Vendor
medium
advisory
Nginx-UI Unauthenticated Initial Admin Claim Vulnerability
2 rules 1 TTPAn unauthenticated network attacker can claim the initial administrator account on a fresh Nginx-UI instance during the first-run setup window by exploiting the publicly accessible /api/install endpoint.
Nginx-UI
initial-access
authentication-bypass
2r
1t
high
advisory
Nginx-UI SSRF Vulnerability via Cluster Node Proxy
2 rules 1 TTPNginx-UI version 2.3.4 and earlier is vulnerable to Server-Side Request Forgery (SSRF) allowing authenticated users to access internal services by manipulating cluster node configurations.
Nginx-UI
ssrf
web-application
2r
1t