| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-34403 | Nginx-UI vulnerable to Cross-Site WebSocket Hijacking (CSWSH) via missing origin validation on all WebSocket endpoints | 0xJacky | nginx-ui | - | - | 2026-04-20 20:16:48 | Deep Dive |
| CVE-2026-33031 | Nginx-UI: Disabled users retain full API access through previously issued bearer tokens | 0xJacky | nginx-ui | - | - | 2026-04-20 20:12:08 | Deep Dive |
| CVE-2026-33026 | nginx-ui Backup Restore Allows Tampering with Encrypted Backups | 0xJacky | nginx-ui | 中危 | - | 2026-03-30 19:26:28 | Deep Dive |
| CVE-2026-33027 | Nginx UI: Improper Path Validation Allows Recursive Deletion of the Nginx Configuration Directory | 0xJacky | nginx-ui | 中危 | - | 2026-03-30 17:59:31 | Deep Dive |
| CVE-2026-33028 | Nginx UI: Race Condition Leads to Persistent Data Corruption and Service Collapse | 0xJacky | nginx-ui | 中危 | - | 2026-03-30 17:59:19 | Deep Dive |
| CVE-2026-33029 | Nginx UI: DoS via Negative Integer Input in Logrotate Interval | 0xJacky | nginx-ui | 中危 | - | 2026-03-30 17:59:05 | Deep Dive |
| CVE-2026-33030 | Nginx UI: Unencrypted Storage of DNS API Tokens and ACME Private Keys | 0xJacky | nginx-ui | High | 8.8 | 2026-03-30 17:58:54 | Deep Dive |
| CVE-2026-33032 | Nginx UI: Unauthenticated MCP Endpoint Allows Remote Nginx Takeover | 0xJacky | nginx-ui | Critical | 9.8 | 2026-03-30 17:58:42 | Deep Dive |
| CVE-2026-28755 | NGINX ngx_stream_ssl_module vulnerability | F5 | NGINX Open Source | Medium | 5.4 | 2026-03-24 14:13:27 | Deep Dive |
| CVE-2026-27651 | NGINX ngx_mail_auth_http_module vulnerability | F5 | NGINX Open Source | High | 7.5 | 2026-03-24 14:13:27 | Deep Dive |
| CVE-2026-27654 | NGINX ngx_http_dav_module vulnerability | F5 | NGINX Open Source | High | 8.2 | 2026-03-24 14:13:27 | Deep Dive |
| CVE-2026-32647 | NGINX ngx_http_mp4_module vulnerability | F5 | NGINX Open Source | High | 7.8 | 2026-03-24 14:13:26 | Deep Dive |
| CVE-2026-28753 | NGINX ngx_mail_proxy_module vulnerability | F5 | NGINX Open Source | Low | 3.7 | 2026-03-24 14:13:26 | Deep Dive |
| CVE-2026-27784 | NGINX ngx_http_mp4_module vulnerability | F5 | NGINX Open Source | High | 7.8 | 2026-03-24 14:13:25 | Deep Dive |
| CVE-2026-4342 | ingress-nginx comment-based nginx configuration injection | Kubernetes | ingress-nginx | High | 8.8 | 2026-03-19 21:50:18 | Deep Dive |
| CVE-2026-3288 | ingress-nginx rewrite-target nginx configuration injection | Kubernetes | ingress-nginx | High | 8.8 | 2026-03-09 21:00:48 | Deep Dive |
| CVE-2026-27944 | Nginx UI: Unauthenticated Backup Download with Encryption Key Disclosure | 0xJacky | nginx-ui | Critical | 9.8 | 2026-03-05 16:28:14 | Deep Dive |
| CVE-2025-15566 | ingress-nginx auth-proxy-set-headers nginx configuration injection | Kubernetes | ingress-nginx | High | 8.8 | 2026-02-06 03:13:52 | Deep Dive |
| CVE-2026-1642 | NGINX vulnerability | F5 | NGINX Open Source | Medium | 5.9 | 2026-02-04 15:02:06 | Deep Dive |
| CVE-2026-24514 | ingress-nginx Admission Controller denial of service | Kubernetes | ingress-nginx | Medium | 6.5 | 2026-02-03 22:17:25 | Deep Dive |