CVE-2024-39935

jc21 NGINX Proxy Manager before 2.11.3 allows backend/internal/certificate.js OS command injection by an authenticated user with certificate management privileges via untrusted input to the DNS provider configuration. NOTE: this is not part of any NGINX software shipped by F5...

CVE-2021-41188

Shopware is open source e-commerce software. Versions prior to 5.7.6 contain a cross-site scripting vulnerability. This issue is patched in version 5.7.6. Two workarounds are available. Using the security plugin or adding a particular following config to the .htaccess file will protect against...

CVE-2025-23776

Missing Authorization vulnerability in ekaterir Cache Sniper for Nginx snipe-nginx-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cache Sniper for Nginx: from n/a through = 1.0.4.2...

CVE-2022-31182

Discourse is the an open source discussion platform. In affected versions a maliciously crafted request for static assets could cause error responses to be cached by Discourse's default NGINX proxy configuration. A corrected NGINX configuration is included in the latest stable, beta and...

CVE-2022-35925

BookWyrm is a social network for tracking reading. Versions prior to 0.4.5 were found to lack rate limiting on authentication views which allows brute-force attacks. This issue has been patched in version 0.4.5. Admins with existing instances will need to update their nginx.conf file that was...

CVE-2023-45132

NAXSI is an open-source maintenance web application firewall WAF for NGINX. An issue present starting in version 1.3 and prior to version 1.6 allows someone to bypass the WAF when a malicious X-Forwarded-For IP matches IgnoreIP IgnoreCIDR rules. This old code was arranged to allow older NGINX...

CVE-2022-27007

nginx njs 0.7.2 is affected suffers from Use-after-free in njsfunctionframealloc when it try to invoke from a restored frame saved with njsfunctionframesave...

CVE-2019-12938

The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to protect the logs/ folder, which is effective with the Apache HTTP Server but is ineffective with nginx. Attackers can read logs via the webmail/logs/sendmail URI...

CVE-2019-12208

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njsfunctionnativecall in njs/njsfunction.c...

Nginx Sites Enumeration

Binary data nginxenumsites.nbin...

[SECURITY] Fedora 42 Update: nginx-mod-vts-0.2.4-4.fc42

Nginx virtual host traffic status module...

[SECURITY] Fedora 42 Update: nginx-mod-headers-more-0.39-4.fc42

This module allows adding, setting, or clearing specified input/output header s. This is an enhanced version of the standard headers module because it provides more utilities like resetting or clearing "builtin headers" like Content-Type, Content-Length, and Server...

[SECURITY] Fedora 42 Update: nginx-mod-modsecurity-1.0.4-5.fc42

The ModSecurity-nginx connector is the connection point between nginx and libmodsecurity ModSecurity v3. Said another way, this project provides a communication channel between nginx and libmodsecurity. This connector is required to use LibModSecurity with nginx. The ModSecurity-nginx connector...

[SECURITY] Fedora 42 Update: nginx-mod-naxsi-1.6-12.fc42

naxsi is an nginx module that provides score based Web Application Firewall WAF abilities in a highly granular fashion...

[SECURITY] Fedora 42 Update: nginx-mod-brotli-1.0.0~rc-4.fc42

NGINX module for Brotli compression...

[SECURITY] Fedora 42 Update: nginx-mod-fancyindex-0.5.2-13.fc42

The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...

[SECURITY] Fedora 43 Update: nginx-mod-vts-0.2.4-4.fc43

Nginx virtual host traffic status module...

[SECURITY] Fedora 43 Update: nginx-mod-naxsi-1.6-12.fc43

naxsi is an nginx module that provides score based Web Application Firewall WAF abilities in a highly granular fashion...

[SECURITY] Fedora 43 Update: nginx-mod-brotli-1.0.0~rc-4.fc43

NGINX module for Brotli compression...

[SECURITY] Fedora 43 Update: nginx-1.28.1-1.fc43

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...