Exposure of Nginx
Reverse proxies, Web servers230
exposure score
2,234,039
sites use
0
exploited
11
critical
CVEs
132 resultsCVE-2025-1974CRITICALingress-nginx admission controller RCE escalationEPSS 99.3%CVE-2025-1098HIGHingress-nginx controller - configuration injection via unsanitized mirror annotationsEPSS 84.3%CVE-2017-7529—Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resultinEPSS 62.6%CVE-2023-5044HIGHCode injection via nginx.ingress.kubernetes.io/permanent-redirect annotationEPSS 56.6%CVE-2026-42945CRITICALNGINX ngx_http_rewrite_module vulnerabilityEPSS 53.3%CVE-2021-23017—A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cauEPSS 52.8%CVE-2018-16843MEDIUMnginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption.EPSS 47.1%CVE-2026-33032CRITICALNginx UI: Unauthenticated MCP Endpoint Allows Remote Nginx TakeoverEPSS 38.5%CVE-2025-1097HIGHingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotationEPSS 34.3%CVE-2025-24514HIGHingress-nginx controller - configuration injection via unsanitized auth-url annotationEPSS 31.4%CVE-2024-7646HIGHA security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `exEPSS 26.0%CVE-2024-49368HIGHUnchecked logrotate settings lead to arbitrary command executionEPSS 23.5%CVE-2026-27944CRITICALNginx UI: Unauthenticated Backup Download with Encryption Key DisclosureEPSS 22.2%CVE-2018-16844MEDIUMnginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issEPSS 12.4%CVE-2018-16845HIGHnginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop inEPSS 9.8%CVE-2026-27654HIGHNGINX ngx_http_dav_module vulnerabilityEPSS 7.9%CVE-2026-3288HIGHingress-nginx rewrite-target nginx configuration injectionEPSS 6.7%CVE-2024-22198HIGHAuthenticated (user role) arbitrary command execution by modifying `start_cmd` setting (GHSL-2023-268)EPSS 4.1%CVE-2011-4968—nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)EPSS 4.0%CVE-2025-24513MEDIUMingress-nginx controller - auth secret file path traversal vulnerabilityEPSS 3.5%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →