Nginx 漏洞列表
共找到 10 个与 Nginx 相关的漏洞
📅 加载漏洞趋势中...
-
nginxWebUI cmdOver 远程命令执行漏洞 无POC
nginxWebUI cmdOver 接口存在远程命令执行漏洞,攻击者通过漏洞可以获取到服务器权限,执行任意命令 -
nginx-merge-slashes-path-traversal: Nginx Merge Slashes Path Traversal POC
A vulnerability in the remote Nginx server could cause the server to merge slashslash together causing what should have protected the web site from a directory traversal vulnerability into a vulnerable server. -
nginxwebui-admin-bypass: NginxWebUI admin认证绕过(全版本通杀) POC
Admin类型注入autoKey绕过认证、绕过密码和Google认证获取管理员权限 FOFA: app="nginxWebUI" -
nginxwebui-rce: Nginx Web UI RCE POC
FOFA: app="nginxWebUI" -
phpstudy-nginx-wrong-resolve: Phpstudy Nginx Wrong Resolve POC
Phpstudy Nginx Wrong Resolve -
CVE-2025-1974-k8s: Ingress-Nginx Controller - Unauthenticated Remote Code Execution POC
A security issue was discovered in ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller -
CVE-2025-1097: Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-tls-match-cn` Annotation POC
A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) -
CVE-2025-1098: Ingress-Nginx Controller - Configuration Injection via Unsanitized Mirror Annotations POC
A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) -
CVE-2025-1974: Ingress-Nginx Controller - Remote Code Execution POC
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) -
CVE-2025-24514: Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-url` Annotation POC
A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)