Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nginx vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2020-36309
ngx_http_lua_module (aka lua-nginx-module) prior to 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header.
Openresty Lua-nginx-module
436
VMScore
CVE-2019-15517
jc21 Nginx Proxy Manager prior to 2.0.13 allows %2e%2e%2f directory traversal.
Jc21 Nginx Proxy Manager
312
VMScore
CVE-2022-28379
jc21.com Nginx Proxy Manager prior to 2.9.17 allows XSS during item deletion.
Nginxproxymanager Nginx Proxy Manager
356
VMScore
CVE-2021-23055
On version 2.x prior to 2.0.3 and 1.x prior to 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Nginx Ingress Controller
668
VMScore
CVE-2014-0133
Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 prior to 1.4.7 and 1.5.x prior to 1.5.12 allows remote malicious users to execute arbitrary code via a crafted request.
F5 Nginx
Opensuse Opensuse 13.1
NA
CVE-2020-19692
Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote malicious user to execute arbitrary code via the njs_module_read in the njs_module.c file.
Nginx Njs 2019-06-27
1 Github repository
NA
CVE-2023-27224
An issue found in NginxProxyManager v.2.9.19 allows an malicious user to execute arbitrary code via a lua script to the configuration file.
Jc21 Nginx Proxy Manager 2.9.19
772
VMScore
CVE-2013-2028
The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 up to and including 1.4.0 allows remote malicious users to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an i...
F5 Nginx
Fedoraproject Fedora 19
4 EDB exploits
7 Github repositories
490
VMScore
CVE-2022-23008
On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data...
F5 Nginx Controller Api Management
668
VMScore
CVE-2017-20005
NGINX prior to 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module.
F5 Nginx
Debian Debian Linux 9.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »