VYPR
← All vendors
Vendor

NginxProxyManager

Products
2
CVEs
4
Across products
4
Status
Private

Products

2

Recent CVEs

4
  • CVE-2026-40519HigJun 8, 2026
    NginxProxyManager
    Nginx Proxy Manager
    risk 0.42cvss 7.5epss

    Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticated remote code execution vulnerability via OS command injection in the setupCertbotPlugins() function in backend/setup.js, allowing attackers with certificates:manage permission to…

  • CVE-2024-46256Sep 27, 2024
    NginxProxyManager
    NginxProxyManager
    risk 0.05cvss epss 0.60

    A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate.

  • CVE-2024-46257Sep 27, 2024
    NginxProxyManager
    NginxProxyManager
    risk 0.00cvss epss 0.03

    A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let's Encrypt Certificate. NOTE: this is not part of any NGINX software shipped by F5.

  • CVE-2023-27224Mar 22, 2023
    NginxProxyManager
    NginxProxyManager
    risk 0.00cvss epss 0.01

    An issue found in NginxProxyManager v.2.9.19 allows an attacker to execute arbitrary code via a lua script to the configuration file.