CVE-2026-25738

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Versions prior to 3.3.10 are vulnerable to server-side request forgery. Indico makes outgoing requests to user-provides URLs in various places. This is mostly intentional and part of...

Security update for apptainer

This update for apptainer fixes the following issues: Security fixes: CVE-2024-45310: Fixed runc being tricked into creating empty files/directories on host bsc1257432 CVE-2025-65105: Fixed security bypass due to disabling security options bsc1255462 CVE-2025-47914: Fixed malformed constraint may...

SUSE-SU-2026:0439-1 Security update for apptainer

This update for apptainer fixes the following issues: Security fixes: - CVE-2024-45310: Fixed runc being tricked into creating empty files/directories on host bsc1257432 - CVE-2025-65105: Fixed security bypass due to disabling security options bsc1255462 - CVE-2025-47914: Fixed malformed constrai...

CVE-2026-1467

A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF Carriage Return Line Feed Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing ...

CVE-2026-1467

A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF Carriage Return Line Feed Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing ...

MiracleLinux 7 : curl-7.29.0-59.el7.2 (AXSA:2023-7014:15)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-7014:15 advisory. curl: Use-after-free triggered by an HTTP proxy deny response CVE-2022-43552 Tenable has extracted the preceding description block directly from the...

MiracleLinux 8 : go-toolset:rhel8 (AXSA:2022-3736:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3736:01 advisory. golang: compress/gzip: stack exhaustion in Reader.Read CVE-2022-30631 golang: net/http: improper sanitization of Transfer-Encoding header...

MiracleLinux 9 : grafana-pcp-3.2.0-3.el9 (AXSA:2023-4824:01)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-4824:01 advisory. golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: io/fs: stack exhaustion in Glob CVE-2022-30630 golang:...

MiracleLinux 7 : curl-7.29.0-25.0.1.el7.AXS7 (AXSA:2015-843:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-843:01 advisory. curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FIL...

MiracleLinux 4 : spice-gtk-0.20-11.AXS4 (AXSA:2014-014:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2014-014:01 advisory. Client libraries for SPICE desktop servers. Security issues fixed with this release: CVE-2013-4324 spice-gtk 0.14, and possibly other versions, invokes the...

MiracleLinux 7 : php55-php-5.5.21-5.el7 (AXSA:2016-632:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-632:01 advisory. Security issues fixed with this release: CVE-2016-5385 PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore...

MiracleLinux 4 : php-5.3.3-48.AXS4 (AXSA:2016-621:04)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-621:04 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in...

CVE-2022-23021

On BIG-IP version 16.1.x before 16.1.2, when any of the following configurations are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate: HTTP redirect rule in an LTM policy, BIG-IP APM Access Profile, and Explicit HTTP Proxy in HTTP...

CVE-2024-41813

txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Starting in version 1.4.0 and prior to version 1.6.1, a Server-Side Request Forgery SSRF vulnerability in the /proxy route of txtdot allows remote attackers to use the server as a proxy ...

How to Configure HTTP Proxy for Linux-based Veeam Components

Purpose This article documents how to configure HTTP and HTTPS Proxy settings for Linux-based components, including the Veeam Software Appliance and JeOS-deployed Veeam Infrastructure Appliances, in environments where a proxy must be used to access the internet. Note: For proxy configuration...

Security Bulletin: IBM Edge Data Collector uses http-proxy-middleware - 2.0.7 which is vulnerable to CVE-2025-32996, CVE-2025-32997.

Summary IBM Edge Data Collector uses http-proxy-middleware - 2.0.7 which is vulnerable to CVE-2025-32996, CVE-2025-32997. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-32996 DESCRIPTION: In http-proxy-middleware before 2.0.8 and 3.x before...

[SECURITY] Fedora 43 Update: golang-github-openprinting-ipp-usb-0.9.30-7.fc43

HTTP reverse proxy, backed by IPP-over-USB connection to device. It enables driverless support for USB devices capable of using IPP-over-USB protocol...

EUVD-2025-37135

Malicious code in epic-http-proxy npm...

Malicious code in epic-http-proxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 863036bf2f0ff62d106f010a0cc099bd3c46d4e9523731ae59449678897ee556 The package epic-http-proxy was found to contain malicious code...

MAL-2025-49158 Malicious code in epic-http-proxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 863036bf2f0ff62d106f010a0cc099bd3c46d4e9523731ae59449678897ee556 The package epic-http-proxy was found to contain malicious code...