Where
-Infinity
0

Trending

Last week
Last month
Last year

Nginx UI Nginx UINginx UI: Server-Side Request Forgery (SSRF) via Cluster Proxy Middleware Allows Access to Internal Services

Risk 82
Severity
9.9
First published (updated )
CVE-2026-44015

nginx-ui Nginx UIUnauthenticated Remote Code Execution via Backup Restore in nginx-ui

Risk 86
Severity
9
First published (updated )
CVE-2026-42238

Nginx UI nginx-uinginx-ui: Settings API Exposes Protected Secrets

Risk 38
Severity
6.5
First published (updated )
CVE-2026-42223

nginx-ui nginx-uinginx-ui: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeover

Risk 86
Severity
9.8
First published (updated )
CVE-2026-42222

Nginx UI nginx-uinginx-ui: Unauthenticated First-Run Installer Allows Remote Initial Admin Claim

Risk 86
Severity
9.8
First published (updated )
CVE-2026-42221
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

nginx-ui nginx-uinginx-ui: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollback

Risk 38
Severity
6.5
First published (updated )
CVE-2026-42220

Nginx UI Nginx UINginx-UI vulnerable to Cross-Site WebSocket Hijacking (CSWSH) via missing origin validation on all WebSocket endpoints

Risk 59
Severity
5.5
First published (updated )
CVE-2026-34403

Nginx Nginx UINginx-UI: Disabled users retain full API access through previously issued bearer tokens

Risk 62
Severity
8.6
First published (updated )
CVE-2026-33031

go/github.com/0xJacky/Nginx-UINginx UI: Unauthenticated MCP Endpoint Allows Remote Nginx Takeover

Risk 90
Severity
9.8
First published (updated )
CVE-2026-33032

go/github.com/0xJacky/nginx-uiNginx UI: Unencrypted Storage of DNS API Tokens and ACME Private Keys

Risk 82
Severity
9.9
First published (updated )
CVE-2026-33030
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

go/github.com/0xJacky/Nginx-UINginx UI: DoS via Negative Integer Input in Logrotate Interval

Risk 36
Severity
6.9
First published (updated )
CVE-2026-33029

go/github.com/uozi-tech/cosyNginx UI: Race Condition Leads to Persistent Data Corruption and Service Collapse

Risk 70
Severity
7.1
First published (updated )
CVE-2026-33028

go/github.com/0xJacky/Nginx-UINginx UI: Improper Path Validation Allows Recursive Deletion of the Nginx Configuration Directory

Risk 36
Severity
6.9
First published (updated )
CVE-2026-33027

go/github.com/0xJacky/Nginx-UInginx-ui Backup Restore Allows Tampering with Encrypted Backups

Risk 75
Severity
9.4
First published (updated )
CVE-2026-33026

Nginx Nginx UINginx UI: Unauthenticated Backup Download with Encryption Key Disclosure

Risk 61
Severity
9.8
EPSS
0.05%
First published (updated )
CVE-2026-27944
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

NginxUI Nginx UIUnchecked logrotate settings lead to arbitrary command execution

Risk 69
Severity
8.9
EPSS
25.67%
First published (updated )
CVE-2024-49368

NginxUI Nginx UINginx UI's log path can be controlled

Risk 31
Severity
5.5
EPSS
0.04%
First published (updated )
CVE-2024-49367

NginxUI Nginx UINginx UI's json field can construct a directory traversal payload, causing arbitrary files to be written

Risk 31
Severity
7.7
EPSS
0.14%
First published (updated )
CVE-2024-49366

NginxUI Nginx UINginx-UI authenticated RCE through injecting into the application config via CRLF

Risk 58
Severity
8.8
EPSS
0.05%
First published (updated )
CVE-2024-23828

NginxUI Nginx UINginx-UI arbitrary file write through the Import Certificate feature

Risk 62
Severity
9.8
EPSS
0.17%
First published (updated )
CVE-2024-23827
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

NginxUI Nginx UIAuthenticated (user role) arbitrary command execution by modifying `start_cmd` setting (GHSL-2023-268)

Risk 58
Severity
8.8
EPSS
0.42%
First published (updated )
CVE-2024-22198

NginxUI Nginx UIAuthenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269)

Risk 58
Severity
8.8
EPSS
0.11%
First published (updated )
CVE-2024-22197

NginxUI Nginx UIAuthenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270)

Risk 41
Severity
7
EPSS
0.05%
First published (updated )
CVE-2024-22196

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203