Two CVEs affecting NGINX Open Source and NGINX Plus are included under improper input validation (CWE-20) in the broader batch. No active exploitation evidence was present in source data. Given NGINX’s ubiquity as an internet-facing reverse proxy and load balancer, patch review should be accelerated for internet-exposed deployments; verify affected versions and available patches at nginx.org/en/security_advisories.html.