Lucene search
K

10 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-0460

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00699EPSS
Exploits0References6
NVD
NVD
added 2024/01/29 5:15 p.m.31 views

CVE-2024-23828

Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF attack when changing the value of testconfigcmd or startcmd. This vulnerability exists due to an incomplete fix for CVE-2024-22197 and CVE-2024-22198. This...

8.8CVSS7.9AI score0.01054EPSS
Exploits0References1
Prion
Prion
added 2024/01/29 5:15 p.m.19 views

Design/Logic Flaw

Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF attack when changing the value of testconfigcmd or startcmd. This vulnerability exists due to an incomplete fix for CVE-2024-22197 and CVE-2024-22198. This...

6.5CVSS8.7AI score0.04088EPSS
Exploits3References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/29 4:49 p.m.18 views

CVE-2024-23828 Nginx-UI authenticated RCE through injecting into the application config via CRLF

Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF attack when changing the value of testconfigcmd or startcmd. This vulnerability exists due to an incomplete fix for CVE-2024-22197 and CVE-2024-22198. This...

8.8CVSS7AI score0.01054EPSS
Exploits0References1
NVD
NVD
added 2024/01/29 4:15 p.m.15 views

CVE-2024-23827

Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the...

9.8CVSS9.8AI score0.00699EPSS
Exploits0References1
Prion
Prion
added 2024/01/29 4:15 p.m.24 views

Remote code execution

Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the...

7.5CVSS8.1AI score0.00699EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/29 4:7 p.m.13 views

CVE-2024-23827 Nginx-UI arbitrary file write through the Import Certificate feature

Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the...

9.8CVSS7.7AI score0.00699EPSS
Exploits0References1
OSV
OSV
added 2024/01/29 4:7 p.m.36 views

CVE-2024-23827 Nginx-UI arbitrary file write through the Import Certificate feature

Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the...

9.8CVSS9.5AI score0.00699EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2024/01/29 12:0 a.m.26 views

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the...

9.8CVSS8.1AI score0.00699EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/01/29 12:0 a.m.46 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF attack when changing the value of testconfigcmd or startcmd. This vulnerability exists due to an incomplete fix for CVE-2024-22197 and CVE-2024-22198. This...

8.8CVSS7.3AI score0.01054EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder