Exposição de Nginx
Reverse proxies, Web servers230
score de exposição
2.234.039
sites usam
0
em exploração
11
críticos
CVEs
132 resultadosCVE-2020-7621—strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the '_nginxCmdEPSS 2.9%CVE-2024-3739MEDIUMcym1102 nginxWebUI upload os command injectionEPSS 2.9%CVE-2026-9256CRITICALNGINX ngx_http_rewrite_module vulnerabilityEPSS 2.6%CVE-2025-23419MEDIUMTLS Session Resumption VulnerabilityEPSS 2.6%CVE-2026-42530CRITICALNGINX Open-Source ngx_http_v3_module vulnerabilityEPSS 2.4%CVE-2023-5043HIGHIngress nginx annotation injection causes arbitrary command executionEPSS 2.2%CVE-2026-42055CRITICALNGINX ngx_http_proxy_v2_module and ngx_http_grpc_module vulnerabilityEPSS 1.8%CVE-2021-25742HIGHIngress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespacesEPSS 1.8%CVE-2020-27730—In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities.EPSS 1.7%CVE-2021-21335MEDIUMBasic Authentication can be bypassed using a malformed usernameEPSS 1.7%CVE-2022-4886HIGHIngress-nginx `path` sanitization can be bypassed with `log_format` directiveEPSS 1.6%CVE-2024-22197HIGHAuthenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269)EPSS 1.5%CVE-2026-4342HIGHingress-nginx comment-based nginx configuration injectionEPSS 1.5%CVE-2020-5901—In NGINX Controller 3.3.0-3.4.0, undisclosed API endpoints may allow for a reflected Cross Site Scripting (XSS) attack. If the victim user iEPSS 1.5%CVE-2021-25746HIGHIngress-nginx directive injection via annotationsEPSS 1.3%CVE-2020-5910—In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX ControlEPSS 1.2%CVE-2020-5863—In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged uEPSS 1.1%CVE-2021-25745HIGHIngress-nginx path can be pointed to service account token fileEPSS 1.1%CVE-2022-41742HIGHNGINX ngx_http_mp4_module vulnerability CVE-2022-41742EPSS 1.1%CVE-2024-24989HIGHNGINX HTTP/3 QUIC vulnerabilityEPSS 1.1%
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →