CVE-2026-44213

The OpenTelemetry.Exporter.Instana exports telemetry to Instana backend. Prior to 1.1.0, the OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana back-end when a proxy is configured using the...

ClipBucket-EDB-44250

ClipBucket-EDB-44250 Unauthenticated Remote Code Execution in...

CVE-2026-45232

Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establishproxyconnection function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by positioning themselves...

Server-Side Request Forgery (SSRF)

Axios is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to inadequate hostname normalization and reliance on string matching in proxy bypass logic, which allows an attacker to route local requests through a proxy instead of bypassing it...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to the handling of HTTPS redirects when a proxy is configured and setfollowlocation is enabled. An attacker can intercept sensitive information by presenting a forged, expired, or self-signed...

AZL-76373 CVE-2026-1467 affecting package libsoup for versions less than 3.4.4-12

A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF Carriage Return Line Feed Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing ...

CVE-2026-1467 Libsoup: libsoup: http header injection via specially crafted urls when an http proxy is configured

A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF Carriage Return Line Feed Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing ...

PT-2026-25380

Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.37.2 Description cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. When a cpp-httplib client is configured with a proxy and set follow locationtrue, HTTPS redirects can silently...

CVE-2025-65083

GoSign Desktop through 2.4.1 disables TLS certificate validation when configured to use a proxy server. This can be problematic if the GoSign Desktop user selects an arbitrary proxy server without consideration of whether outbound HTTPS connections from the proxy server to Internet servers succee...

EUVD-2025-197811

GoSign Desktop through 2.4.1 disables TLS certificate validation when configured to use a proxy server. This can be problematic if the GoSign Desktop user selects an arbitrary proxy server without consideration of whether outbound HTTPS connections from the proxy server to Internet servers succee...

CVE-2025-65083

GoSign Desktop through 2.4.1 disables TLS certificate validation when configured to use a proxy server. This can be problematic if the GoSign Desktop user selects an arbitrary proxy server without consideration of whether outbound HTTPS connections from the proxy server to Internet servers succee...

CVE-2025-65083

GoSign Desktop up to version 2.4.1: when configured to use a proxy, TLS certificate validation is disabled, allowing potential integrity bypass for outbound HTTPS connections to Internet servers through an arbitrary proxy. This behavior is outside the product’s intended security model, which expe...

EUVD-2006-5803

Malware in sbrugna...

EUVD-2024-53433

Malicious code in bioql PyPI...

Multiple vulnerabilities in JTEKT ELECTRONICS CORPORATION's products

Overview HMI ViewJet C-more series and HMI GC-A2 series provided by JTEKT ELECTRONICS CORPORATION contain multiple vulnerabilities listed below. Improper Restriction of Rendered UI Layers or Frames CWE-1021 - CVE-2025-24310 Allocation of Resources Without Limits or Throttling CWE-770 -...

Citrix Infrastructure Monitoring- issue with adding new PVS/SF servers for monitoring from Cloud UI

When Admin tries to add/register new PVS or Storefront Servers for monitoring, the eror message appears:Incorrect token. Ensure you copy and paste the token correctly. The token is valid. Network trace shows 500 response code when the request is send to...

PT-2025-7409 · Hitachi Vantara · Hitachi Vantara Pentaho Business Analytics Server

Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Business Analytics Server versions prior to 10.2.0.0 Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.3.0.9 Hitachi Vantara Pentaho Business Analytics Server version 8.3.x Description: The web serv...

Exploit for Authentication Bypass by Spoofing in Telerik Report_Server_2024

CVE-2024-4358 An Vulnerability detection and Mass Exploitation...

PT-2023-8836 · Nextchat · Nextchat

Name of the Vulnerable Software and Affected Versions: NextChat versions 2.11.2 and prior Description: The issue concerns a server-side request forgery and cross-site scripting vulnerability in NextChat, also known as ChatGPT-Next-Web. This vulnerability enables read access to internal HTTP...

CVE-2023-42261

Mobile Security Framework MobSF =v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for example,...