Lucene search
K

1332 matches found

Cvelist
Cvelist
added 2026/05/08 3:38 a.m.72 views

CVE-2026-42208 LiteLLM: SQL injection in Proxy API key verification

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.81.16 to before version 1.83.7, a database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An...

9.3CVSS0.86607EPSS
Exploits7References2
ATTACKERKB
ATTACKERKB
added 2026/05/08 3:36 a.m.7 views

CVE-2026-42203

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.80.5 to before version 1.83.7, the POST /prompts/test endpoint accepted user-supplied prompt templates and rendered them without sandboxing. A crafted template could run arbitrary code inside the...

8.6CVSS6AI score0.00373EPSS
Exploits1References3Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/06 11:48 a.m.22 views

libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

8.2CVSS5.7AI score0.00254EPSS
Exploits1References5
OSV
OSV
added 2026/05/05 9:15 p.m.2 views

GHSA-7XP7-M392-H92C @evomap/evolver has an unbounded request body in proxy /asset/submit that causes persistent disk-exhaustion DoS

Summary The EvoMap proxy daemon's HTTP body parser accepts requests of any size, and the POST /asset/submit route persists the full request body — verbatim and uncapped — as a JSONL line in /messages.jsonl. An unauthenticated local attacker other local user, container neighbor, or malicious npm...

6.2CVSS5.9AI score
Exploits0References2
OSV
OSV
added 2026/05/05 12:0 a.m.8 views

UBUNTU-CVE-2026-34032

Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

5.3CVSS5.8AI score0.00485EPSS
Exploits0References3
NVD
NVD
added 2026/05/01 4:16 p.m.8 views

CVE-2026-37504

Sensitive servertoken exposed via GET parameter in V2Board thru 1.7.4. In app/Http/Controllers/Server/UniProxyController.php, the server authentication token is accepted via GET parameter transmission. The token appears in URLs such as /api/v1/server/UniProxy/user?token=SECRET, causing it to be...

7.5CVSS0.00286EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.7 views

RHEL 9 : squid (RHSA-2026:10257)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:10257 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects. Security Fixes: squid: Squid: Deni...

9.2CVSS5.8AI score0.08942EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.10 views

RHEL 9 : squid (RHSA-2026:10256)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:10256 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects. Security Fixes: squid: Squid: Deni...

9.2CVSS5.8AI score0.08942EPSS
Exploits0References6
OSV
OSV
added 2026/04/15 12:7 p.m.9 views

RLSA-2026:8119 Important: squid security update

Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects. Security Fixes: squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling CVE-2026-33526 Squid: Squid: Denial of Service via crafted ICP traffic CVE-2026-32748 For...

7.5CVSS5.8AI score0.08942EPSS
Exploits0References3
NVD
NVD
added 2026/04/13 2:16 a.m.3 views

CVE-2026-6143

A security flaw has been discovered in farion1231 cc-switch up to 3.12.3. Affected by this issue is some unknown functionality of the file src-tauri/src/proxy/server.rs of the component ProxyServer. The manipulation results in permissive cross-domain policy with untrusted domains. The attack can ...

6.5CVSS0.00189EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/04/13 1:15 a.m.1 views

CVE-2026-6143 farion1231 cc-switch ProxyServer server.rs cross-domain policy

A security flaw has been discovered in farion1231 cc-switch up to 3.12.3. Affected by this issue is some unknown functionality of the file src-tauri/src/proxy/server.rs of the component ProxyServer. The manipulation results in permissive cross-domain policy with untrusted domains. The attack can ...

6.5CVSS6.2AI score0.00189EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/04/13 1:15 a.m.55 views

CVE-2026-6143 farion1231 cc-switch ProxyServer server.rs cross-domain policy

A security flaw has been discovered in farion1231 cc-switch up to 3.12.3. Affected by this issue is some unknown functionality of the file src-tauri/src/proxy/server.rs of the component ProxyServer. The manipulation results in permissive cross-domain policy with untrusted domains. The attack can ...

6.5CVSS0.00189EPSS
Exploits0References7
CVE
CVE
added 2026/04/13 1:15 a.m.13 views

CVE-2026-6143

The vulnerability CVE-2026-6143 affects farion1231 cc-switch up to version 3.12.3. It targets the file src-tauri/src/proxy/server.rs in the ProxyServer component, enabling a permissive cross-domain policy with untrusted domains. This is a remote-attack vector, with the exploit publicly released. ...

6.5CVSS6.2AI score0.00189EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/04/01 10:58 a.m.6 views

CVE-2025-41355

Reflected Cross-Site Scripting XSS vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or ...

5.1CVSS6AI score0.00194EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/01 10:58 a.m.4 views

CVE-2025-41356

Reflected Cross-Site Scripting XSS vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or ...

5.1CVSS6AI score0.00194EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/01 10:58 a.m.4 views

CVE-2025-41357

Reflected Cross-Site Scripting XSS vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or ...

5.1CVSS6AI score0.00194EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/31 9:31 a.m.3 views

EUVD-2025-209139

Reflected Cross-Site Scripting XSS vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or ...

5.1CVSS6AI score0.00194EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/31 9:31 a.m.4 views

EUVD-2025-209137

Reflected Cross-Site Scripting XSS vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or ...

5.1CVSS6AI score0.00194EPSS
Exploits0References2
NVD
NVD
added 2026/03/31 9:16 a.m.5 views

CVE-2025-41355

Reflected Cross-Site Scripting XSS vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or ...

6.1CVSS0.00194EPSS
Exploits0References1
NVD
NVD
added 2026/03/31 9:16 a.m.5 views

CVE-2025-41357

Reflected Cross-Site Scripting XSS vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or ...

6.1CVSS0.00194EPSS
Exploits0References1
Rows per page
Query Builder