Exposure of Nginx
Reverse proxies, Web servers230
exposure score
2,234,039
sites use
0
exploited
11
critical
CVEs
132 resultsCVE-2024-23828HIGHNginx-UI authenticated RCE through injecting into the application config via CRLFEPSS 1.1%CVE-2020-5864—In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by defEPSS 1.0%CVE-2020-5894—On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out.EPSS 1.0%CVE-2020-5911—In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL EPSS 1.0%CVE-2026-33029MEDIUMNginx UI: DoS via Negative Integer Input in Logrotate IntervalEPSS 0.9%CVE-2026-42946HIGHNGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerabilityEPSS 0.9%CVE-2026-40519HIGHNginx Proxy Manager Authenticated RCE via setupCertbotPlugins()EPSS 0.9%CVE-2024-3736MEDIUMcym1102 nginxWebUI upload unrestricted uploadEPSS 0.9%CVE-2024-35200MEDIUMNGINX HTTP/3 QUIC vulnerabilityEPSS 0.9%CVE-2024-24990HIGHNGINX HTTP/3 QUIC vulnerabilityEPSS 0.9%CVE-2024-3737MEDIUMcym1102 nginxWebUI addOver findCountByQuery path traversalEPSS 0.9%CVE-2020-8553MEDIUMKubernetes ingress-nginx Compromise of auth via subset/superset namespace namesEPSS 0.9%CVE-2026-8711CRITICALNGINX JavaScript vulnerabilityEPSS 0.9%CVE-2024-31079MEDIUMNGINX HTTP/3 QUIC vulnerabilityEPSS 0.9%CVE-2024-34161MEDIUMNGINX HTTP/3 QUIC vulnerabilityEPSS 0.9%CVE-2024-32760MEDIUMNGINX HTTP/3 QUIC vulnerabilityEPSS 0.8%CVE-2024-3740MEDIUMcym1102 nginxWebUI reload exec deserializationEPSS 0.8%CVE-2026-42238CRITICALUnauthenticated Remote Code Execution via Backup Restore in nginx-uiEPSS 0.8%CVE-2022-41741HIGHNGINX ngx_http_mp4_module vulnerability CVE-2022-41741EPSS 0.8%CVE-2021-23055—On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller doesEPSS 0.7%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →