Lucene search
+L

181 matches found

Github Security Blog
Github Security Blog
added 2026/03/12 2:23 p.m.11 views

SiYuan has a Full-Read SSRF via /api/network/forwardProxy

Summary The /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and headers. There is no URL validation to prevent requests to...

8.3CVSS5.9AI score0.00278EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/03/11 9:16 p.m.8 views

CVE-2026-32110

SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and...

8.3CVSS0.00278EPSS
Exploits1References1
OSV
OSV
added 2026/03/11 8:38 p.m.4 views

CVE-2026-32110 SiYuan has a Full-Read SSRF via /api/network/forwardProxy

SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and...

8.3CVSS5.9AI score0.00278EPSS
Exploits1References3
CVE
CVE
added 2026/03/11 8:38 p.m.16 views

CVE-2026-32110

SiYuan (personal knowledge management system) suffers a Full-Read SSRF via the /api/network/forwardProxy endpoint prior to version 3.6.0. Authenticated users can supply a user-controlled URL and trigger the server to fetch arbitrary HTTP resources, with the system returning the full response body...

8.3CVSS5.9AI score0.00278EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/03/11 8:38 p.m.32 views

CVE-2026-32110 SiYuan has a Full-Read SSRF via /api/network/forwardProxy

SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and...

8.3CVSS0.00278EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/11 8:38 p.m.4 views

CVE-2026-32110

SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and...

8.3CVSS5.9AI score0.00278EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.5 views

SiYuan 代码问题漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.6.0 contained code vulnerabilities. These vulnerabilities stemmed from a lack of URL validation in the/api/network/forwardProxy endpoint. This allowed authenticated users to make...

8.3CVSS7.5AI score0.00278EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.8 views

PT-2026-24836

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.0 Description SiYuan is a personal knowledge management system. The /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a...

9.9CVSS7.2AI score0.22162EPSS
Exploits70References137
RedhatCVE
RedhatCVE
added 2026/01/09 10:53 a.m.11 views

CVE-2022-23016

On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG-IP SSL Forward Proxy with TLS 1.3 is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS a...

7.5CVSS6.8AI score0.0092EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.4 views

TencentOS Server 3: mod_http2 (TSSA-2022:0259)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0259 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

8.2CVSS7.5AI score0.82295EPSS
Exploits1References3
Veracode
Veracode
added 2025/11/04 5:40 a.m.6 views

Use-After-Free

github.com/envoyproxy/envoy is vulnerable to a Use-After-Free. The vulnerability is due to improper handling of DNS cache operations in the Dynamic Forward Proxy implementation, where a completion callback can trigger new or remove existing DNS resolutions, which allows an attacker to cause...

7.5CVSS6.6AI score0.0044EPSS
Exploits0References5Affected Software1
CNVD
CNVD
added 2025/10/17 12:0 a.m.5 views

F5 BIG-IP SSL Orchestrator Memory Corruption Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A memory corruption vulnerability exists in the Explicit Forward Proxy module of the BIG-IP SSL Orchestrator. The vulnerabilit...

8.7CVSS6.9AI score0.00324EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/16 2:51 p.m.5 views

CVE-2025-55036

When BIG-IP SSL Orchestrator explicit forward proxy is configured on a virtual server and the proxy connect feature is enabled, undisclosed traffic may cause memory corruption. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS6.8AI score0.00324EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/15 3:30 p.m.8 views

EUVD-2025-34645

When BIG-IP SSL Orchestrator explicit forward proxy is configured on a virtual server and the proxy connect feature is enabled, undisclosed traffic may cause memory corruption. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS6.3AI score0.00324EPSS
Exploits0References2
OSV
OSV
added 2025/10/15 2:15 p.m.2 views

CVE-2025-55036

When BIG-IP SSL Orchestrator explicit forward proxy is configured on a virtual server and the proxy connect feature is enabled, undisclosed traffic may cause memory corruption. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS5.8AI score0.00324EPSS
Exploits0References1
NVD
NVD
added 2025/10/15 2:15 p.m.7 views

CVE-2025-55036

When BIG-IP SSL Orchestrator explicit forward proxy is configured on a virtual server and the proxy connect feature is enabled, undisclosed traffic may cause memory corruption. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS0.00324EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/15 1:55 p.m.3 views

CVE-2025-55036 BIG-IP SSL Orchestrator vulnerability

When BIG-IP SSL Orchestrator explicit forward proxy is configured on a virtual server and the proxy connect feature is enabled, undisclosed traffic may cause memory corruption. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS6.4AI score0.00324EPSS
Exploits0References1
CVE
CVE
added 2025/10/15 1:55 p.m.19 views

CVE-2025-55036

CVE-2025-55036 affects F5 BIG-IP SSL Orchestrator. When an explicit forward proxy is configured on a virtual server and the proxy connect feature is enabled, undisclosed traffic can trigger a memory corruption in the Explicit Forward Proxy component, leading to degraded performance or a DoS via T...

8.7CVSS6.4AI score0.00324EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/10/15 12:0 a.m.6 views

F5 BIG-IP和F5 SSL Orchestrator 缓冲区错误漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A memory corruption vulnerability exists in the Explicit Forward Proxy module of the BIG-IP SSL Orchestrator. The vulnerabilit...

8.7CVSS6.8AI score0.00324EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/10/15 12:0 a.m.5 views

F5 Networks BIG-IP : BIG-IP SSL Orchestrator vulnerability (K000151368)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.8 / 16.1.6 / 17.1.3. It is, therefore, affected by a vulnerability as referenced in the K000151368 advisory. When BIG-IP SSL Orchestrator explicit forward proxy is configured on a virtual server and the proxy conne...

8.7CVSS5.6AI score0.00324EPSS
Exploits0References2
Rows per page
Query Builder