Nginx

Security researchers disclose nginx-poolslip, an unpatched zero-day in NGINX 1.31.0 that defeats ASLR protection. Millions of servers at risk with no CVE or fix available yet.

CVE-2026-42945 is a critical heap buffer overflow in NGINX's rewrite module that went undetected since 2008. CVSS 9.2 with public PoC available—patch now.

Over 1,000 IPs exploit CVE-2025-55182 to inject malicious NGINX configs that redirect web traffic through attacker infrastructure, targeting Asian government and education sites.