Lucene search
K

22698 matches found

RedHat Linux
RedHat Linux
added 10 hours ago7 views

Important: Red Hat Security Advisory: nodejs22 security, bug fix, and enhancement update

An update for nodejs22 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

9.8CVSS6AI score0.02445EPSS
Exploits1References15
RedHat Linux
RedHat Linux
added 10 hours ago6 views

nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling

A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs,...

7.5CVSS5.9AI score0.00437EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 10 hours ago6 views

undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy

A flaw was found in undici. When undici's ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier URI, it silently ignores Transport Layer Security TLS options, such as custom Certificate Authorities CAs. This allows a remote attacker to perform a Man-in-the-Middle MITM attack,...

7.4CVSS7AI score0.00431EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 10 hours ago4 views

nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling

A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs,...

7.5CVSS6.8AI score0.00437EPSS
Exploits0References5
Nuclei
Nuclei
added 12 hours ago17 views

Emby Server - Authentication Bypass

Emby Server is a user-installable home media server which stores and organizes a user's media files of virtually any format and makes them available for viewing at home and abroad on a broad range of client devices. This vulnerability may allow administrative access to an Emby Server system,...

9.1CVSS7AI score0.01713EPSS
Exploits0References2
Nuclei
Nuclei
added 12 hours ago6 views

LobeHub LobeChat <= 2.1.56 - Server-Side Request Forgery

LobeHub LobeChat versions up to and including 2.1.56 are vulnerable to an unauthenticated server-side request forgery vulnerability in the /webapi/proxy endpoint. The endpoint accepts a URL in the POST request body and fetches it server-side without authentication. id: CVE-2026-54157 info: name:...

9CVSS5.9AI score0.0178EPSS
Exploits0References2
Nuclei
Nuclei
added 12 hours ago89 views

VMware VRealize Network Insight - Remote Code Execution

VMWare Aria Operations for Networks vRealize Network Insight is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the ro...

9.8CVSS8.1AI score0.98281EPSS
Exploits7References5
Nuclei
Nuclei
added 12 hours ago147 views

Apache HTTP Server - ACL Bypass

Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. id: CVE-2024-38473 info: name: Apache HTTP Server - ACL Bypass author: pdteam severity: high...

8.1CVSS6.7AI score0.25878EPSS
Exploits1References5
Nuclei
Nuclei
added 12 hours ago35 views

Apache Druid - Server-Side Request Forgery

Server-Side Request Forgery SSRF, Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting', URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Apache Druid.This issue affects all previous Druid versions.When using the Druid management proxy, a request tha...

5.8CVSS7.1AI score0.01656EPSS
Exploits0References2
Nuclei
Nuclei
added 12 hours ago17 views

Mailpit < 1.28.3 - Server-Side Request Forgery

Mailpit = 1.28.0 contains a server-side request forgery caused by insufficient validation of internal IP addresses in the /proxy endpoint, letting attackers make requests to internal network resources, exploit requires crafted HTTP GET requests. id: CVE-2026-21859 info: name: Mailpit 1.28.3 -...

5.8CVSS6.1AI score0.00755EPSS
Exploits2References2
Nuclei
Nuclei
added 12 hours ago17 views

WordPress Varnish/Nginx Proxy Caching <= 1.8.3 - Information Exposure

Razvan Stanga Varnish/Nginx Proxy Caching = 1.8.3 contains an insertion of sensitive information into sent data vulnerability caused by improper handling of embedded sensitive data, letting attackers retrieve sensitive information, exploit requires crafted requests. id: CVE-2025-62126 info: name:...

5.3CVSS5.9AI score0.00659EPSS
Exploits0References3
Nuclei
Nuclei
added 12 hours ago38 views

Artica Proxy 4.30.000000 - Cross-Site Scripting

Artica Proxy 4.30.000000 contains a cross-site scripting vulnerability via the password parameter in /fw.login.php. id: CVE-2022-37153 info: name: Artica Proxy 4.30.000000 - Cross-Site Scripting author: arafatansari severity: medium description: | Artica Proxy 4.30.000000 contains a cross-site...

6.1CVSS6.3AI score0.01393EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday12 views

Request-Baskets <= 1.2.1 - Server Side Request Forgery

Request-Baskets = 1.2.1 allows unauthenticated SSRF via the forwardurl parameter when creating a new basket. id: CVE-2023-27163 info: name: Request-Baskets = 1.2.1 - Server Side Request Forgery author: Jaenact severity: medium description: | Request-Baskets = 1.2.1 allows unauthenticated SSRF via...

6.5CVSS6.6AI score0.07497EPSS
Exploits29References4
Nuclei
Nuclei
added yesterday17 views

Squid Proxy - HTTP Authentication Credentials Disclosure

Squid versions prior to 7.2 fail to redact HTTP authentication credentials in error page responses. The Authorization header value is embedded in plain text inside the mailto: diagnostic block when Squid generates an error page e.g. ERRDNSFAIL. id: CVE-2025-62168 info: name: Squid Proxy - HTTP...

10CVSS7.2AI score0.6332EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday35 views

PHP Proxy 3.0.3 - Local File Inclusion

PHP Proxy 3.0.3 is susceptible to local file inclusion vulnerabilities that allow unauthenticated users to read files from the server via index.php?q=file:/// a different vulnerability than CVE-2018-19246. id: CVE-2018-19458 info: name: PHP Proxy 3.0.3 - Local File Inclusion author: daffainfo...

7.5CVSS7AI score0.32885EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday29 views

Artica Web Proxy 4.30 - OS Command Injection

Artica Web Proxy 4.30 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via servicecmdspeform. id: CVE-2020-17505 info: name: Artica Web Proxy 4.30 - OS Command Injection author: dwisiswant0...

9CVSS7.2AI score0.82165EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday15 views

LoLLMs WEBUI - Server-Side Request Forgery

LoLLMs WEBUI contains a server-side request forgery caused by unauthenticated access to the /api/proxy endpoint, letting attackers force the server to make arbitrary GET requests, exploit requires no authentication. id: CVE-2026-33340 info: name: LoLLMs WEBUI - Server-Side Request Forgery author:...

9.1CVSS6AI score0.21629EPSS
Exploits3References2
Nuclei
Nuclei
added 2 days ago17 views

LiteLLM - SQL Injection

LiteLLM 1.81.16 to 1.83.7 contains a SQL injection caused by improper handling of caller-supplied key in database query during proxy API key checks, letting unauthenticated attackers read and modify database data, exploit requires crafted Authorization header. id: CVE-2026-42208 info: name: LiteL...

9.8CVSS6.2AI score0.86607EPSS
Exploits7References3
Nuclei
Nuclei
added 2 days ago80 views

Apache Tomcat JK Connect <=1.2.44 - Manager Access

Apache Tomcat JK modjk Connector 1.2.0 to 1.2.44 allows specially constructed requests to expose application functionality through the reverse proxy. It is also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is so...

7.5CVSS7AI score0.90647EPSS
Exploits0References5
Nuclei
Nuclei
added 2 days ago40 views

Geoserver - Server-Side Request Forgery

GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows server-side request forgery via the option for setting a proxy host. id: CVE-2021-40822 info: name: Geoserver - Server-Side Request Forgery author: For3stCo1d,aringo-bf severity: high description: GeoServer through 2.18.5 and 2.19.x throug...

7.5CVSS7.1AI score0.18925EPSS
Exploits0References5
Rows per page
Query Builder