CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23776 – WordPress Cache Sniper for Nginx plugin <= 1.0.4.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2025-23776
16 Jan 2025 — Missing Authorization vulnerability in Thorn Technologies LLC Cache Sniper for Nginx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cache Sniper for Nginx: from n/a through 1.0.4.2. The Cache Sniper for Nginx plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an ... • https://patchstack.com/database/wordpress/plugin/snipe-nginx-cache/vulnerability/wordpress-cache-sniper-for-nginx-plugin-1-0-4-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56236 – WordPress Hestia Nginx Cache plugin <= 2.4.0 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-56236
30 Dec 2024 — Missing Authorization vulnerability in Jakob Bouchard Hestia Nginx Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hestia Nginx Cache: from n/a through 2.4.0. The Hestia Nginx Cache plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the purge() function in versions up to, and including, 2.4.0. This makes it possible for unauthenticated attackers to purge cache. • https://patchstack.com/database/wordpress/plugin/hestia-nginx-cache/vulnerability/wordpress-hestia-nginx-cache-plugin-2-4-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-19692
https://notcve.org/view.php?id=CVE-2020-19692
04 Apr 2023 — Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njs_module_read in the njs_module.c file. • https://github.com/nginx/njs/issues/187 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2020-19695
https://notcve.org/view.php?id=CVE-2020-19695
04 Apr 2023 — Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/njs_vm.c function. • https://github.com/nginx/njs/issues/188 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-35173
https://notcve.org/view.php?id=CVE-2022-35173
18 Aug 2022 — An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation. Se ha detectado un problema en Nginx NJS versión v0.7.5. El desplazamiento de JUMP para una instrucción de ruptura no era establecido en un desplazamiento correcto durante la generación de código, conllevando a una violación de segmentación. • http://hg.nginx.org/njs/rev/b7c4e0f714a9 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30503
https://notcve.org/view.php?id=CVE-2022-30503
27 May 2022 — Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h. Se ha detectado que Nginx NJS versión v0.7.2, contiene una violación de segmentación en la función njs_set_number en el archivo src/njs_value.h • https://github.com/nginx/njs/commit/5c6130a2a0b4c41ab415f6b8992aa323636338b9 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-29780
https://notcve.org/view.php?id=CVE-2022-29780
27 May 2022 — Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c. Se ha detectado que Nginx NJS versión v0.7.2, contiene una violación de segmentación en la función njs_array_prototype_sort en el archivo src/njs_array.c • https://github.com/nginx/njs/commit/8b39afdad9a0761e0a5d4af1a762bd9a6daef572 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-29779
https://notcve.org/view.php?id=CVE-2022-29779
27 May 2022 — Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. Se ha detectado que Nginx NJS versión v0.7.2, contiene una violación de segmentación en la función njs_value_own_enumerate en el archivo src/njs_value.c • https://github.com/nginx/njs/commit/2e00e95473861846aa8538be87db07699d9f676d •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46461
https://notcve.org/view.php?id=CVE-2021-46461
14 Feb 2022 — njs through 0.7.0, used in NGINX, was discovered to contain an out-of-bounds array access via njs_vmcode_typeof in /src/njs_vmcode.c. Se ha detectado que njs versiones hasta 0.7.0, usada en NGINX, contiene un acceso a matrices fuera de límites por medio de la función njs_vmcode_typeof en el archivo /src/njs_vmcode.c • https://github.com/nginx/njs/commit/d457c9545e7e71ebb5c0479eb16b9d33175855e2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2019-7401
https://notcve.org/view.php?id=CVE-2019-7401
08 Feb 2019 — NGINX Unit before 1.7.1 might allow an attacker to cause a heap-based buffer overflow in the router process with a specially crafted request. This may result in a denial of service (router process crash) or possibly have unspecified other impact. NGINX Unit, en versiones anteriores a la 1.7.1, podría permitir que un atacante provoque un desbordamiento de búfer basado en memoria dinámica (heap) en el proceso del router con una petición especialmente manipulada. Esto podría resultar en una denegación de servi... • http://hg.nginx.org/unit/file/tip/CHANGES • CWE-787: Out-of-bounds Write •