Exposure of Nginx
Reverse proxies, Web servers230
exposure score
2,234,039
sites use
0
exploited
11
critical
CVEs
132 resultsCVE-2026-42222HIGHnginx-ui: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeoverEPSS 0.3%CVE-2026-42926MEDIUMNGINX ngx_http_proxy_v2_module vulnerabilityEPSS 0.3%CVE-2024-10318MEDIUMNGINX OpenID Connect VulnerabilityEPSS 0.3%CVE-2024-56236MEDIUMWordPress Hestia Nginx Cache plugin <= 2.4.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.3%CVE-2026-32647HIGHNGINX ngx_http_mp4_module vulnerabilityEPSS 0.3%CVE-2026-33026CRITICALnginx-ui Backup Restore Allows Tampering with Encrypted BackupsEPSS 0.3%CVE-2022-27495MEDIUMOn all versions 1.3.x (fixed in 1.4.0) NGINX Service Mesh control plane endpoints are exposed to the cluster overlay network. Note: SoftwareEPSS 0.3%CVE-2020-5866—In versions of NGINX Controller prior to 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses EPSS 0.3%CVE-2024-7347MEDIUMNGINX MP4 module vulnerabilityEPSS 0.3%CVE-2026-44015HIGHNginx UI: Server-Side Request Forgery (SSRF) via Cluster Proxy Middleware Allows Access to Internal ServicesEPSS 0.3%CVE-2026-42220MEDIUMnginx-ui: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollbackEPSS 0.3%CVE-2026-42223MEDIUMnginx-ui: Settings API Exposes Protected SecretsEPSS 0.3%CVE-2020-5895—On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or uEPSS 0.3%CVE-2026-32682HIGHNGINX Gateway Fabric vulnerabilityEPSS 0.3%CVE-2026-27784HIGHNGINX ngx_http_mp4_module vulnerabilityEPSS 0.3%CVE-2026-33030HIGHNginx UI: Unencrypted Storage of DNS API Tokens and ACME Private KeysEPSS 0.3%CVE-2026-24513LOWingress-nginx auth-url protection bypassEPSS 0.3%CVE-2026-33031HIGHNginx-UI: Disabled users retain full API access through previously issued bearer tokensEPSS 0.3%CVE-2026-28753MEDIUMNGINX ngx_mail_proxy_module vulnerabilityEPSS 0.3%CVE-2026-2145MEDIUMcym1102 nginxWebUI Web Management check cross site scriptingEPSS 0.3%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →