Lucene search
K
Jc21Nginx Proxy Manager

7 matches found

CVE
CVE
added 2024/09/27 12:0 a.m.99 views

CVE-2024-46257

CVE-2024-46257 describes a command-injection vulnerability in NginxProxyManager 2.11.3, specifically in the requestLetsEncryptSslWithDnsChallenge path, enabling remote code execution when adding a Let’s Encrypt certificate. Multiple connected sources corroborate that the flaw allows RCE and perta...

6.3CVSS8.1AI score0.03084EPSS
CVE
CVE
added 2024/07/04 12:0 a.m.96 views

CVE-2024-39935

CVE-2024-39935 affects jc21 NGINX Proxy Manager before 2.11.3. The vulnerability enables an authenticated user with certificate-management privileges to execute OS commands via untrusted input to the DNS provider configuration in the backend/internal/certificate.js, with potential for full impact...

8.8CVSS7.4AI score0.00882EPSS
CVE
CVE
added 2024/09/27 12:0 a.m.96 views

CVE-2024-46256

CVE-2024-46256 affects NginxProxyManager 2.11.3 and is due to a command injection in the requestLetsEncryptSsl routine that enables remote code execution when adding a Let’s Encrypt certificate. The Red Hat/OSV/NVD entries corroborate the same vulnerability description (CVE-2024-46256) and identi...

9.8CVSS7.1AI score0.03084EPSS
CVE
CVE
added 2023/03/22 12:0 a.m.91 views

CVE-2023-27224

CVE-2023-27224 affects NginxProxyManager v2.9.19. A vulnerability allows remote attackers to execute arbitrary code by injecting a Lua script into the configuration file, due to insufficient input/data sanitization at the management level. This is described across multiple sources, and the impact...

9.8CVSS9.5AI score0.01218EPSS
CVE
CVE
added 2019/08/23 2:53 p.m.87 views

CVE-2019-15517

jc21 Nginx Proxy Manager

5.5CVSS5.5AI score0.00725EPSS
CVE
CVE
added 2023/01/20 12:0 a.m.82 views

CVE-2023-23596

CVE-2023-23596 affects jc21 NGINX Proxy Manager up to version 2.9.19. The issue arises when creating an access list: the backend builds an htpasswd file using crafted username/password inputs that are concatenated without validation and directly passed to an exec command, enabling potential OS co...

8.8CVSS9.3AI score0.15198EPSS
CVE
CVE
added 2025/08/19 12:0 a.m.26 views

CVE-2025-50579

CVE-2025-50579 affects Nginx Proxy Manager v2.12.3, where a CORS misconfiguration allows unauthorized domains to access sensitive data (JWT tokens) due to improper Origin header validation. Attack possible via a simple browser script to exfiltrate tokens to a remote server, potentially enabling u...

5.3CVSS7AI score0.00356EPSS