-19a12555bfae/export {"uuid": "978e67c3-6215-478c-80b8-19a12555bfae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42530", "type": "seen", "source": "https://bsky.app/profile/kontronn.bsky.social/post/3mosijvo7222x", "content": "Nginx QUIC RCE Vulnerability CVE-2026-42530: Security Implications of HTTP/3 www.pudn.club/news/nginx-q...", "creation_timestamp": "2026-06-21T13:37:23.040427Z"} {"uuid": "978e67c3-6215-478c-80b8-19a12555bfae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42530", "type": "seen", "source": "https://bsky.app/profile/kontronn.bsky.social/post/3mosijvo7222x", "content": "Nginx QUIC RCE Vulnerability CVE-2026-42530: Security Implications of HTTP/3 www.pudn.club/news/nginx-q...", "creation_timestamp": "2026-06-21T13:37:23.040427Z"} https://vulnerability.circl.lu/sighting/978e67c3-6215-478c-80b8-19a12555bfae/export Sun, 21 Jun 2026 13:37:23 +0000 https://vulnerability.circl.lu/sighting/17e976ce-db30-4b86-a922-7b614c846cf8/export {"uuid": "17e976ce-db30-4b86-a922-7b614c846cf8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42530", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3motmkxha2v2m", "content": "\ud83d\udea8 ALERT: CVE-2026-42530\n\nCVSS 8.1/10\n\n\ud83d\udccb WHAT IT IS:\nNGINX Open Source has a vulnerability in the ngx_http_v3_module. When NGINX is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This may cause ", "creation_timestamp": "2026-06-22T00:22:06.060030Z"} {"uuid": "17e976ce-db30-4b86-a922-7b614c846cf8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42530", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3motmkxha2v2m", "content": "\ud83d\udea8 ALERT: CVE-2026-42530\n\nCVSS 8.1/10\n\n\ud83d\udccb WHAT IT IS:\nNGINX Open Source has a vulnerability in the ngx_http_v3_module. When NGINX is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This may cause ", "creation_timestamp": "2026-06-22T00:22:06.060030Z"} https://vulnerability.circl.lu/sighting/17e976ce-db30-4b86-a922-7b614c846cf8/export Mon, 22 Jun 2026 00:22:06 +0000 https://vulnerability.circl.lu/sighting/1c3a3d46-1081-4647-918c-c2b850193593/export {"uuid": "1c3a3d46-1081-4647-918c-c2b850193593", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42530", "type": "seen", "source": "https://bsky.app/profile/technoholic.bsky.social/post/3mourv4si7h22", "content": "F5 releases security updates for NGINX Open Source fixing CVE-2026-42530 (CVSS 9.2), a use-after-free flaw in ngx_http_v3_module that could allow remote code execution. Update now!", "creation_timestamp": "2026-06-22T11:29:55.861356Z"} {"uuid": "1c3a3d46-1081-4647-918c-c2b850193593", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42530", "type": "seen", "source": "https://bsky.app/profile/technoholic.bsky.social/post/3mourv4si7h22", "content": "F5 releases security updates for NGINX Open Source fixing CVE-2026-42530 (CVSS 9.2), a use-after-free flaw in ngx_http_v3_module that could allow remote code execution. Update now!", "creation_timestamp": "2026-06-22T11:29:55.861356Z"} https://vulnerability.circl.lu/sighting/1c3a3d46-1081-4647-918c-c2b850193593/export Mon, 22 Jun 2026 11:29:55 +0000 https://vulnerability.circl.lu/sighting/aa1b4f73-b1f5-4ef4-96b5-8f9e2d6b9fc2/export {"uuid": "aa1b4f73-b1f5-4ef4-96b5-8f9e2d6b9fc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42530", "type": "seen", "source": "https://infosec.exchange/ap/users/116710323468652980/statuses/116794392691446150", "content": "F5 Patches Critical NGINX RCE Bugs CVE-2026-42530/42055\n\ud83d\udd17 https://cybersecurefox.com/en/f5-critical-nginx-vulnerabilities-cve-2026-42530-42055\n#F5 #NGINX #CVE-2026-42530 #CVE-2026-42055 #HTTP/3 #vulnerability", "creation_timestamp": "2026-06-22T15:15:11.546523Z"} {"uuid": "aa1b4f73-b1f5-4ef4-96b5-8f9e2d6b9fc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42530", "type": "seen", "source": "https://infosec.exchange/ap/users/116710323468652980/statuses/116794392691446150", "content": "F5 Patches Critical NGINX RCE Bugs CVE-2026-42530/42055\n\ud83d\udd17 https://cybersecurefox.com/en/f5-critical-nginx-vulnerabilities-cve-2026-42530-42055\n#F5 #NGINX #CVE-2026-42530 #CVE-2026-42055 #HTTP/3 #vulnerability", "creation_timestamp": "2026-06-22T15:15:11.546523Z"} https://vulnerability.circl.lu/sighting/aa1b4f73-b1f5-4ef4-96b5-8f9e2d6b9fc2/export Mon, 22 Jun 2026 15:15:11 +0000