threat
engine
.sh
Back
·
··:··
Home
/
Product
/
f5 nginx plus
Product
f5 nginx plus
18 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-32647
all versions
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to trigger
7.8
HIGH
CVE-2026-28755
all versions
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_stream_ssl_module module due to the improper handling of revoked
5.4
MEDIUM
CVE-2026-28753
all versions
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequ
3.7
LOW
CVE-2026-27654
all versions
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a
8.2
HIGH
CVE-2026-27651
>= r33 and < r35
When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker pr
7.5
HIGH
CVE-2026-1642
>= r33 and < r35
A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An
5.9
MEDIUM
CVE-2025-53859
all versions
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to
3.7
LOW
CVE-2025-23419
>= r28 and < r32
When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass
4.3
MEDIUM
CVE-2024-7347
>= r27 and < r31
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX
4.7
MEDIUM
CVE-2024-39792
all versions
When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource u
7.5
HIGH
CVE-2024-35200
all versions
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker proc
5.3
MEDIUM
CVE-2024-34161
all versions
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transm
5.3
MEDIUM
CVE-2024-32760
all versions
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX
6.5
MEDIUM
CVE-2024-31079
all versions
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker proc
4.8
MEDIUM
CVE-2024-24990
all versions
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes t
7.5
HIGH
CVE-2024-24989
all versions
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes t
7.5
HIGH
CVE-2023-44487
>= r25 and < r29
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams q
7.5
HIGH
CVE-2022-41743
>= r22 and <= r27
NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module that might allow a local attac
7.0
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin