Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
16061.1%CRITICAL

Related CVEs

6
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2025-50579A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration enables attackers to intercept tokens using a simple browser script and exfiltrate them to a remote attacker-controlled server, potentially leading to unauthorized actions within the application.MEDIUM5.327.6%Aug 19, 2025
CVE-2024-46257A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let's Encrypt Certificate. NOTE: this is not part of any NGINX software shipped by F5.MEDIUM6.366.4%Sep 27, 2024
CVE-2024-46256A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate.CRITICAL9.885.7%Sep 27, 2024
CVE-2023-27224An issue found in NginxProxyManager v.2.9.19 allows an attacker to execute arbitrary code via a lua script to the configuration file.CRITICAL9.864.9%Mar 22, 2023
CVE-2023-23596jc21 NGINX Proxy Manager through 2.9.19 allows OS command injection. When creating an access list, the backend builds an htpasswd file with crafted username and/or password input that is concatenated without any validation, and is directly passed to the exec command, potentially allowing an authenticated attacker to execute arbitrary commands on the system. NOTE: this is not part of any NGINX software shipped by F5.HIGH8.8Jan 20, 2023
CVE-2019-15517jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f directory traversal.NONEAug 23, 2019