130
CVEs
20
Critical
68
High
0
KEV
26
PoC
18
Unpatched C/H
77.7%
Patch Rate
1.9%
Avg EPSS
Severity Breakdown
CRITICAL
20
HIGH
68
MEDIUM
36
LOW
4
Monthly CVE Trend
Affected Products (30)
Docker
16
PHP
11
Kubernetes
11
Python
7
Nginx Ui
4
Java
4
Nginx Plus
4
Modsecurity
3
Nginx Open Source
3
Ubuntu
2
Tinyweb
2
OpenSSL
2
Nginx Gateway Fabric
1
Nginx Ingress Controller
1
Nginx Instance Manager
1
Nginx Proxy Manager
1
Nginx Unit
1
Node.js
1
Open Security Issue Management
1
PostgreSQL
1
Rack
1
Roxy Wi
1
Termix
1
TLS
1
Virtual Appliance Application
1
Virtual Appliance Host
1
Weblate
1
Business Hub
1
Wpvivid Backup Migration
1
Cpp Httplib
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-1098 | Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress annotations. Attackers can inject arbitrary NGINX configuration directives that lead to code execution in the ingress controller context, exposing cluster Secrets. This is a companion vulnerability to CVE-2025-1974 (IngressNightmare). | HIGH | 8.8 | 49.9% | 114 |
PoC
|
| CVE-2025-24514 | A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 23.0%. | HIGH | 8.8 | 23.0% | 87 |
PoC
|
| CVE-2025-1097 | A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 20.8%. | HIGH | 8.8 | 20.8% | 85 |
PoC
|
| CVE-2026-27944 | Unauthenticated backup download and RCE in Nginx UI before 2.3.3. EPSS 1.0%. PoC available. | CRITICAL | 9.8 | 1.0% | 70 |
PoC
|
| CVE-2026-33032 | Remote unauthenticated nginx service takeover in nginx-ui's MCP integration allows network attackers to create, modify, or delete nginx configuration files and trigger automatic reloads without authentication. The /mcp_message endpoint lacks authentication middleware while exposing the same MCP tool handlers as the protected /mcp endpoint, and the IP whitelist defaults to empty (allow-all). Attackers can inject malicious server blocks to intercept credentials, exfiltrate backend topology, or crash nginx with invalid configs. CVSS 9.8 (Critical) with network attack vector, no authentication required, and high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, though detailed proof-of-concept HTTP request provided in advisory. | CRITICAL | 9.8 | 0.1% | 69 |
PoC
No patch
|
| CVE-2024-13869 | The Migration, Backup, Staging - WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload_files' function in all. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.7%. | HIGH | 7.2 | 10.7% | 67 |
PoC
|
| CVE-2025-34203 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1002 and Application versions prior to 20.0.2614 (VA and SaaS deployments) contain multiple Docker containers that. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.3 | 0.1% | 67 |
PoC
No patch
|
| CVE-2026-42945 | Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows remote attackers to crash worker processes and potentially execute code on systems without ASLR. The vulnerability requires specific rewrite directive configurations using PCRE captures with question marks in replacement strings, combined with attacker-crafted HTTP requests and conditions beyond the attacker's control. F5 has released patches addressing this critical flaw. EPSS data unavailable; no KEV listing or public exploit identified at time of analysis, though the specific configuration requirements and dependency on external conditions likely limit widespread exploitation despite the 9.2 CVSS score. | CRITICAL | 9.2 | 0.2% | 66 |
PoC
|
| CVE-2025-59951 | Docker default credentials in Termix server management. PoC and patch available. | CRITICAL | 9.1 | 0.1% | 66 |
PoC
|
| CVE-2024-33452 | An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available. | HIGH | 7.7 | 0.7% | 59 |
PoC
No patch
|
| CVE-2025-46728 | cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available. | HIGH | 7.5 | 1.0% | 59 |
PoC
|
| CVE-2025-48866 | ModSecurity versions prior to 2.9.10 contain a denial of service vulnerability in the `sanitiseArg` and `sanitizeArg` actions that allows unauthenticated remote attackers to cause service disruption by submitting requests with an excessive number of arguments. This is a network-accessible DoS vulnerability with high impact on availability that affects widely-deployed WAF deployments across Apache, IIS, and Nginx platforms. | HIGH | 7.5 | 0.4% | 58 |
PoC
|
| CVE-2026-22265 | Authenticated command injection in Roxy-WI versions prior to 8.2.8.2 enables attackers to execute arbitrary system commands through improper sanitization of the grep parameter in log viewing functionality. Public exploit code exists for this vulnerability, affecting users managing HAProxy, Nginx, Apache, and Keepalived servers through the web interface. A patch is available in version 8.2.8.2 and later. | HIGH | 7.5 | 0.2% | 58 |
PoC
|
| CVE-2025-5961 | The Migration, Backup, Staging - WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpvivid_upload_import_files' function in all versions up to, and including, 0.9.116. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. NOTE: Uploaded files are only accessible on WordPress instances running on the NGINX web server as the existing .htaccess within the target file upload folder prevents access on Apache servers. | HIGH | 7.2 | 1.3% | 57 |
PoC
|
| CVE-2026-42220 | nginx-ui prior to version 2.3.8 exposes sensitive configuration values including node.secret via an authenticated GET /api/settings endpoint, allowing an authenticated user to retrieve the shared authentication secret and subsequently impersonate the init administrative user by sending requests with the stolen node.secret via the X-Node-Secret header or node_secret query parameter. This enables privilege escalation and full administrative access to the Nginx configuration interface without additional authentication. | MEDIUM | 6.5 | 0.0% | 53 |
PoC
|