Exposure of Nginx
Reverse proxies, Web servers230
exposure score
2,234,039
sites use
0
exploited
11
critical
CVEs
132 resultsCVE-2026-42934MEDIUMNGINX ngx_http_charset_module vulnerabilityEPSS 0.7%CVE-2024-23827CRITICALNginx-UI arbitrary file write through the Import Certificate featureEPSS 0.7%CVE-2021-25748HIGHIngress-nginx `path` sanitization can be bypassed with newline characterEPSS 0.7%CVE-2025-6213HIGHNginx Cache Purge Preload <= 2.1.1 - Authenticated (Administrator+) Remote Code ExecutionEPSS 0.7%CVE-2026-40701MEDIUMNGINX ngx_http_ssl_module vulnerabilityEPSS 0.7%CVE-2025-62126MEDIUMWordPress Varnish/Nginx Proxy Caching plugin <= 1.8.3 - Sensitive Data Exposure vulnerabilityEPSS 0.7%CVE-2022-35241MEDIUMNGINX Instance Manager vulnerability CVE-2022-35241EPSS 0.6%CVE-2024-49367MEDIUMNginx UI's log path can be controlledEPSS 0.6%CVE-2024-39792HIGHNGINX Plus MQTT vulnerabilityEPSS 0.6%CVE-2026-11311HIGHNGINX Gateway Fabric vulnerabilityEPSS 0.6%CVE-2022-30535MEDIUMNGINX Ingress Controller vulnerability CVE-2022-30535EPSS 0.6%CVE-2024-22196HIGHAuthenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270)EPSS 0.6%CVE-2024-49366HIGHNginx UI's json field can construct a directory traversal payload, causing arbitrary files to be writtenEPSS 0.6%CVE-2025-1695MEDIUMNGINX Unit Java VulnerabilityEPSS 0.5%CVE-2022-23008—On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisEPSS 0.5%CVE-2021-23018—Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x before 3.4.0 namespace are using cleartext protocEPSS 0.5%CVE-2026-33028HIGHNginx UI: Race Condition Leads to Persistent Data Corruption and Service CollapseEPSS 0.5%CVE-2026-27651HIGHNGINX ngx_mail_auth_http_module vulnerabilityEPSS 0.5%CVE-2023-28656HIGHNGINX Management Suite vulnerabilityEPSS 0.5%CVE-2024-3738HIGHcym1102 nginxWebUI saveCmd handlePath certificate validationEPSS 0.5%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →