117 matches found
CVE-2025-50579
A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration enables attackers to intercept tokens using a simple browser script and exfiltrate them to a...
PT-2025-33735 · Unknown · Nginx Proxy Manager
Name of the Vulnerable Software and Affected Versions: Nginx Proxy Manager version 2.12.3 Description: A Cross-Origin Resource Sharing CORS misconfiguration allows unauthorized domains to access sensitive data, specifically JSON Web Tokens JWT, due to improper validation of the Origin header. Thi...
CVE-2025-50579
A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration enables attackers to intercept tokens using a simple browser script and exfiltrate them to a...
CVE-2025-50579
CVE-2025-50579 affects Nginx Proxy Manager v2.12.3, where a CORS misconfiguration allows unauthorized domains to access sensitive data (JWT tokens) due to improper Origin header validation. Attack possible via a simple browser script to exfiltrate tokens to a remote server, potentially enabling u...
CVE-2025-50579
A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration enables attackers to intercept tokens using a simple browser script and exfiltrate them to a...
Nginx Proxy Manager 安全漏洞
Nginx Proxy Manager is a Docker container for Nginx Proxy Manager open source. It is used to manage Nginx proxy hosts through a simple and powerful interface. A security vulnerability exists in Nginx Proxy Manager version v2.12.3, which stems from an improperly configured CORS and could lead to a...
CVE-2023-23596
jc21 NGINX Proxy Manager through 2.9.19 allows OS command injection. When creating an access list, the backend builds an htpasswd file with crafted username and/or password input that is concatenated without any validation, and is directly passed to the exec command, potentially allowing an...
CVE-2023-27224
An issue found in NginxProxyManager v.2.9.19 allows an attacker to execute arbitrary code via a lua script to the configuration file...
CVE-2022-28379
jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item deletion...
CVE-2019-15517
jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f directory traversal...
CVE-2025-29452
An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Proxy Manager component...
CVE-2025-29452
An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Proxy Manager component...
CVE-2025-29452
An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Proxy Manager component...
Seo Panel 安全漏洞
Seo Panel is a free search engine optimization software from Seo Panel Open Source. A security vulnerability exists in Seo Panel version 4.11.0, which stems from mishandling of the Proxy Manager component and could allow a remote attacker to obtain sensitive information...
CVE-2025-29452
CVE-2025-29452 affects Seo Panel 4.11.0 with a vulnerability in the Proxy Manager component that allows a remote attacker to obtain sensitive information. The issue is confirmed across multiple feeds (including Red Hat, OSV, NVD entries) and has a CVSSv3.1 base score of 7.6 ( HIGH, NETWORK attack...
PT-2025-17234 · Seo Panel · Seo Panel
Name of the Vulnerable Software and Affected Versions: Seo Panel version 4.11.0 Description: An issue in the Proxy Manager component allows a remote attacker to obtain sensitive information. Recommendations: For Seo Panel version 4.11.0, at the moment, there is no information about a newer versio...
CVE-2025-29452
An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Proxy Manager component...
CVE-2025-29452
An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Proxy Manager component...
Medium: python-urllib3
Issue Overview: urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possib...
The vulnerability of the `requestLetsEncryptSslWithDnsChallenge` function in the NGINX Proxy Manager proxy server allows a attacker to execute arbitrary code.
The vulnerability of the requestLetsEncryptSslWithDnsChallenge function in the NGINX Proxy Manager proxy server is related to the lack of data cleansing measures at the management level. Exploiting this vulnerability could allow an attacker to execute arbitrary commands...