Vulnerabilidades en 0xJacky
23 resultadosCVE-2026-33032CRITICALNginx UI: Unauthenticated MCP Endpoint Allows Remote Nginx TakeoverEPSS 38.5%CVE-2024-49368HIGHUnchecked logrotate settings lead to arbitrary command executionEPSS 23.5%CVE-2026-27944CRITICALNginx UI: Unauthenticated Backup Download with Encryption Key DisclosureEPSS 22.2%CVE-2024-22198HIGHAuthenticated (user role) arbitrary command execution by modifying `start_cmd` setting (GHSL-2023-268)EPSS 4.1%CVE-2024-22197HIGHAuthenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269)EPSS 1.5%CVE-2024-23828HIGHNginx-UI authenticated RCE through injecting into the application config via CRLFEPSS 1.1%CVE-2026-33029MEDIUMNginx UI: DoS via Negative Integer Input in Logrotate IntervalEPSS 0.9%CVE-2026-42238CRITICALUnauthenticated Remote Code Execution via Backup Restore in nginx-uiEPSS 0.8%CVE-2024-23827CRITICALNginx-UI arbitrary file write through the Import Certificate featureEPSS 0.7%CVE-2024-49367MEDIUMNginx UI's log path can be controlledEPSS 0.6%CVE-2024-22196HIGHAuthenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270)EPSS 0.6%CVE-2024-49366HIGHNginx UI's json field can construct a directory traversal payload, causing arbitrary files to be writtenEPSS 0.6%CVE-2026-33028HIGHNginx UI: Race Condition Leads to Persistent Data Corruption and Service CollapseEPSS 0.5%CVE-2026-33027MEDIUMNginx UI: Improper Path Validation Allows Recursive Deletion of the Nginx Configuration DirectoryEPSS 0.4%CVE-2026-42221HIGHnginx-ui: Unauthenticated First-Run Installer Allows Remote Initial Admin ClaimEPSS 0.3%CVE-2026-42222HIGHnginx-ui: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeoverEPSS 0.3%CVE-2026-33026CRITICALnginx-ui Backup Restore Allows Tampering with Encrypted BackupsEPSS 0.3%CVE-2026-44015HIGHNginx UI: Server-Side Request Forgery (SSRF) via Cluster Proxy Middleware Allows Access to Internal ServicesEPSS 0.3%CVE-2026-42220MEDIUMnginx-ui: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollbackEPSS 0.3%CVE-2026-42223MEDIUMnginx-ui: Settings API Exposes Protected SecretsEPSS 0.3%