Lucene search
K

1330 matches found

CNNVD
CNNVD
added 2026/03/26 12:0 a.m.10 views

Squid 安全漏洞

Squid is a set of open-source proxy servers and web caching servers developed by Squid. This software provides features such as caching the World Wide Web, filtering traffic, and proxy access. Versions of Squid prior to 7.5 contained security vulnerabilities; these vulnerabilities stemmed from th...

9.2CVSS5.8AI score0.08942EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.11 views

Squid 安全漏洞

Squid is a set of open-source proxy servers and web caching servers developed by Squid. This software provides features such as caching the World Wide Web, filtering traffic, and proxy access. Versions of Squid prior to 7.5 contained security vulnerabilities, which were caused by improper input...

6.9CVSS5.8AI score0.01039EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/03/24 5:31 p.m.3 views

CVE-2026-32854

LibVNCServer versions 0.9.15 and prior fixed in commit dc78dee contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit...

7.5CVSS5.4AI score0.05322EPSS
Exploits1
EUVD
EUVD
added 2026/03/23 9:30 p.m.8 views

EUVD-2026-14547

Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway SSL VPN, ICA Proxy, CVPN, RDP Proxy or AAA virtual server leading to User Session Mixup...

7.7CVSS5.8AI score0.03618EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/16 3:14 p.m.4 views

aenvironment (=0.1.7rc1), agent-mcp-server (=0.0.4.0) +301 more potentially affected by CVE-2025-69196 via fastmcp (>=0.1.0 <=2.14.1)

fastmcp PYPI version =0.1.0, =1.0.0, =0.4.6, =1.8.0, =0.1.1, =3.2.0, =3.2.0, =4.2.2, =3.0.2, =0.1.0, =0.2.7, =1.0.0rc1, =0.1.0, =0.1.1 - arthub-mcp-server =0.2.0 and more Source cves: CVE-2025-69196 Source advisory: OSV:GHSA-5H2M-4Q8J-PQPJ...

7.4CVSS5.7AI score0.00358EPSS
Exploits1
NVD
NVD
added 2026/03/11 11:16 a.m.4 views

CVE-2026-3784

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection...

6.5CVSS0.00302EPSS
Exploits1References5
OSV
OSV
added 2026/03/11 10:9 a.m.5 views

CVE-2026-3784 wrong proxy connection reuse with credentials

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection...

6.5CVSS6.8AI score0.00302EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/02/10 8:18 p.m.5 views

CVE-2026-1495

The vulnerability, if exploited, could allow an attacker with Event Log Reader S-1-5-32-573 privileges to obtain proxy details, including URL and proxy credentials, from the PI to CONNECT event log files. This could enable unauthorized access to the proxy server...

6.5CVSS5.5AI score0.00112EPSS
Exploits0References2
CVE
CVE
added 2026/02/10 8:18 p.m.16 views

CVE-2026-1495

CVE-2026-1495 concerns an information-insertion vulnerability in AVEVA PI to CONNECT Agent. The CVE describes that an attacker with Event Log Reader privileges (S-1-5-32-573) can access proxy details, including the proxy URL and credentials, from the PI to CONNECT event log files. This could enab...

6.5CVSS5.5AI score0.00112EPSS
Exploits0References1
ICS
ICS
added 2026/02/10 7:0 a.m.6 views

AVEVA PI to CONNECT Agent

RISK EVALUATION Successful exploitation of this vulnerability could result in an unauthorized access to the proxy server. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all...

6.5CVSS5.7AI score0.00112EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2025/12/18 10:37 p.m.6 views

CVE-2025-66029

Open OnDemand provides remote web access to supercomputers. In versions 4.0.8 and prior, the Apache proxy allows sensitive headers to be passed to origin servers. This means malicious users can create an origin server on a compute node that record these headers when unsuspecting users connect to...

7.6CVSS6.9AI score0.00168EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/17 12:0 a.m.10 views

CVE-2025-65083

GoSign Desktop through 2.4.1 disables TLS certificate validation when configured to use a proxy server. This can be problematic if the GoSign Desktop user selects an arbitrary proxy server without consideration of whether outbound HTTPS connections from the proxy server to Internet servers succee...

3.2CVSS0.00108EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/17 12:0 a.m.6 views

PT-2025-47160

Name of the Vulnerable Software and Affected Versions GoSign Desktop versions through 2.4.1 Description GoSign Desktop versions through 2.4.1 disable TLS certificate validation when configured to use a proxy server. This occurs if a user selects a proxy server without verifying that outbound HTTP...

3.2CVSS6.8AI score0.00108EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2025/11/12 12:0 a.m.3 views

Huawei EulerOS: Security Advisory for mod_http2 (EulerOS-SA-2025-2366)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.01149EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/11/11 12:0 a.m.6 views

Debian dla-4369 : squid - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4369 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4369-1 [email protected]...

10CVSS5.4AI score0.6332EPSS
Exploits2References6
Vulnrichment
Vulnrichment
added 2025/10/10 7:22 p.m.3 views

CVE-2025-61919 Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing

Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, Rack::RequestPOST reads the entire request body into memory for Content-Type: application/x-www-form-urlencoded, calling rack.input.readnil without enforcing a length or cap. Large request bodies can therefo...

7.5CVSS6.4AI score0.00605EPSS
Exploits0References4
OSV
OSV
added 2025/10/10 7:22 p.m.4 views

CVE-2025-61919 Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing

Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, Rack::RequestPOST reads the entire request body into memory for Content-Type: application/x-www-form-urlencoded, calling rack.input.readnil without enforcing a length or cap. Large request bodies can therefo...

7.5CVSS6.5AI score0.00605EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/10/10 12:0 a.m.6 views

PT-2025-41595

Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.20 Rack versions prior to 3.1.18 Rack versions prior to 3.2.3 Description Rack is a modular Ruby web server interface. In versions prior to 2.2.20, 3.1.18, and 3.2.3, the Rack::RequestPOST method reads the entire...

7.8CVSS6.8AI score0.00911EPSS
Exploits0References77
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2011-4579

Malware in sbrugna...

7.5CVSS7.5AI score0.01014EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2009-2065

Malware in sbrugna...

5.8CVSS6.4AI score0.02195EPSS
Exploits0References4
Rows per page
Query Builder