CVE-2026-44373

Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could bypass a proxy route rule by sending percent-encoded path traversal ..%2f in the URL, causing Nitro to forward a request that the upstream resolved outside the configured scope. This vulnerability is fixed in...

CVE-2026-44373 Nitro: Proxy scope bypass via percent-encoded path traversal in `routeRules`

Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could bypass a proxy route rule by sending percent-encoded path traversal ..%2f in the URL, causing Nitro to forward a request that the upstream resolved outside the configured scope. This vulnerability is fixed in...

CVE-2026-44373

Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could bypass a proxy route rule by sending percent-encoded path traversal ..%2f in the URL, causing Nitro to forward a request that the upstream resolved outside the configured scope. This vulnerability is fixed in...

Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing

Summary A Server-Side Request Forgery SSRF vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victim application uses gr.load to load an attacker-controlled Space, the malicious proxyurl from the config is...

CVE-2026-3293

A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. Executing a manipulation of the argument nonProxyHosts...

CVE-2026-3293 snowflakedb snowflake-jdbc JDBC URL SdkProxyRoutePlanner.java SdkProxyRoutePlanner redos

A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. Executing a manipulation of the argument nonProxyHosts...

CVE-2026-3293 snowflakedb snowflake-jdbc JDBC URL SdkProxyRoutePlanner.java SdkProxyRoutePlanner redos

A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. Executing a manipulation of the argument nonProxyHosts...

PT-2026-22301

A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. Executing a manipulation of the argument nonProxyHosts...

CVE-2021-31216

Siren Investigate before 11.1.1 contains a server side request forgery SSRF defect in the built-in image proxy route which is enabled by default. An attacker with access to the Investigate installation can specify an arbitrary URL in the parameters of the image proxy route and fetch external URLs...

EUVD-2021-18129

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2025-31483

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Miniflux is a feed reader. Due to a weak Content Security Policy on the /proxy/ route, an attacker can bypass the CSP of the media proxy and execute cross-site...

SUSE CVE-2025-31483

Miniflux is a feed reader. Due to a weak Content Security Policy on the /proxy/ route, an attacker can bypass the CSP of the media proxy and execute cross-site scripting when opening external images in a new tab/window. To mitigate the vulnerability, the CSP for the media proxy has been changed...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to a weak Content Security Policy on the /proxy/ route. An attacker can bypass the CSP of the media proxy and execute arbitrary JavaScript when opening external images in a new tab or window. Note: This is...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to a weak Content Security Policy on the /proxy/ route. An attacker can bypass the CSP of the media proxy and execute arbitrary JavaScript when opening external images in a new tab or window. Note: This is...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to a weak Content Security Policy on the /proxy/ route. An attacker can bypass the CSP of the media proxy and execute arbitrary JavaScript when opening external images in a new tab or window. Note: This is...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to a weak Content Security Policy on the /proxy/ route. An attacker can bypass the CSP of the media proxy and execute arbitrary JavaScript when opening external images in a new tab or window. Note: This is...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to a weak Content Security Policy on the /proxy/ route. An attacker can bypass the CSP of the media proxy and execute arbitrary JavaScript when opening external images in a new tab or window. Note: This is...

CVE-2024-41813

txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Starting in version 1.4.0 and prior to version 1.6.1, a Server-Side Request Forgery SSRF vulnerability in the /proxy route of txtdot allows remote attackers to use the server as a proxy ...

CVE-2024-41813 txtdot SSRF vulnerability in /proxy

txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Starting in version 1.4.0 and prior to version 1.6.1, a Server-Side Request Forgery SSRF vulnerability in the /proxy route of txtdot allows remote attackers to use the server as a proxy ...

CVE-2024-41813 txtdot SSRF vulnerability in /proxy

txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Starting in version 1.4.0 and prior to version 1.6.1, a Server-Side Request Forgery SSRF vulnerability in the /proxy route of txtdot allows remote attackers to use the server as a proxy ...