Filtered by vendor Nginxproxymanager
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-50579 | 1 Nginxproxymanager | 1 Nginx Proxy Manager | 2025-08-21 | 5.3 Medium |
| A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration enables attackers to intercept tokens using a simple browser script and exfiltrate them to a remote attacker-controlled server, potentially leading to unauthorized actions within the application. | ||||
| CVE-2024-46256 | 2 Jc21, Nginxproxymanager | 2 Nginx Proxy Manager, Nginx Proxy Manager | 2025-06-03 | 9.8 Critical |
| A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate. | ||||
| CVE-2024-46257 | 2 Jc21, Nginxproxymanager | 2 Nginx Proxy Manager, Nginx Proxy Manager | 2025-06-03 | 6.3 Medium |
| A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let's Encrypt Certificate. NOTE: this is not part of any NGINX software shipped by F5. | ||||
| CVE-2022-28379 | 1 Nginxproxymanager | 1 Nginx Proxy Manager | 2024-11-21 | 6.8 Medium |
| jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item deletion. | ||||
Page 1 of 1.