Lucene search
K

111 matches found

RubySec
RubySec
added 2025/10/10 12:0 a.m.8 views

Rack has a Possible Information Disclosure Vulnerability

Summary A possible information disclosure vulnerability existed in Rack::Sendfile when running behind a proxy that supports x-sendfile headers such as Nginx. Specially crafted headers could cause Rack::Sendfile to miscommunicate with the proxy and trigger unintended internal requests, potentially...

5.8CVSS6.1AI score0.00434EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2019-6503

Malware in sbrugna...

5.5CVSS5.5AI score0.00725EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/06 6:14 a.m.5 views

CVE-2025-59951

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The official Docker image for Termix versions 1.5.0 and below, due to being configured with an Nginx reverse proxy, causes the backend to retrieve the proxy's IP instead of the client's I...

9.2CVSS6.6AI score0.0465EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-52779

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.00657EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.29 views

EUVD-2025-25216

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.00356EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.16 views

EUVD-2022-32824

Malicious code in bioql PyPI...

6.8CVSS5.2AI score0.71209EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.22 views

EUVD-2023-27696

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.15198EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/10/01 9:52 p.m.8 views

CVE-2025-59951 Termix' official Docker image contains an authentication bypass vulnerability

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The official Docker image for Termix versions 1.5.0 and below, due to being configured with an Nginx reverse proxy, causes the backend to retrieve the proxy's IP instead of the client's I...

9.2CVSS0.0465EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/08/29 4:24 p.m.6 views

Versity panic induced by AWS chunked data sent to port

Sending AWS chunk data with no Content-Length HTTP header causes the panic, every time. Reproduction Setup versity server running on port 7071, no SSL for ease of packet tracing with tshark. Problem can be reproduced with or without SSL on the versity end. Use nginx to reverse proxy on port 7070...

7.1AI score
Exploits0References4Affected Software1
NVD
NVD
added 2025/08/28 1:15 p.m.5 views

CVE-2025-48360

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Razvan Stanga Varnish/Nginx Proxy Caching vcaching allows Stored XSS.This issue affects Varnish/Nginx Proxy Caching: from n/a through = 1.8.3...

5.9CVSS0.0021EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/28 12:37 p.m.11 views

CVE-2025-48360 WordPress Varnish/Nginx Proxy Caching plugin <= 1.8.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Razvan Stanga Varnish/Nginx Proxy Caching vcaching allows Stored XSS.This issue affects Varnish/Nginx Proxy Caching: from n/a through = 1.8.3...

5.9CVSS0.0021EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/28 12:37 p.m.1 views

CVE-2025-48360 WordPress Varnish/Nginx Proxy Caching plugin <= 1.8.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Razvan Stanga Varnish/Nginx Proxy Caching allows Stored XSS. This issue affects Varnish/Nginx Proxy Caching: from n/a through 1.8.3...

5.9CVSS6.9AI score0.0021EPSS
Exploits0References1
CVE
CVE
added 2025/08/28 12:37 p.m.12 views

CVE-2025-48360

CVE-2025-48360 affects the WordPress Varnish/Nginx Proxy Caching plugin (versions up to 1.8.3). The issue is an improper neutralization of input during web page generation, leading to stored XSS. Public sources in the connected data confirm this vulnerability, its association with the plugin, and...

5.9CVSS5.9AI score0.0021EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/28 12:0 a.m.4 views

WordPress plugin Varnish/Nginx Proxy Caching 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

5.9CVSS5.8AI score0.0021EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2011-4968

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nginx http proxy module does not verify peer identity of https origin server which could facilitate man- in-the-middle attack MITM CVE-2011-4968 Note that Nessu...

5.8CVSS5.3AI score0.03989EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/08/21 12:26 a.m.20 views

CVE-2025-50579

A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration enables attackers to intercept tokens using a simple browser script and exfiltrate them to a...

5.3CVSS7.1AI score0.00356EPSS
Exploits0References1
NVD
NVD
added 2025/08/19 3:15 p.m.59 views

CVE-2025-50579

A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration enables attackers to intercept tokens using a simple browser script and exfiltrate them to a...

5.3CVSS0.00356EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/19 12:0 a.m.54 views

CVE-2025-50579

A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration enables attackers to intercept tokens using a simple browser script and exfiltrate them to a...

0.00356EPSS
Exploits0References2
OSV
OSV
added 2025/08/19 12:0 a.m.3 views

CVE-2025-50579

A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration enables attackers to intercept tokens using a simple browser script and exfiltrate them to a...

5.3CVSS6.8AI score0.00356EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/08/19 12:0 a.m.12 views

Nginx Proxy Manager 安全漏洞

Nginx Proxy Manager is a Docker container for Nginx Proxy Manager open source. It is used to manage Nginx proxy hosts through a simple and powerful interface. A security vulnerability exists in Nginx Proxy Manager version v2.12.3, which stems from an improperly configured CORS and could lead to a...

5.3CVSS6.7AI score0.00356EPSS
Exploits0References3
Rows per page
Query Builder