Exposure of Nginx

Reverse proxies, Web servers

230

exposure score

2,234,039

sites use

0

exploited

11

critical

CVEs

132 results

CVE-2021-23020—The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictaEPSS 0.3%CVE-2021-23019—The NGINX Controller 2.0.0 thru 2.9.0 and 3.x before 3.15.0 Administrator password may be exposed in the systemd.txt file that is included iEPSS 0.2%CVE-2021-23021—The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission biEPSS 0.2%CVE-2025-55740MEDIUMDefault Credentials in nginx-defender Configuration FilesEPSS 0.2%CVE-2023-1550MEDIUMNGINX Agent vulnerability CVE-2023-1550EPSS 0.2%CVE-2022-41743HIGHNGINX ngx_http_hls_module vulnerability CVE-2022-41743EPSS 0.2%CVE-2025-48360MEDIUMWordPress Varnish/Nginx Proxy Caching plugin <= 1.8.3 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2020-5899—In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is transmitted and stored in the database in plain text,EPSS 0.2%CVE-2025-12014MEDIUMNGINX Cache Optimizer <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Dynamic Caching Exclusion UpdateEPSS 0.2%CVE-2026-34403MEDIUMNginx-UI vulnerable to Cross-Site WebSocket Hijacking (CSWSH) via missing origin validation on all WebSocket endpointsEPSS 0.2%CVE-2023-28724HIGHNGINX Management Suite vulnerabilityEPSS 0.2%CVE-2026-28755MEDIUMNGINX ngx_stream_ssl_module vulnerabilityEPSS 0.1%

← previouspage 7 / 7next →

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →