EUVD-2025-201594

A vulnerability was determined in SGAI Space1 NAS N1211DS up to 1.0.915. Impacted is the function RENAMEFILE/OPERATEFILE/NGNIXUPLOAD of the file /cgi-bin/JSONAPI of the component gsaiagent. This manipulation causes command injection. The attack may be initiated remotely. The exploit has been...

CVE-2025-14184 SGAI Space1 NAS N1211DS gsaiagent JSONAPI NGNIX_UPLOAD command injection

A vulnerability was determined in SGAI Space1 NAS N1211DS up to 1.0.915. Impacted is the function RENAMEFILE/OPERATEFILE/NGNIXUPLOAD of the file /cgi-bin/JSONAPI of the component gsaiagent. This manipulation causes command injection. The attack may be initiated remotely. The exploit has been...

CVE-2025-14184

CVE-2025-14184 affects SGAI Space1 NAS N1211DS (firmware up to 1.0.915). The gsaiagent component exposes a vulnerability in the /cgi-bin/JSONAPI handling of RENAME_FILE/OPERATE_FILE/NGNIX_UPLOAD that enables command injection. The issue can be triggered remotely; public disclosure of the exploit ...

CVE-2025-61729 vulnerabilities

Vulnerabilities for packages: grafana-mimir, gitleaks, grafana, kube-rbac-proxy, kubelet-csr-approver, rancher-webhook, tfsec, pluto, spire-server, terraform-mcp-server, sigstore-scaffolding, frp, grafana-image-renderer, rancher-system-upgrade-controller, prometheus-alertmanager,...

CVE-2025-11379 WebP Express <= 0.25.9 - Unauthenticated Information Exposure

The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...

CVE-2025-11379

The CVE-2025-11379 entry refers to the WordPress WebP Express plugin being vulnerable to information exposure via config files in all versions up to 0.25.9. The root cause is described as the plugin not properly randomizing the config file name, allowing direct access on NGINX and enabling unauth...

PT-2025-49003

The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...

BIT-NGINX-GATEWAY-2025-53859 NGINX ngx_mail_smtp_module vulnerability

NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...

BIT-NGINX-GATEWAY-2024-7347 NGINX MP4 module vulnerability

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and the mp4 directi...

BIT-NGINX-GATEWAY-2024-35200 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate...

BIT-NGINX-GATEWAY-2024-34161 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit MTU of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory...

BIT-NGINX-GATEWAY-2024-32760 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact...

BIT-NGINX-GATEWAY-2024-24990 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

BIT-NGINX-GATEWAY-2024-24989 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

BIT-NGINX-GATEWAY-2021-23017

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact...

BIT-NGINX-AGENT-2024-7634 NGINX Agent Vulnerability

NGINX Agent's "configdirs" restriction feature allows a highly privileged attacker to gain the ability to write/overwrite files outside of the designated secure directory...

BIT-NGINX-AGENT-2023-1550 NGINX Agent vulnerability CVE-2023-1550

Insertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 before 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when...

openSUSE 16 Security Update : certbot (openSUSE-SU-2025-20074-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2025-20074-1 advisory. This update adds the certbot stack. python modules: ConfigArgParse, acme, certbot, certbot-nginx, josepy, pyRFC3339. Tenable has extracted the preceding...

PT-2025-47576

🎯 Real scan results: 11 subdomains → 4m 35s ✅ Found nginx/1.18.0 🔴 Detected CVE-2021-4567 HIGH 🤖 AI provided patch + remediation All automatic. All local. All free. This is recon in 2025 👀 bugbountytips cve appsec...

Moderate: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.4 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...