Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

0xJacky — Vulnerabilities & Security Advisories 17

Browse all 17 CVE security advisories affecting 0xJacky. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by 0xJacky:nginx-ui
CVE IDTitleCVSSSeverityPublished
CVE-2026-34403 Nginx-UI vulnerable to Cross-Site WebSocket Hijacking (CSWSH) via missing origin validation on all WebSocket endpoints — nginx-uiCWE-1385 8.8AIHighAI2026-04-20
CVE-2026-33031 Nginx-UI: Disabled users retain full API access through previously issued bearer tokens — nginx-uiCWE-284 8.8AIHighAI2026-04-20
CVE-2026-33026 nginx-ui Backup Restore Allows Tampering with Encrypted Backups — nginx-uiCWE-312 8.8 -2026-03-30
CVE-2026-33027 Nginx UI: Improper Path Validation Allows Recursive Deletion of the Nginx Configuration Directory — nginx-uiCWE-22 7.1 -2026-03-30
CVE-2026-33028 Nginx UI: Race Condition Leads to Persistent Data Corruption and Service Collapse — nginx-uiCWE-362 8.1 -2026-03-30
CVE-2026-33029 Nginx UI: DoS via Negative Integer Input in Logrotate Interval — nginx-uiCWE-20 6.5 -2026-03-30
CVE-2026-33030 Nginx UI: Unencrypted Storage of DNS API Tokens and ACME Private Keys — nginx-uiCWE-78 8.8 High2026-03-30
CVE-2026-33032 Nginx UI: Unauthenticated MCP Endpoint Allows Remote Nginx Takeover — nginx-uiCWE-306 9.8 Critical2026-03-30
CVE-2026-27944 Nginx UI: Unauthenticated Backup Download with Encryption Key Disclosure — nginx-uiCWE-311 9.8 Critical2026-03-05
CVE-2024-49368 Unchecked logrotate settings lead to arbitrary command execution — nginx-uiCWE-20 8.8AIHighAI2024-10-21
CVE-2024-49367 Nginx UI's log path can be controlled — nginx-uiCWE-862 7.5AIHighAI2024-10-21
CVE-2024-49366 Nginx UI's json field can construct a directory traversal payload, causing arbitrary files to be written — nginx-uiCWE-22 9.8AICriticalAI2024-10-21
CVE-2024-23828 Nginx-UI authenticated RCE through injecting into the application config via CRLF — nginx-uiCWE-74 8.8 High2024-01-29
CVE-2024-23827 Nginx-UI arbitrary file write through the Import Certificate feature — nginx-uiCWE-22 9.8 Critical2024-01-29
CVE-2024-22198 Authenticated (user role) arbitrary command execution by modifying `start_cmd` setting (GHSL-2023-268) — nginx-uiCWE-77 7.1 High2024-01-11
CVE-2024-22196 Authenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270) — nginx-uiCWE-89 7.0 High2024-01-11
CVE-2024-22197 Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269) — nginx-uiCWE-77 7.7 High2024-01-11

This page lists every published CVE security advisory associated with 0xJacky. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.