Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nginx vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-28101
The Apollo Router is a graph router written in Rust to run a federated supergraph that uses Apollo Federation. Versions 0.9.5 until 1.40.2 are subject to a Denial-of-Service (DoS) type vulnerability. When receiving compressed HTTP payloads, affected versions of the Router evaluat...
NA
CVE-2024-24827
Discourse is an open source platform for community discussion. Without a rate limit on the POST /uploads endpoint, it makes it easier for an malicious user to carry out a DoS attack on the server since creating an upload can be a resource intensive process. Do note that the impac...
NA
CVE-2024-24562
vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit `68dfa6614` which is expected to be included in future releases. Users are advised to upgrade when a new rele...
NA
CVE-2024-26615
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix illegal rmb_desc access in SMC-D connection dump A crash was found when dumping SMC-D connections. It can be reproduced by following steps: - run nginx/wrk test: smc_run nginx smc_run wrk -t 16 -c 10...
NA
CVE-2024-24989
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC a...
NA
CVE-2024-24990
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC a...
5.3
CVSSv3
CVE-2024-22200
vantage6-UI is the User Interface for vantage6. The docker image used to run the UI leaks the nginx version. To mitigate the vulnerability, users can run the UI as an angular application. This vulnerability was patched in 4.2.0.
Vantage6 Vantage6-ui
8.8
CVSSv3
CVE-2024-23828
Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF attack when changing the value of test_config_cmd or start_cmd. This vulnerability exists due to an incomplete fix for CVE-2024-22197 and CVE-2024...
Nginxui Nginx Ui
Nginxui Nginx Ui 2.0.0
9.8
CVSSv3
CVE-2024-23827
Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possib...
Nginxui Nginx Ui 2.0.0
Nginxui Nginx Ui 1.2.0
Nginxui Nginx Ui 1.2.1
Nginxui Nginx Ui 1.2.2
Nginxui Nginx Ui 1.3.0
Nginxui Nginx Ui 1.3.1
Nginxui Nginx Ui 1.3.2
Nginxui Nginx Ui 1.3.3
Nginxui Nginx Ui 1.4.0
Nginxui Nginx Ui 1.4.1
Nginxui Nginx Ui 1.4.2
Nginxui Nginx Ui 1.5.0
Nginxui Nginx Ui 1.5.1
Nginxui Nginx Ui 1.5.2
Nginxui Nginx Ui 1.6.0
Nginxui Nginx Ui 1.6.1
Nginxui Nginx Ui 1.6.2
Nginxui Nginx Ui 1.6.3
Nginxui Nginx Ui 1.6.5
Nginxui Nginx Ui 1.6.6
Nginxui Nginx Ui 1.6.7
Nginxui Nginx Ui 1.6.8
9.8
CVSSv3
CVE-2023-50919
An issue exists on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4....
Gl-inet Gl-ax1800 Firmware 4.3.7
Gl-inet Gl-ax1800 Firmware 4.4.6
Gl-inet Gl-axt1800 Firmware 4.3.7
Gl-inet Gl-axt1800 Firmware 4.4.6
Gl-inet Gl-mt3000 Firmware 4.3.7
Gl-inet Gl-mt3000 Firmware 4.4.6
Gl-inet Gl-mt2500 Firmware 4.3.7
Gl-inet Gl-mt2500 Firmware 4.4.6
Gl-inet Gl-mt6000 Firmware 4.3.7
Gl-inet Gl-mt6000 Firmware 4.4.6
Gl-inet Gl-mt1300 Firmware 4.3.7
Gl-inet Gl-mt1300 Firmware 4.4.6
Gl-inet Gl-mt300n-v2 Firmware 4.3.7
Gl-inet Gl-mt300n-v2 Firmware 4.4.6
Gl-inet Gl-ar750s Firmware 4.3.7
Gl-inet Gl-ar750s Firmware 4.4.6
Gl-inet Gl-ar750 Firmware 4.3.7
Gl-inet Gl-ar750 Firmware 4.4.6
Gl-inet Gl-ar300m Firmware 4.3.7
Gl-inet Gl-ar300m Firmware 4.4.6
Gl-inet Gl-b1300 Firmware 4.3.7
Gl-inet Gl-b1300 Firmware 4.4.6
1 Metasploit module
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »