threat
engine
.sh
Back
·
··:··
Home
/
Product
/
f5 nginx open source
Product
f5 nginx open source
15 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-32647
>= 1.1.19 and < 1.28.3
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to trigger
7.8
HIGH
CVE-2026-28755
>= 0.5.13 and <= 0.9.7
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_stream_ssl_module module due to the improper handling of revoked
5.4
MEDIUM
CVE-2026-28753
>= 0.6.27 and <= 0.9.7
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequ
3.7
LOW
CVE-2026-27784
>= 1.1.19 and < 1.28.3
The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an attacke
7.8
HIGH
CVE-2026-27654
>= 0.5.13 and <= 0.9.7
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a
8.2
HIGH
CVE-2026-27651
>= 0.5.15 and <= 0.9.7
When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker pr
7.5
HIGH
CVE-2026-1642
>= 1.3.0 and < 1.28.2
A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An
5.9
MEDIUM
CVE-2025-53859
>= 0.7.22 and < 1.29.1
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to
3.7
LOW
CVE-2024-7347
>= 1.5.13 and < 1.26.2
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX
4.7
MEDIUM
CVE-2024-35200
>= 1.25.0 and < 1.26.1
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker proc
5.3
MEDIUM
CVE-2024-34161
>= 1.25.0 and < 1.26.1
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transm
5.3
MEDIUM
CVE-2024-32760
>= 1.25.0 and < 1.26.1
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX
6.5
MEDIUM
CVE-2024-31079
>= 1.25.0 and < 1.26.1
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker proc
4.8
MEDIUM
CVE-2024-24990
>= 1.25.0 and < 1.25.4
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes t
7.5
HIGH
CVE-2024-24989
all versions
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes t
7.5
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin