Lucene search
K

6467 matches found

Nuclei
Nuclei
added 11 hours ago84 views

Xiaomi Mi WiFi R3G Routers - Local file Inclusion

Xiaomi Mi WiFi R3G devices before 2.28.23-stable are susceptible to local file inclusion vulnerabilities via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability, the attacker can bypass authentication. id: CVE-2019-18371...

7.5CVSS7AI score0.55872EPSS
Exploits2References5
Nuclei
Nuclei
added 11 hours ago39 views

Nginx UI < 2.3.3 - Information Disclosure

Nginx UI 2.3.3 contains an information disclosure vulnerability caused by unauthenticated access to /api/backup endpoint exposing encryption keys in X-Backup-Security header, letting unauthenticated attackers download and decrypt full system backups. id: CVE-2026-27944 info: name: Nginx UI 2.3.3 ...

9.8CVSS6.9AI score0.22162EPSS
Exploits13References3
Nuclei
Nuclei
added 11 hours ago21 views

Nginx UI - Broken Access Control

Network attackers can fully control nginx service, including config modification and service restart, leading to complete service takeover. id: CVE-2026-33032 info: name: Nginx UI - Broken Access Control author: DhiyaneshDk severity: critical description: | Network attackers can fully control ngi...

9.8CVSS7.1AI score0.38477EPSS
Exploits4References3
Nuclei
Nuclei
added 11 hours ago42 views

WordPress Varnish/Nginx Proxy Caching <= 1.8.3 - Information Exposure

Razvan Stanga Varnish/Nginx Proxy Caching = 1.8.3 contains an insertion of sensitive information into sent data vulnerability caused by improper handling of embedded sensitive data, letting attackers retrieve sensitive information, exploit requires crafted requests. id: CVE-2025-62126 info: name:...

5.3CVSS6.1AI score0.00659EPSS
Exploits0References3
Nuclei
Nuclei
added 11 hours ago82 views

Discourse Backup File Disclosure Via Default Nginx Configuration

Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use FileStore--LocalStore which means uploads and backups are stored locally on disk. If an attacker knows the name of the Discourse backup file, the attacker can trick...

7.5CVSS7AI score0.25431EPSS
Exploits0References2
Rockylinux
Rockylinux
added yesterday5 views

nginx:1.24 security, bug fix, and enhancement update

An update is available for nginx, module.nginx. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list nginx is a web and proxy server supporting HTTP and other...

9.2CVSS7.4AI score0.03459EPSS
Exploits1
RedHat Linux
RedHat Linux
added yesterday6 views

Important: Red Hat Security Advisory: nginx:1.24 security, bug fix, and enhancement update

An update for the nginx:1.24 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.2CVSS7.4AI score0.03459EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added yesterday5 views

nginx: NGINX: Arbitrary code execution or Denial of Service via heap-based buffer overflow with crafted HTTP/2 headers

A flaw was found in NGINX. When NGINX is configured to proxy HTTP/2 traffic using the ngxhttpproxyv2module or ngxhttpgrpcmodule with specific settings, a remote, unauthenticated attacker can send specially crafted large headers. This can trigger a heap-based buffer overflow, leading to a restart ...

9.2CVSS7.2AI score0.03459EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday29 views

Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-url` Annotation

A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the auth-url Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...

8.8CVSS6.9AI score0.31809EPSS
Exploits8References3
Nuclei
Nuclei
added yesterday44 views

Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-tls-match-cn` Annotation

A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of...

8.8CVSS6.9AI score0.34677EPSS
Exploits7References3
Nuclei
Nuclei
added yesterday45 views

Ingress-Nginx Controller - Configuration Injection via Unsanitized Mirror Annotations

A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the mirror-target and mirror-host Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx...

8.8CVSS6.9AI score0.83066EPSS
Exploits7References3
Tenable Nessus
Tenable Nessus
added 4 days ago6 views

MiracleLinux 9 : nginx-1.20.1-28.el9_8.2.ML.1 (AXSA:2026-1233:04)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-1233:04 advisory. nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 Tenable has extracted the preceding description block directly from the MiracleLinux...

9.2CVSS7.2AI score0.61469EPSS
Exploits40References2
Chainguard
Chainguard
added 5 days ago7 views

GHSA-XCGV-8MV7-V8C7 vulnerabilities

Vulnerabilities for packages: apko, consul, rekor-fips, gatekeeper-fips, knative-operator-fips, mattermost-fips, buildkite-agent-fips, prometheus-operator, buildkitd-fips, vault-secrets-operator, buildah-fips, frankenphp-8.2, pinact, traefik-fips, docker-cli-fips, kubernetes-dashboard,...

6.1AI score
Exploits0
OSV
OSV
added 5 days ago3 views

RHSA-2026:36639 Red Hat Security Advisory: nginx:1.26 security, bug fix, and enhancement update

Bulletin has no description...

8.1CVSS7AI score0.03459EPSS
Exploits1References8
OSV
OSV
added 5 days ago2 views

RHSA-2026:36618 Red Hat Security Advisory: nginx:1.24 security, bug fix, and enhancement update

Bulletin has no description...

8.1CVSS7.1AI score0.03459EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 5 days ago5 views

RockyLinux 9 : nginx:1.26 (RLSA-2026:36639)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:36639 advisory. nginx: NGINX: Arbitrary code execution or Denial of Service via heap-based buffer overflow with crafted HTTP/2 headers CVE-2026-42055 Bug Fixes and Enhancements:...

9.2CVSS7.5AI score0.03459EPSS
Exploits1References3
Rockylinux
Rockylinux
added 6 days ago6 views

nginx:1.26 security, bug fix, and enhancement update

An update is available for nginx, module.nginx. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list nginx is a web and proxy server supporting HTTP and other...

9.2CVSS7.9AI score0.03459EPSS
Exploits1
Rockylinux
Rockylinux
added 6 days ago5 views

nginx security, bug fix, and enhancement update

An update is available for nginx. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list nginx is a web and proxy server supporting HTTP and other protocols, with a...

9.2CVSS6.8AI score0.03459EPSS
Exploits1
Rockylinux
Rockylinux
added 6 days ago5 views

nginx:1.24 security, bug fix, and enhancement update

An update is available for nginx, module.nginx. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list nginx is a web and proxy server supporting HTTP and other...

9.2CVSS6.8AI score0.03459EPSS
Exploits1
RedHat Linux
RedHat Linux
added 6 days ago9 views

Important: Red Hat Security Advisory: nginx:1.26 security, bug fix, and enhancement update

An update for the nginx:1.26 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.2CVSS7.9AI score0.03459EPSS
Exploits1References2
Rows per page
Query Builder