GHSA-M46H-9PV9-W5XP vulnerabilities

Vulnerabilities for packages: nginx-mainline...

GHSA-38GR-CJJP-3F5W vulnerabilities

Vulnerabilities for packages: nginx-mainline...

Ubuntu: Security Advisory (USN-7285-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-13869

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'uploadfiles' function in all versions up to, and including, 0.9.112. This makes it possible for authenticated attackers, with...

USN-7285-1: nginx vulnerability

It was discovered that nginx incorrectly handled when multiple server blocks are configured to share the same IP address and port. An attacker could use this issue to use session resumption to bypass client certificate authentication requirements on these servers. This issue only affected Ubuntu...

USN-7285-1 nginx vulnerability

It was discovered that nginx incorrectly handled when multiple server blocks are configured to share the same IP address and port. An attacker could use this issue to use session resumption to bypass client certificate authentication requirements on these servers. This issue only affected Ubuntu...

Ubuntu 20.04 LTS / 22.04 LTS / 24.10 : nginx vulnerability (USN-7285-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7285-1 advisory. It was discovered that nginx incorrectly handled when multiple server blocks are configured to share the same IP address and port. An attacker...

CVE-2024-13869

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'uploadfiles' function in all versions up to, and including, 0.9.112. This makes it possible for authenticated attackers, with...

CVE-2024-13869

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'uploadfiles' function in all versions up to, and including, 0.9.112. This makes it possible for authenticated attackers, with...

CVE-2024-13869 Migration, Backup, Staging – WPvivid <= 0.9.112 - Authenticated (Admin+) Arbitrary File Upload via wpvivid_upload_file

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'uploadfiles' function in all versions up to, and including, 0.9.112. This makes it possible for authenticated attackers, with...

CVE-2024-13869

CVE-2024-13869 affects Migration, Backup, Staging – WPvivid Backup & Migration for WordPress. Wordfence notes a vulnerability in the wpvivid_upload_file path that allows an authenticated attacker with Admin+ privileges to upload arbitrary files, enabling potential remote code execution. Versions ...

CVE-2024-13869 Migration, Backup, Staging – WPvivid <= 0.9.112 - Authenticated (Admin+) Arbitrary File Upload via wpvivid_upload_file

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'uploadfiles' function in all versions up to, and including, 0.9.112. This makes it possible for authenticated attackers, with...

EUVD-2025-4422

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'uploadfiles' function in all versions up to, and including, 0.9.112. This makes it possible for authenticated attackers, with...

CVE-2025-23001

A Host header injection vulnerability exists in CTFd 3.7.5, due to the application failing to properly validate or sanitize the Host header. An attacker can manipulate the Host header in HTTP requests, which may lead to phishing attacks, reset password, or cache poisoning. NOTE: the Supplier's...

Medium: nginx

Issue Overview: When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...

Medium: nginx

Issue Overview: When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...

Azure Linux 3.0 Security Update: nginx (CVE-2025-23419)

The version of nginx installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23419 advisory. - When multiple server blocks are configured to share the same IP address and port, an attacker can use session...

CVE-2025-23419 affecting package nginx for versions less than 1.25.4-3

CVE-2025-23419 affecting package nginx for versions less than 1.25.4-3. A patched version of the package is available...

Fedora: Security Advisory (FEDORA-2025-016ed44ddc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CBL Mariner 2.0 Security Update: nginx (CVE-2025-23419)

The version of nginx installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23419 advisory. - When multiple server blocks are configured to share the same IP address and port, an attacker can use session...