After we had the NGINX Rift vulnerability disclosed last week, there's now another RCE in the NGINX server, this one named NGINX-PoolSlip.
Details will be published 30 days after a patch is released, to prevent exploitation, which is now happening against NGINX Rift
