Lucene search
K

4 matches found

Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.6 views

PT-2026-29944

nginx-UI has Unencrypted Storage of DNS API Tokens and ACME Private Keys in github.com/0xJacky/nginx-ui...

9.9CVSS5.9AI score0.0028EPSS
Exploits1References4
CVE
CVE
added 2026/03/30 5:58 p.m.26 views

CVE-2026-33030

CVE-2026-33030 affects nginx-ui up to version 2.3.3. An Insecure Direct Object Reference (IDOR) vulnerability allows any authenticated user to access, modify, or delete resources owned by other users due to lack of user ownership checks in the base model and endpoints. Some sources (GHSA/OSV) add...

9.9CVSS5.9AI score0.0028EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/03/30 5:58 p.m.21 views

CVE-2026-33030 Nginx UI: Unencrypted Storage of DNS API Tokens and ACME Private Keys

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.3 and prior, Nginx-UI contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access, modify, and delete resources belonging to other users. The application's base Model struct...

8.8CVSS0.0028EPSS
Exploits1References1
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/30 12:0 a.m.11 views

nginx-UI has Unencrypted Storage of DNS API Tokens and ACME Private Keys

Nginx-UI contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access, modify, and delete resources belonging to other users. The application's base Model struct lacks a userid field, and all resource endpoints perform queries by ID without verifyin...

9.9CVSS5.9AI score0.0028EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder