CVE-2026-50892 - Incorrect access control in the "Let's Encrypt" certificate download endpoint of Nginx Proxy Manager

CVE-2026-40519 - Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticate

CVE-2026-9508 - Incorrect permission settings on a critical resource in Suprema BioStar 2 (versions 2.9.3 through 2.

CVE-2026-9256 - NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vu

CVE-2026-8711 - NGINX JavaScript has a vulnerability when the js_fetch_proxy directive is configured with at least o

CVE-2026-42946 - A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result

CVE-2026-42945 - NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vu

CVE-2026-42934 - NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When ch

CVE-2026-42926 - When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxy_http_version to 2, and

CVE-2026-40701 - NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssl_module module when the ssl

CVE-2026-40460 - When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may b

CVE-2026-39806 - Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in mtrudel bandit allows unauth

CVE-2026-44015 - Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated us

CVE-2026-8430 - SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that

CVE-2026-42238 - Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes

CVE-2026-42223 - Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, the GetSettings A

CVE-2026-42222 - Nginx UI is a web user interface for the Nginx web server. In version 2.3.5, an unauthenticated boot

CVE-2026-42221 - Nginx UI is a web user interface for the Nginx web server. From version 2.0.0 to before version 2.3.

CVE-2026-42220 - Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, an authenticated

CVE-2026-7381 - Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewri

CVE-2026-40575 - OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0

CVE-2026-34403 - Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.5, all WebSocket end

CVE-2026-33031 - Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, a user who was di

CVE-2026-40487 - Postiz is an AI social media scheduling tool. Prior to version 2.21.6, a file upload validation bypa

CVE-2026-34457 - OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions prior

CVE-2026-5501 - wolfSSL_X509_verify_cert in the OpenSSL compatibility layer accepts a certificate chain in which the

CVE-2026-31842 - Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensi

CVE-2026-34759 - OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, multipl

CVE-2026-34830 - Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Send

CVE-2026-33026 - Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui back

CVE-2026-33032 - Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui

CVE-2026-33030 - Nginx UI is a web user interface for the Nginx web server. In versions 2.3.3 and prior, Nginx-UI con

CVE-2026-33029 - Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, an input validati

CVE-2026-33028 - Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui appl

CVE-2026-33027 - Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui conf

CVE-2026-32647 - NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might

CVE-2026-28755 - NGINX Plus and NGINX Open Source have a vulnerability in the ngx_stream_ssl_module module due to the

CVE-2026-28753 - NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the

CVE-2026-27784 - The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module

CVE-2026-27654 - NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might a

CVE-2026-27651 - When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed

CVE-2026-4342 - A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be u

CVE-2026-3229 - An integer overflow vulnerability existed in the static function wolfssl_add_to_chain, that caused h