116 matches found
Exploit for Improper Input Validation in Hoverfly
CVE-2025-54123 — Hoverfly Middleware API Remote Code Execution...
📄 Hoverfly 1.11.3 Remote Command Execution
This Python script is an exploitation tool targeting a vulnerable Hoverfly API endpoint, specifically the /api/v2/hoverfly/middleware functionality, which allows execution of user-supplied input through a backend binary...
Linux Distros Unpatched Vulnerability : CVE-2026-31842
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs....
Tinyproxy 安全漏洞
Tinyproxy is a small, efficient HTTP/SSL proxy daemon developed by Tinyproxy. Versions of Tinyproxy 1.11.3 and earlier contained security vulnerabilities. These vulnerabilities stemmed from asynchronous HTTP request parsing, which could lead to denial-of-service attacks or bypassing security chec...
OPENSUSE-SU-2026:20456-1 Security update for tinyproxy
This update for tinyproxy fixes the following issues: Changes in tinyproxy: - CVE-2026-3945: Fixed denial of service by unauthenticated remote attacker boo1261024 - Update to release 1.11.3 conf: add BasicAuthRealm feature basic auth: fix error status 401 vs 407 tinyproxy.conf.5: explain what a...
Security update for tinyproxy (important)
openSUSE Security Update: Security update for tinyproxy Announcement ID: openSUSE-SU-2026:0111-1 Rating: important References: 1261024 Cross-References: CVE-2026-3945 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description: This update...
Linux Distros Unpatched Vulnerability : CVE-2026-3945
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to and including version 1.11.3 allows an unauthenticated remote...
EUVD-2026-17066
An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to and including version 1.11.3 allows an unauthenticated remote attacker to cause a denial of service DoS. The issue occurs because chunk size values are parsed using strtol without properly validating...
UBUNTU-CVE-2026-3945
An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to and including version 1.11.3 allows an unauthenticated remote attacker to cause a denial of service DoS. The issue occurs because chunk size values are parsed using strtol without properly validating...
CVE-2026-3945
An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to and including version 1.11.3 allows an unauthenticated remote attacker to cause a denial of service DoS. The issue occurs because chunk size values are parsed using strtol without properly validating...
CVE-2026-3945
Tinyproxy (up to 1.11.3) contains an integer overflow in the HTTP chunked transfer encoding parser. Chunk sizes are parsed with strtol() without proper overflow validation, allowing a crafted size (e.g., LONG_MAX) to bypass checks and overflow arithmetic (chunklen + 2). This can cause the proxy t...
Exploit for OS Command Injection in Hoverfly
CVE-2025-54123 A PoC demonstrating a RCE in Hoverfly version...
SUSE CVE-2026-24851
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.5 to v1.11.2 openfga-0.2.22= Helm chart = openfga-0.2.51, v.1.8.5 = docker = v.1.11.2 are vulnerable to improper policy enforcement when certain Check call...
CVE-2026-24851
An access control flaw has been discovered in OpenFGA. The vulnerability requires a model that has a a relation directly assignable by a type bound public access and assignable by type bound non-public access, a tuple assigned for the relation that is a type bound public access, a tuple assigned...
CVE-2026-24851 OpenFGA Improper Policy Enforcement
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.5 to v1.11.2 openfga-0.2.22= Helm chart = openfga-0.2.51, v.1.8.5 = docker = v.1.11.2 are vulnerable to improper policy enforcement when certain Check call...
EUVD-2026-5633
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.5 to v1.11.2 openfga-0.2.22= Helm chart = openfga-0.2.51, v.1.8.5 = docker = v.1.11.2 are vulnerable to improper policy enforcement when certain Check call...
CVE-2026-24851 OpenFGA Improper Policy Enforcement
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.5 to v1.11.2 openfga-0.2.22= Helm chart = openfga-0.2.51, v.1.8.5 = docker = v.1.11.2 are vulnerable to improper policy enforcement when certain Check call...
CVE-2026-24851
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.5 to v1.11.2 openfga-0.2.22= Helm chart = openfga-0.2.51, v.1.8.5 = docker = v.1.11.2 are vulnerable to improper policy enforcement when certain Check call...
OpenFGA Improper Policy Enforcement
Impact OpenFGA v1.8.5 to v1.11.2 openfga-0.2.22 = Helm chart = openfga-0.2.51, v.1.8.5 = docker = v.1.11.2 are vulnerable to improper policy enforcement when certain Check calls are executed. Affected Users Users are affected by this vulnerability if all of the following preconditions are met: -...
GHSA-JQ9F-GM9W-RWM9 OpenFGA Improper Policy Enforcement
Impact OpenFGA v1.8.5 to v1.11.2 openfga-0.2.22 = Helm chart = openfga-0.2.51, v.1.8.5 = docker = v.1.11.2 are vulnerable to improper policy enforcement when certain Check calls are executed. Affected Users Users are affected by this vulnerability if all of the following preconditions are met: -...