[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"all-banners":3,"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0":40,"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU":47,"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU":53,"vulnerability-29347":60},[4,15,24,29,35],{"title":5,"slug":6,"text":7,"link":8,"external":9,"targets":10,"cta":12,"variant":13,"campaign_id":14},"NGINX Rift free scanner - CVE-2026-42945 - CVE Page","nginx-rift-cve-page","🚨 New: FREE SCANNER for NGINX Rift (CVE-2026-42945). No account needed.","https://pentest-tools.com/network-vulnerability-scanning/cve-2026-42945-scanner-nginx-rift",true,[11],"/vulnerabilities-exploits/nginx-heap-buffer-overflow_29311","Scan for free","secondary","nginx-rift",{"title":16,"slug":17,"text":18,"link":19,"external":9,"targets":20,"cta":22,"variant":23,"campaign_id":14},"NGINX Rift free scanner - CVE-2026-42945 - Network Scanner","nginx-rift-network-scanner","🚨 Detection for NGINX Rift (CVE-2026-42945) now live. Are you exposed?","https://pentest-tools.com/pricing",[21],"/network-vulnerability-scanning/network-security-scanner-online","Find out with any plan","primary",{"title":25,"slug":26,"text":18,"link":19,"external":9,"targets":27,"cta":22,"variant":23,"campaign_id":14},"NGINX Rift free scanner - CVE-2026-42945 - Port Scanner","nginx-rift-port-scanner",[28],"/network-vulnerability-scanning/port-scanner-online-nmap",{"title":30,"slug":31,"text":32,"link":8,"external":9,"targets":33,"cta":12,"variant":13,"campaign_id":14},"NGINX Rift free scanner - CVE-2026-42945 - VulnDB Index","nginx-rift-vulndb","🚨 New: free scanner for NGINX Rift (CVE-2026-42945). Check your targets now.",[34],"/vulnerabilities-exploits",{"title":36,"slug":37,"text":32,"link":8,"external":9,"targets":38,"cta":12,"variant":13,"campaign_id":14},"NGINX Rift free scanner - CVE-2026-42945 -blog","nginx-rift-blog",[39],"/blog",["Island",41],{"key":42,"params":43,"result":45},"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0",{"props":44},"{}",{"head":46},{},["Island",48],{"key":49,"params":50,"result":51},"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU",{"props":44},{"head":52},{},["Island",54],{"key":55,"params":56,"result":58},"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU",{"props":57},"{\"text-color\":\"gray\"}",{"head":59},{},{"id":61,"detectable_with":62,"vuln_details":69,"vuln_id":84,"name":85,"published":86,"updated":70},29347,{"tool":63,"engine":66},{"id":64,"name":65},1,"Network Scanner",{"id":67,"name":68},2,"Nuclei",{"id":61,"codename":70,"description":70,"severity":71,"risk_description":72,"public_description":73,"public_recommendation":74,"recommendation":70,"references":75,"cvssv3":80,"epss_score":70,"epss_percentile":70,"cve":81,"in_cisa_catalog":83,"date":70,"software_type":70,"vendor":70,"product":70,"ptt_exploit_capabilities":70},null,"high","Unauthenticated attackers can exfiltrate proprietary application source code, embedded secrets (API keys, database credentials, cloud provider keys), and internal infrastructure configuration from private container images.","Gitea \u003C 1.26.2 allows unauthenticated remote attackers to pull private container images.The /v2/token endpoint grants anonymous ghost tokens (UserID:-1) with no scope restriction.The ReqContainerAccess middleware does not check package owner visibility, so ghost users can enumerate all container repositories via /_catalog and pull any private image layer.","Upgrade to Gitea >= 1.26.2. As a temporary workaround, set REQUIRE_SIGNIN_VIEW=true in gitea app.ini, though this blocks all anonymous access including public repos.",[76,77,78,79],"https://blog.gitea.com/release-of-1.26.2/","https://github.com/go-gitea/gitea/pull/37290","https://github.com/go-gitea/gitea/pull/37610","https://orca.security/resources/blog/gitea-container-registry-vulnerability/",7.5,[82],"CVE-2026-27771",false,"NETSCAN-NUCLEI-CVE-CVE-2026-27771","Gitea Container Registry - Unauthorized Private Image Access","2026-05-31T00:00:00Z"]