Lucene search
K

111 matches found

Nuclei
Nuclei
added 15 hours ago17 views

WordPress Varnish/Nginx Proxy Caching <= 1.8.3 - Information Exposure

Razvan Stanga Varnish/Nginx Proxy Caching = 1.8.3 contains an insertion of sensitive information into sent data vulnerability caused by improper handling of embedded sensitive data, letting attackers retrieve sensitive information, exploit requires crafted requests. id: CVE-2025-62126 info: name:...

5.3CVSS5.9AI score0.00659EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 5:47 a.m.3 views

BIT-NGINX-GATEWAY-2026-42055 NGINX ngx_http_proxy_v2_module and ngx_http_grpc_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

9.2CVSS6.3AI score0.02838EPSS
Exploits1References6
CVE
CVE
added 2026/06/17 8:4 p.m.81 views

CVE-2026-50107

CVE-2026-50107 : Affects NGINX Plus or NGINX Open Source used as the data plane for NGINX Gateway Fabric. The vulnerability lies in the configuration generator component: user-supplied values from the NginxProxy CRD access log format setting are rendered directly into NGINX configuration template...

8.6CVSS5.7AI score0.00492EPSS
Exploits0References1Affected Software1
F5 Networks
F5 Networks
added 2026/06/17 7:46 p.m.14 views

K000161785: NGINX Gateway Fabric vulnerability CVE-2026-50107

Security Advisory Description When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource...

8.6CVSS5.5AI score0.00492EPSS
Exploits0Affected Software1
Debian CVE
Debian CVE
added 2026/06/17 2:4 p.m.8 views

CVE-2026-42055

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

9.2CVSS6AI score0.02838EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.27 views

PT-2026-50438

Name of the Vulnerable Software and Affected Versions NGINX Plus affected versions not specified NGINX Open Source versions prior to 1.31.2-1.1 Description An issue exists in the ngx http proxy v2 module and ngx http grpc module modules. The problem occurs when the proxy http version is set to 2 ...

9.2CVSS7AI score0.02838EPSS
Exploits1References63
EUVD
EUVD
added 2026/06/15 9:30 p.m.10 views

EUVD-2026-36790

Incorrect access control in the "Let's Encrypt" certificate download endpoint of Nginx Proxy Manager v2.14.0 allows authenticated attackers to obtain the TLS private key material via a crafted GET request...

5.2AI score0.00171EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 8:16 p.m.18 views

CVE-2026-50892

Incorrect access control in the "Let's Encrypt" certificate download endpoint of Nginx Proxy Manager v2.14.0 allows authenticated attackers to obtain the TLS private key material via a crafted GET request...

6.5CVSS0.00171EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.32 views

CVE-2026-50892

Incorrect access control in the "Let's Encrypt" certificate download endpoint of Nginx Proxy Manager v2.14.0 allows authenticated attackers to obtain the TLS private key material via a crafted GET request...

0.00171EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.14 views

PT-2026-49333

Name of the Vulnerable Software and Affected Versions Nginx Proxy Manager version 2.14.0 Description Incorrect access control in the "Let's Encrypt" certificate download endpoint allows authenticated attackers to obtain TLS private key material by sending a crafted GET request. Recommendations At...

6.5CVSS5.9AI score0.00171EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/15 12:0 a.m.7 views

CVE-2026-50892

Incorrect access control in the "Let's Encrypt" certificate download endpoint of Nginx Proxy Manager v2.14.0 allows authenticated attackers to obtain the TLS private key material via a crafted GET request...

5.2AI score0.00171EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 12:0 a.m.14 views

CVE-2026-50892

CVE-2026-50892 affects Nginx Proxy Manager v2.14.0. The root cause is improper access control on the Let’s Encrypt certificate download endpoint, allowing authenticated attackers to obtain TLS private key material via a crafted GET request. The impact is limited to confidentiality, with the CVSS ...

6.5CVSS5.3AI score0.00171EPSS
Exploits0References1
NVD
NVD
added 2026/06/08 8:17 p.m.21 views

CVE-2026-40519

Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticated remote code execution vulnerability via OS command injection in the setupCertbotPlugins function in backend/setup.js, allowing attackers with certificates:manage permission to execute arbitrary...

7.7CVSS0.00921EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/08 7:28 p.m.15 views

EUVD-2026-35196

Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticated remote code execution vulnerability via OS command injection in the setupCertbotPlugins function in backend/setup.js, allowing attackers with certificates:manage permission to execute arbitrary...

7.7CVSS6.7AI score0.00921EPSS
Exploits0References3
CVE
CVE
added 2026/06/08 7:28 p.m.85 views

CVE-2026-40519

Nginx Proxy Manager versions 2.9.14–2.15.1 are affected by an authenticated remote code execution via OS command injection in backend/setup.js (setupCertbotPlugins). The user-controlled dns_provider_credentials field is interpolated directly into a shell command executed with child_process.exec()...

7.7CVSS6.7AI score0.00921EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/08 7:28 p.m.7 views

CVE-2026-40519

Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticated remote code execution vulnerability via OS command injection in the setupCertbotPlugins function in backend/setup.js, allowing attackers with certificates:manage permission to execute arbitrary...

7.7CVSS6.7AI score0.00921EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/08 7:28 p.m.49 views

CVE-2026-40519 Nginx Proxy Manager Authenticated RCE via setupCertbotPlugins()

Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticated remote code execution vulnerability via OS command injection in the setupCertbotPlugins function in backend/setup.js, allowing attackers with certificates:manage permission to execute arbitrary...

7.7CVSS0.00921EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/08 7:28 p.m.14 views

CVE-2026-40519 Nginx Proxy Manager Authenticated RCE via setupCertbotPlugins()

Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticated remote code execution vulnerability via OS command injection in the setupCertbotPlugins function in backend/setup.js, allowing attackers with certificates:manage permission to execute arbitrary...

7.7CVSS6.7AI score0.00921EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.13 views

Nginx Proxy Manager 操作系统命令注入漏洞

Nginx Proxy Manager is an open-source Docker container developed by Nginx Proxy Manager. It is used to manage Nginx proxy hosts through a simple and powerful interface. Version 2.9.14 to 2.15.1 of Nginx Proxy Manager has a vulnerability related to operating system command injection. This...

7.7CVSS5.9AI score0.00921EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.21 views

PT-2026-47446

Name of the Vulnerable Software and Affected Versions Nginx Proxy Manager versions 2.9.14 through 2.15.1 Description An authenticated remote code execution issue exists via OS command injection in the setupCertbotPlugins function located in backend/setup.js. Attackers with certificates:manage...

7.7CVSS6.6AI score0.00921EPSS
Exploits0References5
Rows per page
Query Builder