DEBIAN-CVE-2025-23217

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal...

UBUNTU-CVE-2025-23217

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal...

CVE-2025-23217

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal...

CVE-2025-23217

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal...

PT-2025-5851 · Mitmproxy +3 · Mitmproxy +3

Name of the Vulnerable Software and Affected Versions: mitmweb versions 11.1.1 and below mitmproxy versions 11.1.1 and below Description: A malicious client can use mitmweb's proxy server to access mitmweb's internal API, potentially leading to remote code execution. The mitmproxy and mitmdump...

CVE-2024-11481

A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of path traversal, insecure forwarding to an AJP backend without adequate validation, and lack of authentication for accessing internal API endpoints...

CVE-2024-11481

A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of path traversal, insecure forwarding to an AJP backend without adequate validation, and lack of authentication for accessing internal API endpoints...

CVE-2024-11481

A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of path traversal, insecure forwarding to an AJP backend without adequate validation, and lack of authentication for accessing internal API endpoints...

CVE-2024-11481

A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of path traversal, insecure forwarding to an AJP backend without adequate validation, and lack of authentication for accessing internal API endpoints...

CVE-2024-27168

It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for the affected products/models/versions, see the reference URL...

CVE-2024-27168 Hardcoded keys used to generate authentication cookies

It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for the affected products/models/versions, see the reference URL...

CVE-2024-27168

CVE-2024-27168 involves hardcoded keys used to generate authentication cookies for internal APIs on Toshiba e‑STUDIO/MFP devices. Connected sources describe that private keys may let an attacker bypass authentication and reach the administrative interfaces, enabling information disclosure or cont...

CVE-2024-27163 Leak of admin password and passwords

Toshiba printers will display the password of the admin user in clear-text and additional passwords when sending 2 specific HTTP requests to the internal API. An attacker stealing the cookie of an admin or abusing a XSS vulnerability can recover this password in clear-text and compromise the...

CVE-2024-27163

CVE-2024-27163 affects Toshiba printers (notably MFPs/e-Studio). It exposes admin passwords (and additional passwords) in clear-text when two specific HTTP requests are sent to the internal API; an attacker who can steal an admin cookie or exploit XSS can recover these passwords and compromise th...

PT-2024-22652 · Dell · Dell Scg

Name of the Vulnerable Software and Affected Versions: Dell SCG versions prior to 5.24.00.00 Description: The issue is related to an Improper Access Control vulnerability in the SCG exposed for an internal update REST API. This API is only accessible if enabled by an Admin user from the UI. A...

MGASA-2024-0079 Updated libuv packages fix security vulnerability

It was discovered that the uvgetaddrinfo function in libuv, an asynchronous event notification library, incorrectly truncated certain hostnames, which may result in bypass of security measures on internal APIs or SSRF attacks. CVE-2024-24806...

Internet Bug Bounty: Libuv: Improper Domain Lookup that potentially leads to SSRF attacks

The vulnerability in the libuv library was caused by the improper truncation of hostnames to 256 characters before calling the getaddrinfo function. This behavior allowed the creation of addresses like 0x00007f000001, which were considered valid by getaddrinfo, potentially leading to SSRF attacks...

CVE-2023-29051

User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java API. The existing switch to disable the feature by default was not effective in this case. Unauthorized users could discover and modify application state, including objects related to other users...

Malicious code in @mendeley-internal/api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1bf5f20cb296d38e4859cdddfe26a5243135d149cd3f20f393a7a088c159110c Withdrawn Advisory This advisory has been withdrawn because it was generated erroneously. This link is maintained to preserve external references. Origin...

Private APIs at Risk: Q1-2023 API ThreatStats™ Report

According to a Mar-2022 API survey by Gartner, 98% of organizations use or are planning to use internal APIs – up from 88% in 2019. And 90% of organizations use or are planning to use private APIs provided by partners – up from 68% in 2019. Obviously, there’s a big blind spot in your API security...