Lucene search
K

262 matches found

EUVD
EUVD
added 3 hours ago4 views

EUVD-2026-44823

PlaywrightCapture stored capture-specific configuration and runtime data as mutable class-level variables rather than instance-level variables. Consequently, multiple Capture objects running within the same Python process could share state, including HTTP headers, cookies, browser storage, HTTP...

7.1CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 2026/07/03 8:16 a.m.8 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the process of reusing a handle for sequential transfers with environment-variable proxy configuration. An attacker can cause sensitive authentication headers to be sent to an...

9.1CVSS6AI score0.00752EPSS
Exploits1References2
OSV
OSV
added 2026/06/23 6:15 p.m.3 views

CVE-2026-53755 Crawl4AI: SSRF via proxy settings in the Docker server bypasses the crawl-URL SSRF check

Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.9, the Docker API server applied its SSRF destination check to the crawl target URL only, not to the proxy address. An unauthenticated request could supply a proxy pointing at an internal IP and route the browser through...

8.6CVSS6AI score0.00289EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50525

Name of the Vulnerable Software and Affected Versions Sonatype Nexus Repository Manager versions prior to 3.93.0 Description An authorization bypass exists in the proxy repository configuration. This issue allows a delegated repository administrator to disclose stored upstream proxy credentials...

5.9CVSS5.2AI score0.0026EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.14 views

PT-2026-50166

Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.9 Description The Docker API server fails to apply Server-Side Request Forgery SSRF destination checks to proxy addresses, only validating the crawl target URL. Because the Docker API is unauthenticated by defaul...

8.6CVSS5.8AI score0.00289EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/12 9:56 p.m.34 views

CVE-2026-53832 OpenClaw < 2026.5.18 - Identity Header Forgery via Trusted-Proxy Configuration

OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local same-host callers to forge trusted-proxy identity headers. Attackers with access to the proxy-facing Gateway port can supply forged identity headers to assume operator identity and potentially escalate...

7.7CVSS0.00102EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 9:56 p.m.4 views

CVE-2026-53832 OpenClaw < 2026.5.18 - Identity Header Forgery via Trusted-Proxy Configuration

OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local same-host callers to forge trusted-proxy identity headers. Attackers with access to the proxy-facing Gateway port can supply forged identity headers to assume operator identity and potentially escalate...

7.4CVSS5.9AI score0.00102EPSS
Exploits0References5
OSV
OSV
added 2026/06/11 3:30 p.m.1 views

CVE-2026-44489 Axios: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix

Axios is a promise based HTTP client for the browser and Node.js. From 1.15.2 to before 1.16.0, nested objects created by utils.merge e.g., config.proxy are still constructed as plain with Object.prototype in their chain. The setProxy function at lib/adapters/http.js:209-223 reads proxy.username,...

3.7CVSS5.9AI score0.00228EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.20 views

VMware Spring AMQP 信任管理问题漏洞

VMware Spring AMQP is a message queue integration framework developed by VMware, Inc. There is a vulnerability related to trust management in VMware Spring AMQP. This vulnerability arises when configuring a proxy connection using RabbitConnectionFactoryBean.setUriamqps://…, without calling...

4CVSS5.3AI score0.00132EPSS
Exploits0References1
Debian
Debian
added 2026/06/05 7:58 a.m.14 views

[SECURITY] [DLA 4615-1] exim4 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4615-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz June 05, 2026 https://wiki.debian.org/LTS -...

5.3CVSS5.3AI score0.00264EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/30 1:50 a.m.12 views

CVE-2026-48840

Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client...

5.3CVSS5.8AI score0.00264EPSS
Exploits0References2
OSV
OSV
added 2026/05/26 9:34 p.m.3 views

CVE-2026-44213 OpenTelemetry.Exporter.Instana bypasses TLS certificate validation when a proxy is configured

The OpenTelemetry.Exporter.Instana exports telemetry to Instana backend. Prior to 1.1.0, the OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana back-end when a proxy is configured using the...

6.5CVSS6AI score0.00207EPSS
Exploits0References3
CVE
CVE
added 2026/05/26 9:34 p.m.23 views

CVE-2026-44213

The CVE affects the OpenTelemetry.Exporter.Instana NuGet package. Before version 1.1.0, when INSTANA_ENDPOINT_PROXY is set, the Transport.ConfigureBackendClient() code creates an HttpClient that disables TLS certificate validation, allowing a network attacker to perform a MitM on the proxy and re...

6.5CVSS5.8AI score0.00207EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 9:34 p.m.9 views

CVE-2026-44213

The OpenTelemetry.Exporter.Instana exports telemetry to Instana backend. Prior to 1.1.0, the OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana back-end when a proxy is configured using the...

6.5CVSS5.8AI score0.00207EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/26 9:34 p.m.43 views

CVE-2026-44213 OpenTelemetry.Exporter.Instana bypasses TLS certificate validation when a proxy is configured

The OpenTelemetry.Exporter.Instana exports telemetry to Instana backend. Prior to 1.1.0, the OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana back-end when a proxy is configured using the...

6.5CVSS0.00207EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

OpenTelemetry Collector Contrib 信任管理问题漏洞

OpenTelemetry Collector Contrib is an extensible telemetry data collection component library developed by OpenTelemetry - CNCF. Versions of OpenTelemetry Collector Contrib prior to 1.1.0 contained a trust management vulnerability. This vulnerability stemmed from the lack of validation of HTTPS/TL...

6.5CVSS5.8AI score0.00207EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in libproxy

In libproxy, the url.cpp module in version 0.4.15 is vulnerable to a buffer overflow when PAC is enabled. This vulnerability was confirmed by using a large PAC file that was sent without a Content-length header...

9.8CVSS8.7AI score0.03569EPSS
Exploits0References1
OSV
OSV
added 2026/05/15 8:50 a.m.8 views

BIT-NGINX-GATEWAY-2026-42926 NGINX ngx_http_proxy_v2_module vulnerability

When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...

6.3CVSS5.8AI score0.00339EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.20 contained security vulnerabilities. These vulnerabilities stemmed from security bypasses in the proxy’s config.patch and config.apply endpoints, which failed to protect...

7.1CVSS5.8AI score0.00218EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/08 8:48 p.m.12 views

OpenTelemetry.Exporter.Instana bypasses TLS certificate validation when a proxy is configured

Summary The OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana back-end when a proxy is configured using the INSTANAENDPOINTPROXY environment variable. If a network attacker can Man-in-the-Middle MitM the...

6.5CVSS5.8AI score0.00207EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder