Lucene search
K

122 matches found

OSV
OSV
added 2026/06/25 5:17 p.m.3 views

DEBIAN-CVE-2026-56123

socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allows a malicious SOCKS5 proxy server to overwrite adjacent heap memory by exploiting a sign-extension flaw in the DOMAINNAME reply parser. During connection setup, the domain name length byte is read...

9.8CVSS6AI score0.00308EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 2:20 p.m.10 views

EUVD-2026-37760

undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse...

7.5CVSS6.4AI score0.00323EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/19 2:20 p.m.10 views

undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse

Impact When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination. This cause...

8.8CVSS6.4AI score0.00323EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/19 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-6734

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the...

8.8CVSS6.7AI score0.00323EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/17 6:21 p.m.8 views

Origin Validation Error

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Origin Validation Error in the Socks5ProxyAgent. An attacker can intercept or redirect sensitive data, including credentials and request payloads, to unintended origins b...

8.8CVSS6.4AI score0.00323EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 6:18 p.m.15 views

CVE-2026-9697

Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servernam...

7.4CVSS0.00459EPSS
Exploits0References11
NVD
NVD
added 2026/06/17 6:18 p.m.12 views

CVE-2026-6734

Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination. This caus...

8.8CVSS0.00323EPSS
Exploits0References11
OSV
OSV
added 2026/06/17 6:18 p.m.3 views

UBUNTU-CVE-2026-6734

Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination. This caus...

8.8CVSS6.4AI score0.00323EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/17 4:36 p.m.24 views

CVE-2026-6734 undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse

Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination. This caus...

7.5CVSS0.00323EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/17 4:36 p.m.5 views

CVE-2026-6734

Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination. This caus...

8.8CVSS5.9AI score0.00323EPSS
Exploits0
OSV
OSV
added 2026/05/25 2:0 p.m.15 views

EEF-CVE-2026-47071 SOCKS5 TLS upgrade ignores caller timeout in hackney

Summary Uncontrolled Resource Consumption vulnerability in benoitc hackney allows Flooding. The SOCKS5 transport in src/hackneysocks5.erl correctly applies the caller-supplied timeout to the SOCKS5 negotiation phase, but then upgrades the connection to TLS using the two-argument form ssl:connect/...

8.2CVSS5.7AI score0.00703EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2026/05/18 12:0 a.m.71 views

📄 Bichon 1.0.2 SOCKS5 Proxy Topology Disclosure

Bichon version 1.0.2 suffers from a SOCKS5 proxy topology disclosure vulnerability via /list-proxy. Bichon 1.0.2 SOCKS5 Proxy Topology Disclosure via /list-proxy ============================================================= Vendor: rustmailer Product: Bichon - self-hosted email archiving server...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.4 views

Siemens SIMATIC S7-1500 Heap-based Buffer Overflow (CVE-2023-38545)

This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the hostname to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that hostname can be is 255 bytes. If the hostname ...

9.8CVSS7.1AI score0.78483EPSS
Exploits6References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2009-2465

Malware in sbrugna...

5CVSS9.3AI score0.01991EPSS
Exploits0References21
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-23192

Malicious code in bioql PyPI...

7.5CVSS6.4AI score0.00541EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-32624

Malicious code in bioql PyPI...

7.8CVSS8.1AI score0.00381EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2025/10/02 1:7 p.m.9 views

Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown

Cybersecurity researchers have flagged a malicious package on the Python Package Index PyPI repository that claims to offer the ability to create a SOCKS5 proxy service, while also providing a stealthy backdoor-like functionality to drop additional payloads on Windows systems. The deceptive...

6.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/07/30 12:0 a.m.12 views

PT-2025-31441 · Vproxy · Vproxy

Name of the Vulnerable Software and Affected Versions: vproxy versions 2.3.3 and below Description: vproxy is an HTTP/HTTPS/SOCKS5 proxy server. Untrusted data from the user-controlled HTTP Proxy-Authorization header is passed to Extension::try from and then to parse ttl extension where it is...

7.5CVSS6.3AI score0.00541EPSS
Exploits0References10
OpenVAS
OpenVAS
added 2025/07/14 12:0 a.m.3 views

libcurl SOCKS5 Heap Buffer Overflow Vulnerability (Oct 2023)

libcurl is prone to a heap buffer overflow vulnerability in the SOCKS5 proxy handshake. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

9.8CVSS9.9AI score0.78483EPSS
Exploits6References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:31 a.m.7 views

CVE-2023-29011

Git for Windows, the Windows port of Git, ships with an executable called connect.exe, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of connect.exe's config file is hard-coded as...

7.8CVSS6.7AI score0.00381EPSS
Exploits0References1
Rows per page
Query Builder