Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nginx vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2018-1002104
Versions < 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly.
Kubernetes Nginx Ingress Controller
3.5
CVSSv2
CVE-2022-28379
jc21.com Nginx Proxy Manager prior to 2.9.17 allows XSS during item deletion.
Nginxproxymanager Nginx Proxy Manager
7.5
CVSSv2
CVE-2020-7621
strong-nginx-controller up to and including 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the '_nginxCmd()' function.
Ibm Strongloop Nginx Controller
4.9
CVSSv2
CVE-2019-15517
jc21 Nginx Proxy Manager prior to 2.0.13 allows %2e%2e%2f directory traversal.
Jc21 Nginx Proxy Manager
NA
CVE-2023-27224
An issue found in NginxProxyManager v.2.9.19 allows an malicious user to execute arbitrary code via a lua script to the configuration file.
Jc21 Nginx Proxy Manager 2.9.19
NA
CVE-2020-19692
Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote malicious user to execute arbitrary code via the njs_module_read in the njs_module.c file.
Nginx Njs 2019-06-27
1 Github repository
5.5
CVSSv2
CVE-2022-23008
On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data...
F5 Nginx Controller Api Management
7.5
CVSSv2
CVE-2013-2028
The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 up to and including 1.4.0 allows remote malicious users to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an i...
F5 Nginx
Fedoraproject Fedora 19
4 EDB exploits
7 Github repositories
7.5
CVSSv2
CVE-2014-0133
Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 prior to 1.4.7 and 1.5.x prior to 1.5.12 allows remote malicious users to execute arbitrary code via a crafted request.
F5 Nginx
Opensuse Opensuse 13.1
7.5
CVSSv2
CVE-2017-20005
NGINX prior to 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module.
F5 Nginx
Debian Debian Linux 9.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »