CVE-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

CVE-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

CVE-2026-1502

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

CVE-2026-5119

CVE-2026-5119 concerns libsoup. The flaw: when establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext inside the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, enabling ...

CVE-2026-5119

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

Environment Variable Leak

changedetection.io is vulnerable to Environment Variable Leak. The vulnerability is due to the use of the jq env builtin in include filter expressions, where an authenticated user can leak sensitive environment variables including SALTEDPASS, PLAYWRIGHTDRIVERURL, HTTPPROXY, and any secrets passed...

CVE-2026-33981

Technical details for CVE-2026-33981 are not publicly available in the provided documents. No affected products, impact, or remediation are identifiable here. Monitor for updates .

CVE-2026-33981 Changedetection.io Discloses Environment Variables via jq env Builtin in Include Filters

changedetection.io is a free open source web page change detection tool. Prior to 0.54.7, the jq: and jqraw: include filter expressions allow use of the jq env builtin, which reads all process environment variables and stores them as the watch snapshot. An authenticated user or unauthenticated us...

SUSE CVE-2026-32854

LibVNCServer versions 0.9.15 and prior fixed in commit dc78dee contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit...

Linux Distros Unpatched Vulnerability : CVE-2026-32854

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LibVNCServer versions 0.9.15 and prior fixed in commit dc78dee contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInp...

CVE-2026-32854

A flaw was found in LibVNCServer. This vulnerability allows a remote attacker to cause a Denial of Service DoS by sending specially crafted HTTP requests. The flaw exists in the HTTP proxy handlers, where missing validation of certain return values can lead to a null pointer dereference, causing...

CVE-2026-32854

LibVNCServer versions 0.9.15 and prior fixed in commit dc78dee contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit...

DEBIAN-CVE-2026-32854

LibVNCServer versions 0.9.15 and prior fixed in commit dc78dee contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit...

CVE-2026-32854

LibVNCServer versions 0.9.15 and prior fixed in commit dc78dee contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit...

CVE-2026-33407 Wallos: SSRF via HTTP Proxy Environment Variable

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, Wallos endpoints/logos/search.php accepts HTTPPROXY and HTTPSPROXY environment variables without validation, enabling SSRF via proxy hijacking. The server performs DNS resolution on user-supplied search...

LibVNCServer 代码问题漏洞

LibVNCServer is a cross-platform C language library that enables the implementation of VNC Virtual Network Computing server or client functions in programs. Versions of LibVNCServer prior to 0.9.15 have code vulnerabilities due to a null pointer dereferencing issue in the HTTP proxy handler, whic...

curl: HTTP/1.1 Response Desynchronization via conflicting CL/TE headers in Proxy CONNECT

Summary: curl fails to prioritize the Transfer-Encoding: chunked header over Content-Length in HTTP/1.1 proxy responses specifically 407/401 auth challenges, violating RFC 9112 Section 6.1. I have identified the root cause in cf-h1-proxy.c. In the response-handling loop around line 466, the code...

CVE-2026-4528 trueleaf ApiFlow URL Validation http_proxy.service.ts validateUrlSecurity server-side request forgery

A vulnerability was determined in trueleaf ApiFlow 0.9.7. The impacted element is the function validateUrlSecurity of the file packages/server/src/service/proxy/httpproxy.service.ts of the component URL Validation Handler. This manipulation causes server-side request forgery. Remote exploitation ...

Authentication Bypass by Primary Weakness

Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness in the urlmatchproxyuse function used by the CONNECT operation for an HTTP proxy connection. An attacker in control of an already-authenticated connection can authenticate using its credentials ...

DEBIAN-CVE-2026-3784

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection...