111 matches found
Rack has a Possible Information Disclosure Vulnerability
Summary A possible information disclosure vulnerability existed in Rack::Sendfile when running behind a proxy that supports x-sendfile headers such as Nginx. Specially crafted headers could cause Rack::Sendfile to miscommunicate with the proxy and trigger unintended internal requests, potentially...
EUVD-2019-6503
Malware in sbrugna...
CVE-2025-59951
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The official Docker image for Termix versions 1.5.0 and below, due to being configured with an Nginx reverse proxy, causes the backend to retrieve the proxy's IP instead of the client's I...
EUVD-2022-52779
Malicious code in bioql PyPI...
EUVD-2025-25216
Malicious code in bioql PyPI...
EUVD-2022-32824
Malicious code in bioql PyPI...
EUVD-2023-27696
Malicious code in bioql PyPI...
CVE-2025-59951 Termix' official Docker image contains an authentication bypass vulnerability
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The official Docker image for Termix versions 1.5.0 and below, due to being configured with an Nginx reverse proxy, causes the backend to retrieve the proxy's IP instead of the client's I...
Versity panic induced by AWS chunked data sent to port
Sending AWS chunk data with no Content-Length HTTP header causes the panic, every time. Reproduction Setup versity server running on port 7071, no SSL for ease of packet tracing with tshark. Problem can be reproduced with or without SSL on the versity end. Use nginx to reverse proxy on port 7070...
CVE-2025-48360
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Razvan Stanga Varnish/Nginx Proxy Caching vcaching allows Stored XSS.This issue affects Varnish/Nginx Proxy Caching: from n/a through = 1.8.3...
CVE-2025-48360 WordPress Varnish/Nginx Proxy Caching plugin <= 1.8.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Razvan Stanga Varnish/Nginx Proxy Caching vcaching allows Stored XSS.This issue affects Varnish/Nginx Proxy Caching: from n/a through = 1.8.3...
CVE-2025-48360 WordPress Varnish/Nginx Proxy Caching plugin <= 1.8.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Razvan Stanga Varnish/Nginx Proxy Caching allows Stored XSS. This issue affects Varnish/Nginx Proxy Caching: from n/a through 1.8.3...
CVE-2025-48360
CVE-2025-48360 affects the WordPress Varnish/Nginx Proxy Caching plugin (versions up to 1.8.3). The issue is an improper neutralization of input during web page generation, leading to stored XSS. Public sources in the connected data confirm this vulnerability, its association with the plugin, and...
WordPress plugin Varnish/Nginx Proxy Caching 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
Linux Distros Unpatched Vulnerability : CVE-2011-4968
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nginx http proxy module does not verify peer identity of https origin server which could facilitate man- in-the-middle attack MITM CVE-2011-4968 Note that Nessu...
CVE-2025-50579
A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration enables attackers to intercept tokens using a simple browser script and exfiltrate them to a...
CVE-2025-50579
A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration enables attackers to intercept tokens using a simple browser script and exfiltrate them to a...
CVE-2025-50579
A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration enables attackers to intercept tokens using a simple browser script and exfiltrate them to a...
CVE-2025-50579
A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration enables attackers to intercept tokens using a simple browser script and exfiltrate them to a...
Nginx Proxy Manager 安全漏洞
Nginx Proxy Manager is a Docker container for Nginx Proxy Manager open source. It is used to manage Nginx proxy hosts through a simple and powerful interface. A security vulnerability exists in Nginx Proxy Manager version v2.12.3, which stems from an improperly configured CORS and could lead to a...