Lucene search
K

310 matches found

AlpineLinux
AlpineLinux
added 2026/05/25 8:16 p.m.20 views

CVE-2026-48851

PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session...

3.1CVSS5.8AI score0.00224EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.14 views

PT-2026-43123

Name of the Vulnerable Software and Affected Versions PuTTY versions 0.77 through 0.83 Description The software uses a copy of the PuTTY icon to indicate trust for TELNET data. However, the trust status is not cleared between the proxy authentication phase and the main session, which may lead to...

3.1CVSS5.8AI score0.00224EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.9 views

PuTTY 安全漏洞

PuTTY is a suite of free Telnet, Rlogin and SSH client software from the individual developer Simon Tatham. The software is primarily used for remote administration of Linux systems. A security vulnerability exists in PuTTY versions prior to 0.84 that stems from using a copy of the PuTTY icon as ...

3.1CVSS5.8AI score0.00224EPSS
Exploits0References2
OSV
OSV
added 2026/05/22 5:52 p.m.11 views

CLSA-2026-1779372207 curl: Fix of CVE-2026-7168

CVE-2026-7168: clear proxy Digest auth state when CURLOPTPROXY is reassigned to a different proxy host on the same easy handle so a stale Proxy-Authorization header is not replayed to the new proxy...

5.3CVSS5.8AI score0.00471EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.10 views

LiteLLM 安全漏洞

LiteLLM is an open-source application developed by Berri AI. It allows for the invocation of all LLM APIs in the OpenAI format. Versions of LiteLLM from 1.80.5 to 1.83.7 contained a security vulnerability. This vulnerability stemmed from the POST /prompts/test endpoint accepting user-provided...

8.8CVSS6.3AI score0.00373EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/28 6:10 p.m.2 views

CVE-2026-41404 OpenClaw < 2026.3.31 - Operator Admin Privilege Escalation via Trusted-Proxy Authentication

OpenClaw before 2026.3.31 contains an incomplete scope-clearing vulnerability in trusted-proxy authentication mode that allows operator.admin privilege escalation. Attackers can exploit this by declaring operator scopes on non-Control-UI clients, allowing self-declared scopes to persist on...

8.8CVSS5.3AI score0.0034EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.9 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from incomplete range clearance issues in the trusted proxy authentication mode, which could allow attackers...

8.8CVSS5.8AI score0.0034EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.8 views

PT-2026-35787

OpenClaw before 2026.3.31 contains an incomplete scope-clearing vulnerability in trusted-proxy authentication mode that allows operator.admin privilege escalation. Attackers can exploit this by declaring operator scopes on non-Control-UI clients, allowing self-declared scopes to persist on...

8.8CVSS5.3AI score0.0034EPSS
Exploits0References6
Hacker One
Hacker One
added 2026/04/27 2:54 a.m.31 views

curl: CVE-2026-7168: cross-proxy Digest auth state leak

Summary: On libcurl 8.19.0, Proxy Digest state learned from proxyA survives an independent transfer boundary on a reused easy handle and is emitted preemptively to proxyB when the proxy is changed. In the attached C PoC, the first CONNECT to proxyB carries Proxy-Authorization: Digest ... built fr...

5.3CVSS5.5AI score0.00471EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/04/22 7:22 p.m.6 views

CVE-2026-40606

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmproxy 12.2.1 and below, the builtin LDAP proxy authentication does not correctly sanitize the username when querying the LDAP...

4.8CVSS5.7AI score0.00166EPSS
Exploits1References1
PyPA
PyPA
added 2026/04/21 6:16 p.m.18 views

PYSEC-2026-92

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmproxy 12.2.1 and below, the builtin LDAP proxy authentication does not correctly sanitize the username when querying the LDAP...

4.8CVSS5.7AI score0.00166EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/21 5:43 p.m.7 views

CVE-2026-40606 ProxyAuth Addon LDAP Injection in mitmproxy

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmproxy 12.2.1 and below, the builtin LDAP proxy authentication does not correctly sanitize the username when querying the LDAP...

4.8CVSS5.7AI score0.00166EPSS
Exploits1References1
Snyk
Snyk
added 2026/04/14 1:8 a.m.6 views

LDAP Injection

Overview mitmproxy is an interactive, SSL/TLS-capable intercepting proxy with a console interface for HTTP/1, HTTP/2, and WebSockets. Affected versions of this package are vulnerable to LDAP Injection through the Ldap authentication handler in mitmproxy/addons/proxyauth.py. An attacker can...

8.3CVSS5.8AI score0.00166EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.10 views

PT-2026-33226

Name of the Vulnerable Software and Affected Versions mitmproxy versions prior to 12.2.2 Description The builtin LDAP proxy authentication fails to correctly sanitize the username when querying the LDAP server. This allows a malicious client to bypass authentication. This issue only affects...

4.8CVSS5.2AI score0.00166EPSS
Exploits1References7
OSV
OSV
added 2026/04/12 8:35 a.m.4 views

SUSE-SU-2026:1281-1 Security update for the Linux Kernel (Live Patch 42 for SUSE Linux Enterprise 15 SP4)

This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.170 fixes various security issues The following security issues were fixed: - CVE-2025-39973: i40e: add validation for ringlen param bsc1252036. - CVE-2025-40018: ipvs: Defer ipvsftp unregister during netns cleanup bsc1252689. -...

7.8CVSS5.8AI score0.00204EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2026/04/08 7:34 p.m.4 views

CVE-2026-35607

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, the fix in commit b6a4fb1 "self-registered users don't get execute perms" stripped Execute permission and Commands from users created via the...

8.8CVSS6.1AI score0.00383EPSS
Exploits1References1
Snyk
Snyk
added 2026/04/08 12:5 a.m.5 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the createUser process in auth/proxy.go when proxy authentication is enabled and default settings include non-empty commands. An attacker can gain unauthorized execution capabilities and access to...

8.8CVSS5.9AI score0.00383EPSS
Exploits1References2
OSV
OSV
added 2026/04/08 12:5 a.m.2 views

GHSA-7526-J432-6PPP File Browser: Proxy auth auto-provisioned users inherit Execute permission and Commands

Summary The fix in commit b6a4fb1 "self-registered users don't get execute perms" stripped Execute permission and Commands from users created via the signup handler. The same fix was not applied to the proxy auth handler. Users auto-created on first successful proxy-auth login are granted executi...

8.1CVSS6.1AI score0.00383EPSS
Exploits1References4
Snyk
Snyk
added 2026/04/08 12:5 a.m.5 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the createUser process in auth/proxy.go when proxy authentication is enabled and default settings include non-empty commands. An attacker can gain unauthorized execution capabilities and access to...

8.8CVSS5.9AI score0.00383EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/08 12:5 a.m.3 views

EUVD-2026-19782

File Browser: Proxy auth auto-provisioned users inherit Execute permission and Commands...

8.1CVSS5.9AI score0.00383EPSS
Exploits1References3
Rows per page
Query Builder