0xjacky

Top products

The 15 most recently published vulnerabilities affecting 0xjacky.

• CVE-2026-44015Nginx UI: Server-Side Request Forgery (SSRF) via Cluster Proxy Middleware Allows Access to Internal Services8.5May 12, 2026
• CVE-2026-42238Unauthenticated Remote Code Execution via Backup Restore in nginx-ui9.8May 4, 2026
• CVE-2026-42223nginx-ui: Settings API Exposes Protected Secrets6.5May 4, 2026
• CVE-2026-42222nginx-ui: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeover8.1May 4, 2026
• CVE-2026-42221nginx-ui: Unauthenticated First-Run Installer Allows Remote Initial Admin Claim8.1May 4, 2026
• CVE-2026-42220nginx-ui: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollback6.5May 4, 2026
• CVE-2026-34403Nginx-UI vulnerable to Cross-Site WebSocket Hijacking (CSWSH) via missing origin validation on all WebSocket endpoints8.1Apr 20, 2026
• CVE-2026-33031Nginx-UI: Disabled users retain full API access through previously issued bearer tokens8.1Apr 20, 2026
• CVE-2026-33026nginx-ui Backup Restore Allows Tampering with Encrypted Backups9.1Mar 30, 2026
• CVE-2026-33027Nginx UI: Improper Path Validation Allows Recursive Deletion of the Nginx Configuration Directory6.5Mar 30, 2026
• CVE-2026-33028Nginx UI: Race Condition Leads to Persistent Data Corruption and Service Collapse7.5Mar 30, 2026
• CVE-2026-33029Nginx UI: DoS via Negative Integer Input in Logrotate Interval6.5Mar 30, 2026
• CVE-2026-33030Nginx UI: Unencrypted Storage of DNS API Tokens and ACME Private Keys8.8Mar 30, 2026
• CVE-2026-33032Nginx UI: Unauthenticated MCP Endpoint Allows Remote Nginx Takeover9.8Mar 30, 2026
• CVE-2026-27944Nginx UI: Unauthenticated Backup Download with Encryption Key Disclosure9.8Mar 5, 2026