Searching CVE for "nginx"
Nginx UI versions before 2.3.3 expose an unauthenticated API endpoint that discloses encryption keys in response headers, allowing attackers to download and decrypt full system backups containing sens...
TinyWeb versions before 2.02 are vulnerable to Slowloris denial-of-service attacks where attackers can exhaust server resources by opening many connections and sending data extremely slowly. Anyone ho...
This CVE describes a cross-site scripting (XSS) vulnerability in Indico event management system versions prior to 3.3.10. Attackers can inject malicious scripts by uploading certain file types as mate...
This vulnerability allows attackers to inject malicious scripts via the nginxDir parameter in the nginxWebUI web management interface. When exploited, it enables cross-site scripting attacks that can ...
This CVE allows attackers to inject malicious configuration into ingress-nginx via the auth-proxy-set-headers annotation, potentially leading to arbitrary code execution and disclosure of Kubernetes S...
A vulnerability in NGINX OSS and NGINX Plus allows attackers in a man-in-the-middle position on the upstream server side to inject plain text data into responses from proxied TLS servers. This affects...
This CVE describes an authentication bypass vulnerability in ingress-nginx when using custom error backends. If administrators configure a defective custom error backend that doesn't respect the X-Cod...
This CVE describes a denial-of-service vulnerability in ingress-nginx's validating admission controller. Attackers can send large requests to exhaust memory, potentially causing the controller pod to ...
This vulnerability in ingress-nginx allows attackers to inject malicious configuration via the auth-method annotation, leading to arbitrary code execution within the controller pod. This could result ...
This CVE describes a configuration injection vulnerability in ingress-nginx where attackers can inject malicious nginx configuration through the `rules.http.paths.path` field. This allows arbitrary co...
CVE-2026-23837 is an authentication bypass vulnerability in MyTube that allows unauthenticated attackers to access protected administrative functions. All users running MyTube with loginEnabled: true ...
Tandoor Recipes' default NixOS configuration exposes the SQLite database file externally when using SQLite with default MEDIA_ROOT settings. This allows unauthenticated attackers to download the entir...
CVE-2026-22265 is a command injection vulnerability in Roxy-WI web interface versions prior to 8.2.8.2 that allows authenticated users to execute arbitrary system commands through the log viewing func...
This vulnerability in the Varnish/Nginx Proxy Caching WordPress plugin allows attackers to retrieve sensitive information embedded in cached data. It affects all WordPress sites using this plugin up t...
A vulnerability in NGINX Ingress Controller's nginx.org/rewrite-target annotation validation allows path traversal attacks. This affects Kubernetes clusters using NGINX Ingress Controller with the vul...
Servify Express versions before 1.2 have a denial-of-service vulnerability where attackers can send extremely large JSON request bodies, causing excessive memory usage, degraded performance, or proces...
Traefik versions 3.5.0 through 3.6.2 have inverted TLS verification logic in the nginx.ingress.kubernetes.io/proxy-ssl-verify annotation. Setting the annotation to 'on' (intending to enable backend TL...
This vulnerability in cpp-httplib allows attackers to spoof client IP addresses by sending malicious X-Forwarded-For or X-Real-IP headers. This can poison server logs, evade audit trails, and potentia...
This vulnerability in cpp-httplib allows attackers to inject HTTP headers (REMOTE_ADDR, REMOTE_PORT, LOCAL_ADDR, LOCAL_PORT) that shadow server-generated metadata. This enables IP spoofing, log poison...
The WebP Express WordPress plugin exposes configuration data through predictable config file names on NGINX servers. Unauthenticated attackers can access sensitive configuration information. All WordP...
The SureMail WordPress plugin allows unauthenticated attackers to upload malicious PHP files through public forms that email attachments, leading to remote code execution. This affects WordPress sites...
This CVE describes a path traversal vulnerability in Frappe web framework that allows attackers to retrieve arbitrary files from the server if the full path is known. It affects direct deployments usi...
The BackWPup WordPress plugin up to version 5.5.0 has an authorization vulnerability where authenticated users with Subscriber-level access or higher can retrieve backup filenames during backup operat...
This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to modify the NGINX Cache Optimizer plugin's blacklist settings without proper authorization. Attackers c...
This vulnerability affects BIG-IP Advanced WAF with SSRF protection or NGINX with App Protect Bot Defense, where undisclosed requests can disrupt new client connections. It causes denial of service by...
Astro web framework versions before 5.14.2 reflect unvalidated X-Forwarded-Host header values in Astro.url output, allowing attackers to manipulate URLs used for canonical links, login forms, or other...
This vulnerability allows attackers to bypass proxy-level access restrictions in Rack applications using Rack::Sendfile with certain proxy configurations. By sending crafted x-sendfile-type and x-acce...
This vulnerability in Rack's multipart parser allows remote attackers to cause denial of service by sending incomplete multipart headers that trigger unbounded memory accumulation. All Ruby web applic...
A critical authentication bypass vulnerability in Termix versions 1.5.0 and below allows unauthenticated attackers to access the /ssh/db/host/internal endpoint, exposing stored SSH host information in...
Vasion Print (formerly PrinterLogic) contains outdated, end-of-life third-party components across multiple Docker containers, creating a large attack surface. Attackers can chain vulnerabilities in th...
A NULL pointer dereference vulnerability in the Linux kernel's SMC (Shared Memory Communications) subsystem allows local attackers to cause a kernel panic and system crash. This affects systems using ...
This vulnerability in Hono web framework versions 4.8.0 through 4.9.5 allows path confusion attacks that could bypass proxy-level access controls like Nginx location blocks. Attackers could potentiall...
This vulnerability allows authenticated users in Paymenter webshop software to upload arbitrary files through ticket attachments. Attackers can exploit this to extract sensitive data, read credentials...
This CVE describes a configuration vulnerability in nginx-defender where default administrative credentials are present in example configuration files. Attackers with network access can use these defa...
A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data like JWT tokens due to improper Origin header validation. Attackers can intercept tokens usi...
The WPvivid Backup & Migration WordPress plugin allows authenticated administrators to upload arbitrary files due to missing file type validation. This vulnerability can lead to remote code execution ...
This vulnerability in ModSecurity causes a segmentation fault when processing XML requests containing empty tags, leading to denial of service. It affects ModSecurity installations with SecParseXmlInt...
This vulnerability allows unauthenticated attackers to directly access Mautic's .env configuration files via web browser, exposing sensitive information like database credentials and API keys. It affe...
The Open edX Platform allows unauthorized users to download python_lib.zip files from courses, which may contain custom grading code or answers to course problems. This affects any Open edX deployment...
ModSecurity versions up to 2.9.8 are vulnerable to a denial-of-service attack when processing JSON payloads with specific rule configurations. Attackers can crash the WAF by sending specially crafted ...
This vulnerability in Rack's query parser allows attackers to send HTTP requests with extremely large numbers of parameters, causing memory exhaustion and CPU resource consumption. This leads to denia...
A race condition vulnerability in the Linux kernel's SMC-R (Shared Memory Communications over RDMA) implementation allows a NULL pointer dereference when terminating network connections under stress c...
This vulnerability in KNIME Business Hub's ingress-nginx component allows authenticated attackers to potentially execute arbitrary code within the Kubernetes cluster. It affects all KNIME Business Hub...
This vulnerability allows attackers to inject malicious configuration into ingress-nginx via the auth-url annotation, leading to arbitrary code execution within the controller pod. It affects all Kube...
This vulnerability in ingress-nginx allows attackers to inject arbitrary nginx configuration via the 'mirror-target' and 'mirror-host' annotations, potentially leading to remote code execution and dis...
CVE-2025-1974 is a critical vulnerability in Kubernetes' ingress-nginx controller that allows unauthenticated attackers on the pod network to execute arbitrary code with the controller's privileges. T...
A directory traversal vulnerability in ingress-nginx's Admission Controller allows attackers to manipulate filenames to access files outside intended directories. This affects Kubernetes clusters usin...
CVE-2025-1097 is a critical vulnerability in ingress-nginx where the auth-tls-match-cn annotation can be exploited to inject malicious configuration into nginx, potentially leading to arbitrary code e...
This vulnerability in NGINX Unit with the Java Language Module allows remote attackers to send specific requests that trigger an infinite loop, causing high CPU usage and potential denial-of-service. ...
This CVE addresses a race condition in the Linux kernel's netfilter subsystem where using prandom in preemptible contexts could cause kernel bugs. The vulnerability affects Linux systems using nftable...
This CVE describes a client certificate authentication bypass vulnerability in nginx when multiple server blocks share the same IP/port. Attackers can exploit TLS session resumption to bypass client c...
A Host header injection vulnerability in CTFd 3.7.5 allows attackers to manipulate the Host header in HTTP requests. This can lead to phishing attacks, password reset hijacking, or cache poisoning. Af...
This CVE describes a Missing Authorization vulnerability in the Hestia Nginx Cache WordPress plugin that allows attackers to exploit incorrectly configured access control security levels. Attackers ca...
This vulnerability allows attackers to download Discourse backup files through nginx misconfiguration when using local storage. Only Discourse instances configured with FileStore::LocalStore for uploa...
The Opt-In Downloads WordPress plugin allows authenticated attackers with Subscriber-level access or higher to upload arbitrary files due to missing file type validation. This vulnerability can lead t...
A session fixation vulnerability in NGINX OpenID Connect reference implementation allows attackers to bind a victim's session to an attacker-controlled account by exploiting missing nonce validation d...
Nginx UI v2.0.0-beta.35 and earlier contains a path traversal vulnerability that allows attackers to write arbitrary files to the server by manipulating JSON input with '../../' sequences. This can le...
CVE-2024-49368 is a critical command injection vulnerability in Nginx UI that allows attackers to execute arbitrary commands on the server. This affects all Nginx UI installations prior to version 2.0...
This CVE describes a command injection vulnerability in NginxProxyManager's Let's Encrypt certificate request function. An attacker can execute arbitrary commands on the server with the privileges of ...
This vulnerability in Puma web server allows clients to override proxy-set headers like X-Forwarded-For by sending underscore versions (X-Forwarded_For). This affects any users relying on proxy header...
This vulnerability allows attackers with permission to create Ingress objects to bypass annotation validation and execute arbitrary commands, potentially compromising the ingress-nginx controller cred...
This vulnerability in NGINX's ngx_http_mp4_module allows attackers to cause memory over-read and worker process termination by uploading specially crafted MP4 files. Only NGINX installations built wit...
This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in cBioPortal's proxy endpoint. Unauthenticated attackers can exploit publicly exposed instances, while authenticated users can ex...
CVE-2024-39935 is an OS command injection vulnerability in jc21 NGINX Proxy Manager that allows authenticated users with certificate management privileges to execute arbitrary commands on the host sys...
A race condition vulnerability in the Linux kernel's SMC (Shared Memory Communications) subsystem allows NULL pointer dereference when accessing a released socket. This can cause kernel crashes (denia...
This vulnerability in NGINX Plus and NGINX OSS allows attackers to cause denial of service by sending specially crafted HTTP/3 requests when the QUIC module is enabled. The worker processes may termin...
This vulnerability allows attackers to cause denial of service by sending specially crafted HTTP/3 requests to NGINX servers configured with the QUIC module. When exploited, NGINX worker processes ter...
This vulnerability allows authenticated remote attackers to execute arbitrary code as root on Softing Secure Integration Server installations. The flaw stems from an inconsistency in URI parsing betwe...
This critical vulnerability in cym1102 nginxWebUI allows remote attackers to bypass certificate validation through manipulation of the nginxPath parameter in the handlePath function. This could lead t...
The Apollo Router versions 0.9.5 through 1.40.1 have a DoS vulnerability where highly compressed HTTP payloads cause excessive memory consumption during decompression before size limits are enforced. ...
This vulnerability allows attackers to cause denial of service by sending specially crafted requests to NGINX servers with HTTP/3 QUIC module enabled. It affects NGINX Plus and NGINX OSS when configur...
This vulnerability allows authenticated attackers to execute arbitrary commands on Nginx-UI servers via CRLF injection when modifying test_config_cmd or start_cmd parameters. It affects all Nginx-UI i...
CVE-2024-23827 is a critical path traversal vulnerability in Nginx-UI's Import Certificate feature that allows attackers to write arbitrary files to the system. This can lead to remote code execution ...
This CVE describes an NGINX authentication bypass vulnerability in GL.iNet router firmware that allows unauthenticated attackers to execute arbitrary commands. The flaw exists in Lua string pattern ma...
CVE-2024-22196 is a SQL injection vulnerability in Nginx-UI where user-controlled 'order' and 'sort_by' query parameters are appended to SQL queries without sanitization. This allows attackers to exec...
This vulnerability in nginx-ui allows authenticated users to modify critical nginx configuration commands via API endpoints that should be restricted, potentially leading to remote code execution, pri...
This CVE allows attackers to inject malicious annotations into Ingress nginx configurations, leading to arbitrary command execution on the host system. It affects Kubernetes clusters using ingress-ngi...
This vulnerability allows attackers to bypass path sanitization in ingress-nginx by using the log_format directive, potentially enabling path traversal attacks. It affects Kubernetes ingress-nginx dep...
CVE-2023-44388 is a denial-of-service vulnerability in Discourse where malicious requests can rapidly fill production log files, causing servers to run out of disk space. This affects all Discourse ad...
This vulnerability allows attackers to bypass NAXSI web application firewall protection when malicious X-Forwarded-For headers match IgnoreIP or IgnoreCIDR rules. It affects NAXSI WAF installations ru...
This CVE describes a denial-of-service vulnerability in plone.rest where repeated use of the `++api++` traverser in URLs causes increasing processing time, making the server less responsive. It affect...
CVE-2020-21699 is an integer overflow vulnerability in Tengine's range filter module that allows attackers to leak potentially sensitive information from web servers. The vulnerability affects Tengine...
The Broadcom RAID Controller Web server (nginx) exposes private files without requiring authentication. This vulnerability allows unauthorized users to access sensitive system files. Organizations usi...
CVE-2023-28656 is an authorization bypass vulnerability in NGINX Management Suite that allows authenticated users to access configuration objects outside their assigned environment boundaries. This af...
This vulnerability in Nginx NJS v0.7.10 allows attackers to trigger a segmentation violation via the njs_dump_is_recursive function, potentially causing denial of service or arbitrary code execution. ...
CVE-2023-27730 is a memory corruption vulnerability in Nginx NJS JavaScript engine that can cause segmentation faults via the njs_lvlhsh_find function. This affects systems running Nginx with NJS modu...
CVE-2023-27224 is a command injection vulnerability in Nginx Proxy Manager v2.9.19 that allows attackers to execute arbitrary code via malicious Lua scripts in configuration files. This affects all us...
CVE-2023-25803 is a directory traversal vulnerability in Roxy-WI web interface that allows attackers to read arbitrary server-side files. This affects all Roxy-WI installations prior to version 6.3.5....
CVE-2022-34028 is a segmentation fault vulnerability in Nginx NJS JavaScript engine that occurs when processing malformed UTF-8 sequences. This vulnerability could allow attackers to crash Nginx proce...
CVE-2022-34029 is an out-of-bounds read vulnerability in Nginx NJS (JavaScript engine) that could allow attackers to read sensitive memory contents or cause denial of service. This affects systems run...
CVE-2022-34031 is a segmentation violation vulnerability in Nginx NJS JavaScript engine that could allow attackers to crash the Nginx process or potentially execute arbitrary code. This affects system...
CVE-2022-31161 is a critical remote code execution vulnerability in Roxy-WI web interface versions prior to 6.1.1.0. It allows unauthenticated attackers to execute arbitrary system commands via the su...
CVE-2022-31137 is a critical remote code execution vulnerability in Roxy-WI web interface that allows unauthenticated attackers to execute arbitrary system commands. The vulnerability exists in the su...
CVE-2022-31125 is an authentication bypass vulnerability in Roxy-wi web interface that allows unauthenticated remote attackers to access administrative functionality. This affects all Roxy-wi installa...
CVE-2022-31081 is an HTTP request smuggling vulnerability in HTTP::Daemon Perl library versions before 6.15. It allows attackers to bypass security controls, poison caches, or gain unauthorized API ac...
BigBlueButton web conferencing systems are vulnerable to regular expression denial of service (ReDoS) attacks through malicious User-Agent headers. Attackers can send specially crafted requests contai...
This CVE describes a stack overflow vulnerability in Nginx NJS module loader that could allow remote code execution or denial of service. However, multiple sources dispute this affects released versio...
Konica Minolta bizhub MFP devices store administrative passwords in cleartext files, allowing attackers with local access to read sensitive credentials. This affects all Konica Minolta bizhub MFP devi...
CVE-2022-29369 is a segmentation fault vulnerability in Nginx NJS (JavaScript engine) that can cause denial of service or potentially allow arbitrary code execution. It affects systems running Nginx w...
CVE-2021-25745 is a vulnerability in ingress-nginx where users with permissions to create or update Ingress objects can exploit the path field to obtain the controller's credentials. These credentials...