Lucene search
K

22686 matches found

OSV
OSV
added 2026/06/08 11:55 p.m.10 views

GHSA-QPGP-93VX-G8V8 Puma PROXY Protocol v1 Parser Allows Remote Memory Exhaustion

Impact PROXY protocol support for Puma was added in version 5.5.0. When PROXY protocol v1 support is enabled, Puma reads incoming bytes into an internal buffer. It waits for "\r\n" to determine whether a PROXY v1 line is present. If an attacker opens a TCP connection and continuously sends bytes...

7.5CVSS5.8AI score0.0007EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/08 11:55 p.m.29 views

Puma PROXY Protocol v1 Parser Allows Remote Memory Exhaustion

Impact PROXY protocol support for Puma was added in version 5.5.0. When PROXY protocol v1 support is enabled, Puma reads incoming bytes into an internal buffer. It waits for "\r\n" to determine whether a PROXY v1 line is present. If an attacker opens a TCP connection and continuously sends bytes...

5.8AI score0.0007EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/08 11:27 p.m.38 views

CVE-2026-11643

Use after free in Proxy in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via malicious network traffic. Chromium security severity: Critical...

0.00271EPSS
Exploits0References2
CVE
CVE
added 2026/06/08 11:27 p.m.32 views

CVE-2026-11643

CVE-2026-11643 : Use-after-free in Proxy handling of Google Chrome before version 149.0.7827.103 allows a remote attacker to execute arbitrary code via malicious network traffic. Impact is rated high/critical; exploit would require network access with no user interaction. The documented remediati...

8.1CVSS6AI score0.00271EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.5 views

CVE-2026-11643

Use after free in Proxy in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via malicious network traffic. Chromium security severity: Critical...

8.1CVSS6AI score0.00271EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/08 11:27 p.m.8 views

CVE-2026-11643

Use after free in Proxy in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via malicious network traffic. Chromium security severity: Critical...

6AI score0.00271EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/08 11:27 p.m.11 views

CVE-2026-11643

Use after free in Proxy in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via malicious network traffic. Chromium security severity: Critical...

8.1CVSS6AI score0.00271EPSS
Exploits0
NVD
NVD
added 2026/06/08 8:17 p.m.20 views

CVE-2026-40519

Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticated remote code execution vulnerability via OS command injection in the setupCertbotPlugins function in backend/setup.js, allowing attackers with certificates:manage permission to execute arbitrary...

7.7CVSS0.00921EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/08 7:28 p.m.6 views

CVE-2026-40519

Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticated remote code execution vulnerability via OS command injection in the setupCertbotPlugins function in backend/setup.js, allowing attackers with certificates:manage permission to execute arbitrary...

7.7CVSS6.7AI score0.00921EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/06/08 7:28 p.m.76 views

CVE-2026-40519

Nginx Proxy Manager versions 2.9.14–2.15.1 are affected by an authenticated remote code execution via OS command injection in backend/setup.js (setupCertbotPlugins). The user-controlled dns_provider_credentials field is interpolated directly into a shell command executed with child_process.exec()...

7.7CVSS6.7AI score0.00921EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/08 7:28 p.m.13 views

EUVD-2026-35196

Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticated remote code execution vulnerability via OS command injection in the setupCertbotPlugins function in backend/setup.js, allowing attackers with certificates:manage permission to execute arbitrary...

7.7CVSS6.7AI score0.00921EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/08 7:28 p.m.9 views

CVE-2026-40519 Nginx Proxy Manager Authenticated RCE via setupCertbotPlugins()

Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticated remote code execution vulnerability via OS command injection in the setupCertbotPlugins function in backend/setup.js, allowing attackers with certificates:manage permission to execute arbitrary...

7.7CVSS6.7AI score0.00921EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/08 7:28 p.m.45 views

CVE-2026-40519 Nginx Proxy Manager Authenticated RCE via setupCertbotPlugins()

Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticated remote code execution vulnerability via OS command injection in the setupCertbotPlugins function in backend/setup.js, allowing attackers with certificates:manage permission to execute arbitrary...

7.7CVSS0.00921EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/08 6:38 p.m.6 views

Security Bulletin: Langflow OSS affected by vulnerabilies in Axios versions prior to 1.15.0

Summary Langflow OSS affected by vulnerabilies in Axios versions prior to 1.15.0 Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checki...

9.9CVSS5.5AI score0.01186EPSS
Exploits1Affected Software1
NVD
NVD
added 2026/06/08 5:16 p.m.9 views

CVE-2026-39908

OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy source with a UNC path pointing to an attacker-controlled server. When the job starts, the application...

7.1CVSS0.00314EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 5:16 p.m.23 views

CVE-2026-25855

OpenBullet2 through version 0.3.2 contains a remote code execution vulnerability that allows authenticated users to execute arbitrary commands by uploading script files .bat.ps1.sh through the FileProxySource proxy loading feature. Attackers can upload malicious script files as proxy sources,...

8.8CVSS0.0057EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/08 5:16 p.m.13 views

CVE-2026-10532

A flaw was found in the logback-core component of QOS.CH Sarl logback. This deserialization of untrusted data vulnerability allows a remote attacker, by influencing serialized data sent to SimpleSocketServer or SimpleSSLSocketServer, to instantiate Proxy objects. Although heavily restricted by...

6.3CVSS5.6AI score0.00342EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 4:49 p.m.11 views

EUVD-2026-35134

OpenBullet2 through version 0.3.2 contains a remote code execution vulnerability that allows authenticated users to execute arbitrary commands by uploading script files .bat.ps1.sh through the FileProxySource proxy loading feature. Attackers can upload malicious script files as proxy sources,...

8.8CVSS6.7AI score0.0057EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/08 4:49 p.m.7 views

CVE-2026-25855 OpenBullet2 0.3.2 Authenticated RCE via FileProxySource Script Upload

OpenBullet2 through version 0.3.2 contains a remote code execution vulnerability that allows authenticated users to execute arbitrary commands by uploading script files .bat.ps1.sh through the FileProxySource proxy loading feature. Attackers can upload malicious script files as proxy sources,...

8.8CVSS6.7AI score0.0057EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/08 4:49 p.m.40 views

CVE-2026-25855 OpenBullet2 0.3.2 Authenticated RCE via FileProxySource Script Upload

OpenBullet2 through version 0.3.2 contains a remote code execution vulnerability that allows authenticated users to execute arbitrary commands by uploading script files .bat.ps1.sh through the FileProxySource proxy loading feature. Attackers can upload malicious script files as proxy sources,...

8.8CVSS0.0057EPSS
Exploits0References2
Rows per page
Query Builder