[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"all-banners":3,"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0":40,"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU":47,"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU":53,"vulnerability-29332":60},[4,15,24,29,35],{"title":5,"slug":6,"text":7,"link":8,"external":9,"targets":10,"cta":12,"variant":13,"campaign_id":14},"NGINX Rift free scanner - CVE-2026-42945 - CVE Page","nginx-rift-cve-page","🚨 New: FREE SCANNER for NGINX Rift (CVE-2026-42945). No account needed.","https://pentest-tools.com/network-vulnerability-scanning/cve-2026-42945-scanner-nginx-rift",true,[11],"/vulnerabilities-exploits/nginx-heap-buffer-overflow_29311","Scan for free","secondary","nginx-rift",{"title":16,"slug":17,"text":18,"link":19,"external":9,"targets":20,"cta":22,"variant":23,"campaign_id":14},"NGINX Rift free scanner - CVE-2026-42945 - Network Scanner","nginx-rift-network-scanner","🚨 Detection for NGINX Rift (CVE-2026-42945) now live. Are you exposed?","https://pentest-tools.com/pricing",[21],"/network-vulnerability-scanning/network-security-scanner-online","Find out with any plan","primary",{"title":25,"slug":26,"text":18,"link":19,"external":9,"targets":27,"cta":22,"variant":23,"campaign_id":14},"NGINX Rift free scanner - CVE-2026-42945 - Port Scanner","nginx-rift-port-scanner",[28],"/network-vulnerability-scanning/port-scanner-online-nmap",{"title":30,"slug":31,"text":32,"link":8,"external":9,"targets":33,"cta":12,"variant":13,"campaign_id":14},"NGINX Rift free scanner - CVE-2026-42945 - VulnDB Index","nginx-rift-vulndb","🚨 New: free scanner for NGINX Rift (CVE-2026-42945). Check your targets now.",[34],"/vulnerabilities-exploits",{"title":36,"slug":37,"text":32,"link":8,"external":9,"targets":38,"cta":12,"variant":13,"campaign_id":14},"NGINX Rift free scanner - CVE-2026-42945 -blog","nginx-rift-blog",[39],"/blog",["Island",41],{"key":42,"params":43,"result":45},"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0",{"props":44},"{}",{"head":46},{},["Island",48],{"key":49,"params":50,"result":51},"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU",{"props":44},{"head":52},{},["Island",54],{"key":55,"params":56,"result":58},"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU",{"props":57},"{\"text-color\":\"gray\"}",{"head":59},{},{"id":61,"detectable_with":62,"vuln_details":69,"vuln_id":79,"name":80,"published":81,"updated":70},29332,{"tool":63,"engine":66},{"id":64,"name":65},1,"Network Scanner",{"id":67,"name":68},2,"Nuclei",{"id":61,"codename":70,"description":70,"severity":71,"risk_description":72,"public_description":73,"public_recommendation":74,"recommendation":70,"references":75,"cvssv3":70,"epss_score":70,"epss_percentile":70,"cve":70,"in_cisa_catalog":78,"date":70,"software_type":70,"vendor":70,"product":70,"ptt_exploit_capabilities":70},null,"medium","The risk exists that a remote attacker might leverage the misconfigurations in order to compromise the target.","Laravel Sanctum's SPA authentication uses cookie-based session authentication for first-party single-page applications. The /sanctum/csrf-cookie endpoint issues XSRF-TOKEN cookies to requesting origins. When SANCTUM_STATEFUL_DOMAINS is misconfigured with wildcard or overly permissive values, the application responds with CORS headers that permit arbitrary external origins to make credentialed cross-origin requests.","Restrict SANCTUM_STATEFUL_DOMAINS and SESSION_DOMAIN to only trusted application domains, and configure session cookies with SameSite=Lax or SameSite=Strict to reduce unauthorized cross-site requests. Additionally, ensure config/cors.php does not use wildcard (*) origins when supports_credentials is enabled, allowing only trusted origins for credentialed requests.",[76,77],"https://laravel.com/docs/11.x/sanctum#spa-authentication","https://laravel.com/docs/11.x/sanctum#cors-and-cookies",false,"NETSCAN-NUCLEI-MISCONFIGURATION-LARAVEL-SANCTUM-MISCONFIG","Laravel Sanctum - Stateful Domain CSRF Misconfiguration","2026-05-27T00:00:00Z"]