WordPress Nginx Cache Purge Preload plugin <= 2.1.1 - Authenticated (Administrator+) Remote Code Execution vulnerability

Authenticated Administrator+ Remote Code Execution vulnerability discovered by cynau1t TianGong in WordPress Plugin Nginx Cache Purge Preload versions = 2.1.1...

CLSA-2025-1752516250 nginx: Fix of CVE-2025-23419

CVE-2025-23419: fix issue allowing session resumption to bypass client certificate authentication when multiple server blocks share same IP/port...

Ubuntu 24.04 LTS : nginx vulnerability (USN-7285-2)

The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7285-2 advisory. USN-7285-1 fixed vulnerabilities in nginx. This update provides the corresponding updates for Ubuntu 24.04 LTS. Tenable has extracted the preceding description...

Exploit for Out-of-bounds Write in F5 Nginx

Disclosures Zero-day and N-day security vulnerability notes, analysis, and proof-of-concepts URL: https://github.com/badd1e/Disclosures List CVE-2009-2629: nginx http module Buffer Underflow Remote Code Execution Vulnerability Patch analysis, testcase, notes CVE-2013-0007: Microsoft XML Core...

CVE-2025-5961

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpvividuploadimportfiles' function in all versions up to, and including, 0.9.116. This makes it possible for authenticated attackers...

CVE-2025-5961 Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.116 - Authenticated (Administrator+) Arbitrary File Upload

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpvividuploadimportfiles' function in all versions up to, and including, 0.9.116. This makes it possible for authenticated attackers...

PT-2025-27805 · WordPress · Wpvivid Backup/Migration

Name of the Vulnerable Software and Affected Versions: Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress versions up to, and including, 0.9.116 Description: The issue is related to arbitrary file uploads due to missing file type validation in the wpvivid upload import...

CVE-2025-52891 ModSecurity empty XML tag causes segmentation fault

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If SecParseXmlIntoArgs is set to On or OnlyArgs, and the request type is application/xml, and at least...

Exploit for CVE-2025-1974

IngressNightmare: CVE-2025-1974 - Unauthenticated Remote Code...

Debian: Security Advisory (DLA-4228-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dla-4228 : libnginx-mod-http-auth-pam - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4228 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4228-1 [email protected]...

[SECURITY] [DLA 4228-1] nginx security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4228-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler June 24, 2025 https://wiki.debian.org/LTS -...

DLA-4228-1 nginx - security update

Bulletin has no description...

Advisory ROSA-SA-2025-2895

Software: nginx 1.20.1 OS: rosa-server79 packageevrstring: nginx-1.20.1-22.res7.2 CVE-ID: CVE-2021-3618 BDU-ID: 2022-00351 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the vsftpd FTP server is related to a lack of protection for transmitted data. Exploitation of the vulnerability could allow an...

📄 Ingress-NGINX 4.11.0 Remote Code Execution

Ingress-NGINX version 4.11.0 remote code execution exploit that sends a crafted AdmissionRequest to the vulnerable Ingress-NGINX webhook and loads shell.so to achieve code execution. Exploit Title: Ingress-NGINX 4.11.0 - Remote Code Execution RCE Google Dork: N/A Date: 2025-06-19 Exploit Author:...

Ingress-NGINX 4.11.0 - Remote Code Execution (RCE)

Exploit Title: Ingress-NGINX 4.11.0 - Remote Code Execution RCE Google Dork: N/A Date: 2025-06-19 Exploit Author: Likhith Appalaneni Vendor Homepage: https://kubernetes.github.io/ingress-nginx/ Software Link: https://github.com/kubernetes/ingress-nginx Version: ingress-nginx v4.11.0 on Kubernetes...

TencentOS Server 4: nginx (TSSA-2024:0615)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0615 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 4: nginx (TSSA-2024:0497)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0497 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Exploit for CVE-2025-24514

🔥 CVE-2025-24514 원격 취약점 점검 PoC 이 스크립트는 CVE-2025-24514 취약점ing...

Malicious code in nginx-internal (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5a0f4d116d3fd75c3c8061c91010e1f912625a9860c89e5af3d3c912296d06de Any computer that has this package installed or running should be considered...