现在我也不知道这频道发了啥了，各位慢慢吃瓜，将就着看联系我请去 @abc1763613206友链儿@cyberElaina@rvalue_daily@billchenlahttps://channel.0w0.besthttps://channel.0w0.best/posts/7308https://channel.0w0.best/posts/7308Thu, 14 May 2026 03:08:56 GMT<i><b>🔴</b></i> <mark>NGINX</mark> http_rewrite 模块漏洞；或会导致堆溢出甚至远程代码执行。<br /><br />- 漏洞的起因是 <mark>nginx</mark> 尝试将 escape 过的 URL 写入未 escape 长度的内存。<br />- 在 ASLR 未被开启的情况下，可以导致远程代码执行。<br />- 修复已于 1.30.1/1.31.0 发布。<br /><br />1. <a href="https://depthfirst.com/nginx-rift" target="_blank">https://depthfirst.com/nginx-rift</a><br />2. <a href="https://my.f5.com/manage/s/article/K000161019" target="_blank">my.f5.com/~</a><br /><br />CVE: CVE-2026-42945<br />CVSS: 9.2 (F5 Networks)<br />Affect: [0.6.27, 1.30.0]<br />Fixed-At: 1.30.1, 1.31.0<br /><br /><a href="/search/%23nginx">#nginx</a><a href="https://depthfirst.com/nginx-rift" target="_blank"> <div>Depthfirst</div> <img class="link_preview_image" alt="NGINX Rift" src="/static/https://cdn4.telesco.pe/file/bMyDP48Z0UepnZgDEfLQ8k6j8EQ62WG5V9OA3Xaqvzgbn5MDExQHb7uG8OEfOqalZUFW77UUkDqKFRi7FLndJBqMeYFQvz7qrUhcNFGKyc2piBeqHfdmMstwJLVJIjyo7ERL-nMqFxYKB2bXpcJvgjOIUOk1ur9MsYZNvwQyuGeHp_1yen3BU9OeKXjhU5Qmw1zABHBXhu35zW9vc5tMDfz_4QyHugtMvTpKUtRfYFYn3XrSNoQWYIyC0m5eI_C5wHPiFymYxbONmFHPevtohXH6sm8FJeG7gi3FQRPw5JTvq2AnT7lkhtCzqF20Gf62V-TaZqqLO4R7wcYU_PQ0ag.jpg" loading="lazy" /> <div><mark>NGINX</mark> Rift</div> <div>An 18 year old memory corruption flaw in <mark>NGINX</mark> Plus and <mark>NGINX</mark> Open Source lets an unauthenticated attacker crash worker processes or execute remote code with crafted HTTP requests.</div> </a>