Jc21 Nginx Proxy Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Jc21 Nginx Proxy Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2023-27224 — CVSS 9.8 (critical): An issue found in NginxProxyManager v.2.9.19 allows an attacker to execute arbitrary code via a lua script to the configuration file.
CVE-2024-46256 — CVSS 9.8 (critical): A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt…
CVE-2024-39935 — CVSS 8.8 (high): jc21 NGINX Proxy Manager before 2.11.3 allows backend/internal/certificate.js OS command injection by an authenticated user (with…
CVE-2023-23596 — CVSS 8.8 (high): jc21 NGINX Proxy Manager through 2.9.19 allows OS command injection. When creating an access list, the backend builds an htpasswd file with…
CVE-2024-46257 — CVSS 6.3 (medium): A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote…