6573 matches found
CVE-2026-42533
A flaw was found in NGINX. An unauthenticated attacker can exploit this vulnerability by sending specially crafted HTTP requests when the map directive uses regular expression regex matching and references regex capture variables before referencing the map output variable. This can lead to a heap...
WordPress Varnish/Nginx Proxy Caching <= 1.8.3 - Information Exposure
Razvan Stanga Varnish/Nginx Proxy Caching = 1.8.3 contains an insertion of sensitive information into sent data vulnerability caused by improper handling of embedded sensitive data, letting attackers retrieve sensitive information, exploit requires crafted requests. id: CVE-2025-62126 info: name:...
Nginx UI < 2.3.3 - Information Disclosure
Nginx UI 2.3.3 contains an information disclosure vulnerability caused by unauthenticated access to /api/backup endpoint exposing encryption keys in X-Backup-Security header, letting unauthenticated attackers download and decrypt full system backups. id: CVE-2026-27944 info: name: Nginx UI 2.3.3 ...
Nginx UI - Broken Access Control
Network attackers can fully control nginx service, including config modification and service restart, leading to complete service takeover. id: CVE-2026-33032 info: name: Nginx UI - Broken Access Control author: DhiyaneshDk severity: critical description: | Network attackers can fully control ngi...
Discourse Backup File Disclosure Via Default Nginx Configuration
Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use FileStore--LocalStore which means uploads and backups are stored locally on disk. If an attacker knows the name of the Discourse backup file, the attacker can trick...
nginx-1.31.3-1.1 on GA media (moderate)
nginx-1.31.3-1.1 on GA media Announcement ID: openSUSE-SU-2026:11295-1 Rating: moderate Cross-References: CVE-2026-42533 CVE-2026-56434 CVE-2026-60005 CVSS scores: CVE-2026-42533 SUSE : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-42533 SUSE : 9.2...
Ingress-Nginx Controller - Remote Code Execution
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. Note...
Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-tls-match-cn` Annotation
A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of...
Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-url` Annotation
A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the auth-url Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...
OPENSUSE-SU-2026:11295-1 nginx-1.31.3-1.1 on GA media
These are all security issues fixed in the nginx-1.31.3-1.1 package on the GA media of openSUSE Tumbleweed...
The vulnerability of the NGINX Plus and NGINX Open Source HTTP-server directives allows attackers to execute arbitrary code or cause service interruptions.
The vulnerability of the NGINX Plus and NGINX Open Source HTTP-server directives is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure by sending a specially crafted HTTP request...
Ingress-Nginx Controller - Configuration Injection via Unsanitized Mirror Annotations
A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the mirror-target and mirror-host Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx...
Xiaomi Mi WiFi R3G Routers - Local file Inclusion
Xiaomi Mi WiFi R3G devices before 2.28.23-stable are susceptible to local file inclusion vulnerabilities via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability, the attacker can bypass authentication. id: CVE-2019-18371...
UBUNTU-CVE-2026-60005
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpslicemodule module. When the slice directive and unnamed regex captures are configured or when a background cache update happens, unauthenticated attackers can send requests that may cause uninitialized memory access in the NGINX...
UBUNTU-CVE-2026-42533
A vulnerability exists in NGINX Plus and NGINX Open Source when a map directive uses regex matching and a string expression references the map's regex capture variables before referencing the map output variable. Alternatively, the same result could be achieved by using a non-cacheable variable i...
Linux Distros Unpatched Vulnerability : CVE-2026-42533
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability exists in NGINX Plus and NGINX Open Source when a map directive uses regex matching and a string expression references the map's regex capture...
UBUNTU-CVE-2026-56434
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpssimodule module. This vulnerability may exist when the Server-Side Includes SSI, proxypass, and proxybuffering off directives are configured. With this configuration, an unauthenticated attacker with man-in-the-middle MITM abili...
Linux Distros Unpatched Vulnerability : CVE-2026-56434
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpssimodule module. This vulnerability may exist when the Server-Side Includes SSI, proxypass,...
Linux Distros Unpatched Vulnerability : CVE-2026-60005
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpslicemodule module. When the slice directive and unnamed regex captures are configured or wh...
CVE-2026-60065
When NGINX Plus is configured to use the Message Queuing Telemetry Transport MQTT filter module ngxstreammqttfiltermodule, unauthenticated attackers can send requests with conditions beyond the attacker's control to cause a heap buffer over-read in the NGINX worker process, leading to a restart...