Skip to content
The Nexus
DossierENTITY

depthfirst

Coverage of depthfirst in the Nexus archive.

Earliest in view: May 14 · 06:00 UTCMost recent: Jun 12 · 22:13 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJun 12 · 22:13 UTCHACKER NEWS
    Twenty One Zero-Days in FFmpeg

    A research report by DepthFirst identifies 21 zero-day vulnerabilities in the FFmpeg multimedia framework, highlighting potential security risks.

  • SECURITYMay 18 · 13:02 UTCTHE REGISTER
    NGINX Rift attackers waste no time targeting exposed servers

    A newly disclosed NGINX bug, dubbed 'NGINX Rift', is being actively exploited by attackers, with over 5.7 million internet-exposed servers potentially vulnerable. The bug, assigned a CVSS score of 9.2, can cause a crashed worker process and forced restart, and potentially allow code execution in certain configurations. Researchers are seeing active exploitation attempts just days after the CVE was published.

  • SECURITYMay 17 · 11:57 UTCTHE HACKER NEWS
    NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

    A security flaw in NGINX Plus and NGINX Open is being actively exploited, causing worker crashes and possible remote code execution. The vulnerability, tracked as CVE-2026-42945, has a CVSS score of 9.2 and affects NGINX versions 0.6.27 through 1.30.0. The exploitation was reported by VulnCheck and depthfirst.

  • SECURITYMay 14 · 06:00 UTCTHE HACKER NEWS
    18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

    Cybersecurity researchers discovered multiple security vulnerabilities in NGINX Plus and NGINX Open, including a critical 18-year-old flaw that allows unauthenticated remote code execution. The vulnerability is a heap buffer overflow issue impacting ngx_http_rewrite_module with a CVSS v4 score of 9.2. This flaw could enable attackers to achieve remote code execution or cause crashes.

depthfirst · Dossier · The Nexus