VYPR

NGINX Plus

by Nginx

CVEs (13)

  • CVE-2024-39792HigAug 14, 2024
    risk 0.49cvss 7.5epss 0.01

    When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

  • CVE-2024-24990HigFeb 14, 2024
    risk 0.49cvss 7.5epss 0.01

    When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC…

  • CVE-2024-24989HigFeb 14, 2024
    risk 0.49cvss 7.5epss 0.01

    When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC…

  • CVE-2022-41743HigOct 19, 2022
    risk 0.46cvss 7.0epss 0.00

    NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file. The issue affects…

  • CVE-2022-41742HigOct 19, 2022
    risk 0.46cvss 7.1epss 0.01

    NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker…

  • CVE-2022-41741HigOct 19, 2022
    risk 0.46cvss 7.0epss 0.01

    NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker…

  • CVE-2024-32760MedMay 29, 2024
    risk 0.42cvss 6.5epss 0.01

    When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.

  • CVE-2024-35200MedMay 29, 2024
    risk 0.35cvss 5.3epss 0.01

    When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate.

  • CVE-2024-34161MedMay 29, 2024
    risk 0.35cvss 5.3epss 0.01

    When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory.

  • CVE-2024-31079MedMay 29, 2024
    risk 0.31cvss 4.8epss 0.01

    When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining…

  • CVE-2025-53859LowAug 13, 2025
    risk 0.17cvss 3.7epss 0.00

    NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication…

  • CVE-2026-60005Jul 18, 2026
    risk 0.00cvss epss 0.01

    NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_slice_module module. When the slice directive and unnamed regex captures are configured or when a background cache update happens, unauthenticated attackers can send requests that may cause uninitialized…

  • CVE-2026-56434Jul 18, 2026
    risk 0.00cvss epss 0.00

    NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssi_module module. This vulnerability may exist when the Server-Side Includes (SSI), proxy_pass, and proxy_buffering off directives are configured. With this configuration, an unauthenticated attacker with…