Lucene search
+L

117 matches found

vulnrichment
vulnrichment
added 2025/08/19 12:0 a.m.10 views

CVE-2025-50579

A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration enables attackers to intercept tokens using a simple browser script and exfiltrate them to a...

7AI score0.00356EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/08/19 12:0 a.m.12 views

PT-2025-33735 · Unknown · Nginx Proxy Manager

Name of the Vulnerable Software and Affected Versions: Nginx Proxy Manager version 2.12.3 Description: A Cross-Origin Resource Sharing CORS misconfiguration allows unauthorized domains to access sensitive data, specifically JSON Web Tokens JWT, due to improper validation of the Origin header. Thi...

5.3CVSS7.2AI score0.00356EPSS
Exploits0References7
osv
osv
added 2025/08/19 12:0 a.m.4 views

CVE-2025-50579

A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration enables attackers to intercept tokens using a simple browser script and exfiltrate them to a...

5.3CVSS6.8AI score0.00356EPSS
Exploits0References4
cve
cve
added 2025/08/19 12:0 a.m.28 views

CVE-2025-50579

CVE-2025-50579 affects Nginx Proxy Manager v2.12.3, where a CORS misconfiguration allows unauthorized domains to access sensitive data (JWT tokens) due to improper Origin header validation. Attack possible via a simple browser script to exfiltrate tokens to a remote server, potentially enabling u...

5.3CVSS7AI score0.00356EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2025/08/19 12:0 a.m.56 views

CVE-2025-50579

A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration enables attackers to intercept tokens using a simple browser script and exfiltrate them to a...

0.00356EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/08/19 12:0 a.m.15 views

Nginx Proxy Manager 安全漏洞

Nginx Proxy Manager is a Docker container for Nginx Proxy Manager open source. It is used to manage Nginx proxy hosts through a simple and powerful interface. A security vulnerability exists in Nginx Proxy Manager version v2.12.3, which stems from an improperly configured CORS and could lead to a...

5.3CVSS6.7AI score0.00356EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/05/23 2:35 a.m.11 views

CVE-2023-23596

jc21 NGINX Proxy Manager through 2.9.19 allows OS command injection. When creating an access list, the backend builds an htpasswd file with crafted username and/or password input that is concatenated without any validation, and is directly passed to the exec command, potentially allowing an...

8.8CVSS7.8AI score0.15198EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/23 2:25 a.m.7 views

CVE-2023-27224

An issue found in NginxProxyManager v.2.9.19 allows an attacker to execute arbitrary code via a lua script to the configuration file...

9.8CVSS7.8AI score0.01218EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 10:41 p.m.16 views

CVE-2022-28379

jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item deletion...

6.8CVSS6.1AI score0.71209EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 8:28 a.m.11 views

CVE-2019-15517

jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f directory traversal...

5.5CVSS7AI score0.00725EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/04/26 6:19 a.m.5 views

CVE-2025-29452

An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Proxy Manager component...

7.6CVSS6.5AI score0.00377EPSS
Exploits1References1
nvd
nvd
added 2025/04/17 9:15 p.m.15 views

CVE-2025-29452

An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Proxy Manager component...

7.6CVSS0.00377EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/04/17 12:0 a.m.7 views

CVE-2025-29452

An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Proxy Manager component...

7.2AI score0.00377EPSS
Exploits1References1
cnnvd
cnnvd
added 2025/04/17 12:0 a.m.4 views

Seo Panel 安全漏洞

Seo Panel is a free search engine optimization software from Seo Panel Open Source. A security vulnerability exists in Seo Panel version 4.11.0, which stems from mishandling of the Proxy Manager component and could allow a remote attacker to obtain sensitive information...

7.6CVSS6.5AI score0.00377EPSS
Exploits1References1
cve
cve
added 2025/04/17 12:0 a.m.70 views

CVE-2025-29452

CVE-2025-29452 affects Seo Panel 4.11.0 with a vulnerability in the Proxy Manager component that allows a remote attacker to obtain sensitive information. The issue is confirmed across multiple feeds (including Red Hat, OSV, NVD entries) and has a CVSSv3.1 base score of 7.6 ( HIGH, NETWORK attack...

7.6CVSS6.1AI score0.00377EPSS
Exploits1References1Affected Software1
ptsecurity
ptsecurity
added 2025/04/17 12:0 a.m.4 views

PT-2025-17234 · Seo Panel · Seo Panel

Name of the Vulnerable Software and Affected Versions: Seo Panel version 4.11.0 Description: An issue in the Proxy Manager component allows a remote attacker to obtain sensitive information. Recommendations: For Seo Panel version 4.11.0, at the moment, there is no information about a newer versio...

7.6CVSS6AI score0.00377EPSS
Exploits1References7
cvelist
cvelist
added 2025/04/17 12:0 a.m.19 views

CVE-2025-29452

An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Proxy Manager component...

0.00377EPSS
Exploits1References1
osv
osv
added 2025/04/17 12:0 a.m.7 views

CVE-2025-29452

An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Proxy Manager component...

7.6CVSS6.3AI score0.00377EPSS
Exploits1References3
amazon
amazon
added 2024/10/16 12:0 a.m.5 views

Medium: python-urllib3

Issue Overview: urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possib...

6.5CVSS7AI score0.01141EPSS
Exploits1
bdu_fstec
bdu_fstec
added 2024/10/03 12:0 a.m.8 views

The vulnerability of the `requestLetsEncryptSslWithDnsChallenge` function in the NGINX Proxy Manager proxy server allows a attacker to execute arbitrary code.

The vulnerability of the requestLetsEncryptSslWithDnsChallenge function in the NGINX Proxy Manager proxy server is related to the lack of data cleansing measures at the management level. Exploiting this vulnerability could allow an attacker to execute arbitrary commands...

10CVSS7.4AI score0.01335EPSS
Exploits3References6Affected Software1
Rows per page
Query Builder