16 matches found
Unintended Proxy or Intermediary ('Confused Deputy')
Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via the uri parameter being passed directly to urllib.request.urlopen, which allows fetching resources using unsupported schemes such as file, ftp, and data. An attacker can access...
Unintended Proxy or Intermediary ('Confused Deputy')
Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via the apiCall servicecall helper. An attacker can obtain sensitive service account tokens by crafting a policy that triggers an outbound request without an explicit Authorization...
Unintended Proxy or Intermediary ('Confused Deputy')
Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via the apiCall servicecall helper. An attacker can obtain sensitive service account tokens by crafting a policy that triggers an outbound request without an explicit Authorization...
Unintended Proxy or Intermediary ('Confused Deputy')
Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via improper hostname normalization in the NOPROXY environment variable. An attacker controlling reques...
Unintended Proxy or Intermediary ('Confused Deputy')
Overview @astrojs/vercel is a Deploy your site to Vercel Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via the x-astro-path header or xastropath query parameter, which allows overriding internal request paths without authentication. An...
PT-2026-7850
Name of the Vulnerable Software and Affected Versions AMD power management firmware PMFW affected versions not specified Description An unintended proxy or intermediary in the AMD power management firmware PMFW could allow a privileged attacker to send malformed messages to the system management...
CVE-2026-24471
The CVE-2026-24471 issue affects Continuwuity and Conduit-derived servers (Continuwuity, Conduit, Grapevine, Tuwunel). A malicious remote server can induce the victim to sign an arbitrary event during user interactions such as leaving a room, joining a room, or knocking on a room, by requesting a...
Unintended Proxy or Intermediary ('Confused Deputy')
Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' due to the unsafe usage of Kubernetes ExternalName type with Ingress controller. An attacker can gain unauthorized access to internal services, leveraging the controller's network...
EUVD-2021-22811
Malware in sbrugna...
EUVD-2025-9667
Malicious code in bioql PyPI...
Unintended Proxy or Intermediary ('Confused Deputy')
Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via the ResourceGraphDefinition resources. An attacker can execute arbitrary code on cluster nodes by supplying attacker-controlled images. This is only exploitable if the user has...
Unintended Proxy or Intermediary ('Confused Deputy')
Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' due to the improper validation of X-Forwarded-For and Forwarded headers forwarded from untrusted proxies. An attacker can manipulate the server's behavior by sending crafted headers fro...
CVE-2021-36190
A unintended proxy or intermediary 'confused deputy' in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to access protected hosts via crafted HTTP requests...
CVE-2021-20042
An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances...
PT-2021-13738 · Sma 410 +5 · Sma 410 +5
Name of the Vulnerable Software and Affected Versions: SMA 100 SMA 200 SMA 210 SMA 400 SMA 410 SMA 500v Description: An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. Recommendations: For SMA 100, consider...
ELOG < 3.1.4-283534d Multiple Vulnerabilities - Active Check
ELOG is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:elogproject:elog"; ifdescription...