VYPR

NGINX Open Source

by Nginx

CVEs (5)

  • CVE-2022-41742HigOct 19, 2022
    risk 0.46cvss 7.1epss 0.01

    NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker…

  • CVE-2022-41741HigOct 19, 2022
    risk 0.46cvss 7.0epss 0.01

    NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker…

  • CVE-2025-53859LowAug 13, 2025
    risk 0.17cvss 3.7epss 0.00

    NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication…

  • CVE-2026-60005Jul 18, 2026
    risk 0.00cvss epss 0.01

    NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_slice_module module. When the slice directive and unnamed regex captures are configured or when a background cache update happens, unauthenticated attackers can send requests that may cause uninitialized…

  • CVE-2026-56434Jul 18, 2026
    risk 0.00cvss epss 0.00

    NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssi_module module. This vulnerability may exist when the Server-Side Includes (SSI), proxy_pass, and proxy_buffering off directives are configured. With this configuration, an unauthenticated attacker with…