Exposure of Nginx
Reverse proxies, Web servers230
exposure score
2,234,039
sites use
0
exploited
11
critical
CVEs
132 resultsCVE-2026-24512HIGHingress-nginx auth-method nginx configuration injectionEPSS 0.5%CVE-2026-50107HIGHNGINX Gateway Fabric vulnerabilityEPSS 0.5%CVE-2026-1580HIGHingress-nginx auth-method nginx configuration injectionEPSS 0.5%CVE-2024-7634MEDIUMNGINX Agent VulnerabilityEPSS 0.5%CVE-2025-15566HIGHingress-nginx auth-proxy-set-headers nginx configuration injectionEPSS 0.5%CVE-2026-24514MEDIUMingress-nginx Admission Controller denial of serviceEPSS 0.5%CVE-2021-23050—On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3EPSS 0.5%CVE-2020-5900—In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient cross-site request forgery (CSRF) protections for the NGINX ControlleEPSS 0.5%CVE-2020-5867—In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packageEPSS 0.4%CVE-2020-5909—In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the aEPSS 0.4%CVE-2026-48142MEDIUMNGINX ngx_http_charset_module vulnerabilityEPSS 0.4%CVE-2025-23776MEDIUMWordPress Cache Sniper for Nginx plugin <= 1.0.4.2 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-33027MEDIUMNginx UI: Improper Path Validation Allows Recursive Deletion of the Nginx Configuration DirectoryEPSS 0.4%CVE-2020-5865—In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, mEPSS 0.4%CVE-2026-40460MEDIUMNGINX ngx_quic_module vulnerabilityEPSS 0.4%CVE-2025-14727HIGHNGINX Ingress Controller vulnerabilityEPSS 0.4%CVE-2025-53859MEDIUMNGINX ngx_mail_smtp_module vulnerabilityEPSS 0.4%CVE-2025-58474MEDIUMBIG-IP Advanced WAF and ASM and NGINX App Protect DNS lookup vulnerabilityEPSS 0.4%CVE-2026-42221HIGHnginx-ui: Unauthenticated First-Run Installer Allows Remote Initial Admin ClaimEPSS 0.3%CVE-2026-1642HIGHNGINX vulnerabilityEPSS 0.3%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →