Exposição de Nginx
Reverse proxies, Web servers230
score de exposição
2.234.039
sites usam
0
em exploração
11
críticos
CVEs
132 resultadosCVE-2024-23828HIGHNginx-UI authenticated RCE through injecting into the application config via CRLFEPSS 1.1%CVE-2020-5864—In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by defEPSS 1.0%CVE-2020-5894—On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out.EPSS 1.0%CVE-2020-5911—In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL EPSS 1.0%CVE-2026-33029MEDIUMNginx UI: DoS via Negative Integer Input in Logrotate IntervalEPSS 0.9%CVE-2026-42946HIGHNGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerabilityEPSS 0.9%CVE-2026-40519HIGHNginx Proxy Manager Authenticated RCE via setupCertbotPlugins()EPSS 0.9%CVE-2024-3736MEDIUMcym1102 nginxWebUI upload unrestricted uploadEPSS 0.9%CVE-2024-35200MEDIUMNGINX HTTP/3 QUIC vulnerabilityEPSS 0.9%CVE-2024-24990HIGHNGINX HTTP/3 QUIC vulnerabilityEPSS 0.9%CVE-2024-3737MEDIUMcym1102 nginxWebUI addOver findCountByQuery path traversalEPSS 0.9%CVE-2020-8553MEDIUMKubernetes ingress-nginx Compromise of auth via subset/superset namespace namesEPSS 0.9%CVE-2026-8711CRITICALNGINX JavaScript vulnerabilityEPSS 0.9%CVE-2024-31079MEDIUMNGINX HTTP/3 QUIC vulnerabilityEPSS 0.9%CVE-2024-34161MEDIUMNGINX HTTP/3 QUIC vulnerabilityEPSS 0.9%CVE-2024-32760MEDIUMNGINX HTTP/3 QUIC vulnerabilityEPSS 0.8%CVE-2024-3740MEDIUMcym1102 nginxWebUI reload exec deserializationEPSS 0.8%CVE-2026-42238CRITICALUnauthenticated Remote Code Execution via Backup Restore in nginx-uiEPSS 0.8%CVE-2022-41741HIGHNGINX ngx_http_mp4_module vulnerability CVE-2022-41741EPSS 0.8%CVE-2021-23055—On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller doesEPSS 0.7%
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →