22392 matches found
CVE-2026-11643
CVE-2026-11643 : Use-after-free in Proxy handling of Google Chrome before version 149.0.7827.103 allows a remote attacker to execute arbitrary code via malicious network traffic. Impact is rated high/critical; exploit would require network access with no user interaction. The documented remediati...
CVE-2026-40519
Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticated remote code execution vulnerability via OS command injection in the setupCertbotPlugins function in backend/setup.js, allowing attackers with certificates:manage permission to execute arbitrary...
CVE-2026-40519 Nginx Proxy Manager Authenticated RCE via setupCertbotPlugins()
Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticated remote code execution vulnerability via OS command injection in the setupCertbotPlugins function in backend/setup.js, allowing attackers with certificates:manage permission to execute arbitrary...
CVE-2026-40519
Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticated remote code execution vulnerability via OS command injection in the setupCertbotPlugins function in backend/setup.js, allowing attackers with certificates:manage permission to execute arbitrary...
EUVD-2026-35196
Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticated remote code execution vulnerability via OS command injection in the setupCertbotPlugins function in backend/setup.js, allowing attackers with certificates:manage permission to execute arbitrary...
CVE-2026-40519 Nginx Proxy Manager Authenticated RCE via setupCertbotPlugins()
Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticated remote code execution vulnerability via OS command injection in the setupCertbotPlugins function in backend/setup.js, allowing attackers with certificates:manage permission to execute arbitrary...
CVE-2026-40519
Nginx Proxy Manager versions 2.9.14–2.15.1 are affected by an authenticated remote code execution via OS command injection in backend/setup.js (setupCertbotPlugins). The user-controlled dns_provider_credentials field is interpolated directly into a shell command executed with child_process.exec()...
Security Bulletin: Langflow OSS affected by vulnerabilies in Axios versions prior to 1.15.0
Summary Langflow OSS affected by vulnerabilies in Axios versions prior to 1.15.0 Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checki...
CVE-2026-39908
OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy source with a UNC path pointing to an attacker-controlled server. When the job starts, the application...
CVE-2026-25855
OpenBullet2 through version 0.3.2 contains a remote code execution vulnerability that allows authenticated users to execute arbitrary commands by uploading script files .bat.ps1.sh through the FileProxySource proxy loading feature. Attackers can upload malicious script files as proxy sources,...
CVE-2026-10532
A flaw was found in the logback-core component of QOS.CH Sarl logback. This deserialization of untrusted data vulnerability allows a remote attacker, by influencing serialized data sent to SimpleSocketServer or SimpleSSLSocketServer, to instantiate Proxy objects. Although heavily restricted by...
CVE-2026-25855 OpenBullet2 0.3.2 Authenticated RCE via FileProxySource Script Upload
OpenBullet2 through version 0.3.2 contains a remote code execution vulnerability that allows authenticated users to execute arbitrary commands by uploading script files .bat.ps1.sh through the FileProxySource proxy loading feature. Attackers can upload malicious script files as proxy sources,...
EUVD-2026-35134
OpenBullet2 through version 0.3.2 contains a remote code execution vulnerability that allows authenticated users to execute arbitrary commands by uploading script files .bat.ps1.sh through the FileProxySource proxy loading feature. Attackers can upload malicious script files as proxy sources,...
CVE-2026-25855
OpenBullet2 through version 0.3.2 contains a remote code execution vulnerability that allows authenticated users to execute arbitrary commands by uploading script files .bat.ps1.sh through the FileProxySource proxy loading feature. Attackers can upload malicious script files as proxy sources,...
CVE-2026-25855 OpenBullet2 0.3.2 Authenticated RCE via FileProxySource Script Upload
OpenBullet2 through version 0.3.2 contains a remote code execution vulnerability that allows authenticated users to execute arbitrary commands by uploading script files .bat.ps1.sh through the FileProxySource proxy loading feature. Attackers can upload malicious script files as proxy sources,...
CVE-2026-39908 OpenBullet2 0.3.2 NTLMv2 Hash Disclosure via UNC Path Proxy Source
OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy source with a UNC path pointing to an attacker-controlled server. When the job starts, the application...
CVE-2026-39908 OpenBullet2 0.3.2 NTLMv2 Hash Disclosure via UNC Path Proxy Source
OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy source with a UNC path pointing to an attacker-controlled server. When the job starts, the application...
CVE-2026-39908
OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy source with a UNC path pointing to an attacker-controlled server. When the job starts, the application...
CVE-2026-39908
OpenBullet2 ≤ v0.3.2 on Windows suffers a credential disclosure via a UNC-path proxy source. When a job loads proxies from an attacker-controlled UNC path, an SMB authentication occurs and reveals the NTLMv2 hash of the process user, enabling relay or offline cracking. Affected component is the p...
CVE-2026-34356
Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and ProxyPassReverseCookie This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...