Lucene search
+L

96 matches found

SUSE CVE
SUSE CVE
added 2026/03/25 12:26 a.m.4 views

SUSE CVE-2026-27944

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to...

9.8CVSS6.7AI score0.22162EPSS
Exploits13References3
VulnCheck KEV
VulnCheck KEV
added 2026/03/19 12:0 a.m.115 views

VulnCheck KEV: CVE-2026-27944

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to...

9.8CVSS5.8AI score0.22162EPSS
In wildExploits13References38
GithubExploit
GithubExploit
added 2026/03/14 2:43 a.m.167 views

Exploit for Missing Encryption of Sensitive Data in Nginxui Nginx_Ui

CVE-2026-27944 POC: Nginx UI Unauthenticated Backup Download +...

9.8CVSS5.9AI score0.22162EPSS
Exploits13
Packet Storm
Packet Storm
added 2026/03/11 12:0 a.m.214 views

📄 Nginx UI 2.3.3 Unauthenticated Backup Disclosure / Decryption

This Python proof‑of‑concept demonstrates an unauthenticated information disclosure vulnerability in Nginx UI tracked as CVE-2026-27944. The vulnerability allows a remote attacker to access the /api/backup endpoint without authentication and retrieve a backup archive of the server configuration...

9.8CVSS5.8AI score0.22162EPSS
Exploits13
RedhatCVE
RedhatCVE
added 2026/03/06 7:45 p.m.6 views

CVE-2026-27944

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to...

9.8CVSS5.7AI score0.22162EPSS
Exploits13References1
NVD
NVD
added 2026/03/05 7:16 p.m.9 views

CVE-2026-27944

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to...

9.8CVSS0.22162EPSS
Exploits13References1
Snyk
Snyk
added 2026/03/05 6:26 p.m.8 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the InitRouter handling of /backup. An attacker can gain access to sensitive backup archives and decrypt confidential data by sending unauthenticated requests to the /api/backup endpoint,...

9.8CVSS5.8AI score0.22162EPSS
Exploits13References2
Github Security Blog
Github Security Blog
added 2026/03/05 6:26 p.m.21 views

Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure

Summary The /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to download a full system backup containing sensitive data user credentials,...

9.8CVSS6AI score0.22162EPSS
Exploits13References6Affected Software1
EUVD
EUVD
added 2026/03/05 6:26 p.m.5 views

EUVD-2026-9847

Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure...

9.8CVSS5.9AI score0.22162EPSS
Exploits13References4
OSV
OSV
added 2026/03/05 6:26 p.m.9 views

GHSA-G9W5-QFFC-6762 Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure

Summary The /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to download a full system backup containing sensitive data user credentials,...

9.8CVSS6AI score0.22162EPSS
Exploits13References6
Vulnrichment
Vulnrichment
added 2026/03/05 4:28 p.m.3 views

CVE-2026-27944 Nginx UI: Unauthenticated Backup Download with Encryption Key Disclosure

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to...

9.8CVSS5.7AI score0.22162EPSS
Exploits13References1
ATTACKERKB
ATTACKERKB
added 2026/03/05 4:28 p.m.26 views

CVE-2026-27944

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to...

9.8CVSS5.9AI score0.22162EPSS
Exploits13References2Affected Software1
OSV
OSV
added 2026/03/05 4:28 p.m.7 views

CVE-2026-27944 Nginx UI: Unauthenticated Backup Download with Encryption Key Disclosure

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to...

9.8CVSS5.8AI score0.22162EPSS
Exploits13References3
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.12 views

PT-2026-23481

Name of the Vulnerable Software and Affected Versions Nginx UI versions prior to 2.3.3 Description Nginx UI is a web user interface for the Nginx web server. A critical flaw exists where the '/api/backup' endpoint is accessible without authentication. When this endpoint is accessed, the server...

10CVSS7.2AI score0.22162EPSS
Exploits15References211
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/05 12:0 a.m.12 views

Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure

The /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to download a full system backup containing sensitive data user credentials, session...

9.8CVSS6AI score0.22162EPSS
Exploits13References7Affected Software1
CNVD
CNVD
added 2026/02/11 12:0 a.m.4 views

Unspecified Vulnerability in HCL AION (CNVD-2026-16402)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that stems from a missing or insecure HTTP Strict Transport Security header, which can be exploited by an attacker to cause a man-in-the-middle attack...

8.1CVSS5.8AI score0.00199EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/04 7:28 p.m.9 views

CVE-2025-52631

HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security HSTS Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. This issue affects AION: 2.0...

8.1CVSS5.4AI score0.00199EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/14 7:5 p.m.8 views

CVE-2025-13488

Due to a regression introduced in version 3.83.0, a security header is no longer applied to certain user-uploaded content served from repositories. This may allow an authenticated attacker with repository upload privileges to exploit a stored cross-site scripting XSS vulnerability with user conte...

5.1CVSS5.6AI score0.00287EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/04 9:31 p.m.6 views

EUVD-2025-201259

Due to a regression introduced in version 3.83.0, a security header is no longer applied to certain user-uploaded content served from repositories. This may allow an authenticated attacker with repository upload privileges to exploit a stored cross-site scripting XSS vulnerability with user conte...

5.1CVSS5.2AI score0.00287EPSS
Exploits0References3
NVD
NVD
added 2025/12/04 7:16 p.m.7 views

CVE-2025-13488

Due to a regression introduced in version 3.83.0, a security header is no longer applied to certain user-uploaded content served from repositories. This may allow an authenticated attacker with repository upload privileges to exploit a stored cross-site scripting XSS vulnerability with user conte...

5.1CVSS0.00287EPSS
Exploits0References2
Rows per page
Query Builder