262 matches found
EUVD-2026-44823
PlaywrightCapture stored capture-specific configuration and runtime data as mutable class-level variables rather than instance-level variables. Consequently, multiple Capture objects running within the same Python process could share state, including HTTP headers, cookies, browser storage, HTTP...
Insertion of Sensitive Information Into Sent Data
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the process of reusing a handle for sequential transfers with environment-variable proxy configuration. An attacker can cause sensitive authentication headers to be sent to an...
CVE-2026-53755 Crawl4AI: SSRF via proxy settings in the Docker server bypasses the crawl-URL SSRF check
Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.9, the Docker API server applied its SSRF destination check to the crawl target URL only, not to the proxy address. An unauthenticated request could supply a proxy pointing at an internal IP and route the browser through...
PT-2026-50525
Name of the Vulnerable Software and Affected Versions Sonatype Nexus Repository Manager versions prior to 3.93.0 Description An authorization bypass exists in the proxy repository configuration. This issue allows a delegated repository administrator to disclose stored upstream proxy credentials...
PT-2026-50166
Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.9 Description The Docker API server fails to apply Server-Side Request Forgery SSRF destination checks to proxy addresses, only validating the crawl target URL. Because the Docker API is unauthenticated by defaul...
CVE-2026-53832 OpenClaw < 2026.5.18 - Identity Header Forgery via Trusted-Proxy Configuration
OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local same-host callers to forge trusted-proxy identity headers. Attackers with access to the proxy-facing Gateway port can supply forged identity headers to assume operator identity and potentially escalate...
CVE-2026-53832 OpenClaw < 2026.5.18 - Identity Header Forgery via Trusted-Proxy Configuration
OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local same-host callers to forge trusted-proxy identity headers. Attackers with access to the proxy-facing Gateway port can supply forged identity headers to assume operator identity and potentially escalate...
CVE-2026-44489 Axios: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix
Axios is a promise based HTTP client for the browser and Node.js. From 1.15.2 to before 1.16.0, nested objects created by utils.merge e.g., config.proxy are still constructed as plain with Object.prototype in their chain. The setProxy function at lib/adapters/http.js:209-223 reads proxy.username,...
VMware Spring AMQP 信任管理问题漏洞
VMware Spring AMQP is a message queue integration framework developed by VMware, Inc. There is a vulnerability related to trust management in VMware Spring AMQP. This vulnerability arises when configuring a proxy connection using RabbitConnectionFactoryBean.setUriamqps://…, without calling...
[SECURITY] [DLA 4615-1] exim4 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4615-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz June 05, 2026 https://wiki.debian.org/LTS -...
CVE-2026-48840
Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client...
CVE-2026-44213 OpenTelemetry.Exporter.Instana bypasses TLS certificate validation when a proxy is configured
The OpenTelemetry.Exporter.Instana exports telemetry to Instana backend. Prior to 1.1.0, the OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana back-end when a proxy is configured using the...
CVE-2026-44213
The CVE affects the OpenTelemetry.Exporter.Instana NuGet package. Before version 1.1.0, when INSTANA_ENDPOINT_PROXY is set, the Transport.ConfigureBackendClient() code creates an HttpClient that disables TLS certificate validation, allowing a network attacker to perform a MitM on the proxy and re...
CVE-2026-44213
The OpenTelemetry.Exporter.Instana exports telemetry to Instana backend. Prior to 1.1.0, the OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana back-end when a proxy is configured using the...
CVE-2026-44213 OpenTelemetry.Exporter.Instana bypasses TLS certificate validation when a proxy is configured
The OpenTelemetry.Exporter.Instana exports telemetry to Instana backend. Prior to 1.1.0, the OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana back-end when a proxy is configured using the...
OpenTelemetry Collector Contrib 信任管理问题漏洞
OpenTelemetry Collector Contrib is an extensible telemetry data collection component library developed by OpenTelemetry - CNCF. Versions of OpenTelemetry Collector Contrib prior to 1.1.0 contained a trust management vulnerability. This vulnerability stemmed from the lack of validation of HTTPS/TL...
Astra Linux – Vulnerability in libproxy
In libproxy, the url.cpp module in version 0.4.15 is vulnerable to a buffer overflow when PAC is enabled. This vulnerability was confirmed by using a large PAC file that was sent without a Content-length header...
BIT-NGINX-GATEWAY-2026-42926 NGINX ngx_http_proxy_v2_module vulnerability
When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.20 contained security vulnerabilities. These vulnerabilities stemmed from security bypasses in the proxy’s config.patch and config.apply endpoints, which failed to protect...
OpenTelemetry.Exporter.Instana bypasses TLS certificate validation when a proxy is configured
Summary The OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana back-end when a proxy is configured using the INSTANAENDPOINTPROXY environment variable. If a network attacker can Man-in-the-Middle MitM the...