CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

42 matches found

SillyTavern 安全漏洞

SillyTavern is a frontend interface for the SillyTavern open-source language model. Versions of SillyTavern prior to 1.18.0 contained security vulnerabilities. These vulnerabilities stemmed from automatic login using the Remote-User and X-Authentik-Username HTTP headers, without verifying whether...

9.8CVSS5.8AI score0.00067EPSS

Exploits0References1

OSV•added 2026/05/11 5:44 a.m.•5 views

BIT-GOLANG-2026-42501 Malicious module proxy can bypass checksum database in cmd/go

A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy GOMODPROXY or checksum database GOSUMDB. A malicious module proxy can serve altered versions o...

7.5CVSS5.8AI score0.00008EPSS

Exploits0References5

SUSE CVE•added 2026/05/09 2:42 a.m.•7 views

SUSE CVE-2026-42501

7.5CVSS5.8AI score0.00008EPSS

Exploits0References3

EUVD•added 2026/05/07 9:30 p.m.•5 views

EUVD-2026-28433

5.8AI score0.00008EPSS

Exploits0References5

OSV•added 2026/05/07 8:16 p.m.•5 views

DEBIAN-CVE-2026-42501

7.5CVSS5.8AI score0.00008EPSS

Exploits0References1

UbuntuCve•added 2026/05/07 8:16 p.m.•4 views

CVE-2026-42501

7.5CVSS5.8AI score0.00008EPSS

Exploits0References7

Cvelist•added 2026/05/07 7:41 p.m.•30 views

CVE-2026-42501 Malicious module proxy can bypass checksum database in cmd/go

0.00008EPSS

Exploits0References4

ATTACKERKB•added 2026/05/07 7:41 p.m.•7 views

CVE-2026-42501

5.8AI score0.00008EPSS

Exploits0References5Affected Software1

Vulnrichment•added 2026/05/07 7:41 p.m.•7 views

CVE-2026-42501 Malicious module proxy can bypass checksum database in cmd/go

5.8AI score0.00008EPSS

Exploits0References4

OSV•added 2026/05/07 7:21 p.m.•6 views

GO-2026-4984 Malicious module proxy can bypass checksum database in cmd/go

7.5CVSS5.8AI score0.00008EPSS

Exploits0References3

Positive Technologies•added 2026/05/07 12:0 a.m.•4 views

PT-2026-38570

Name of the Vulnerable Software and Affected Versions Go affected versions not specified Description A flaw in the go command's validation of module checksums allows a malicious module proxy to bypass checksum database validation. This occurs when the checksum database returns a successful respon...

7.5CVSS5.9AI score0.00008EPSS

Exploits0References25

AstraLinux•added 2026/05/03 11:59 p.m.•14 views

Astra Linux - уязвимость в mod-wsgi

A vulnerability was discovered in modwsgi. The X-Client-IP header is not removed from a request sent from a trusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application. The condition necessary to remove the X-Client-IP header is missing...

7.5CVSS7.1AI score0.00461EPSS

Exploits1References2

Cvelist•added 2025/11/17 12:0 a.m.•5 views

CVE-2025-65083

GoSign Desktop through 2.4.1 disables TLS certificate validation when configured to use a proxy server. This can be problematic if the GoSign Desktop user selects an arbitrary proxy server without consideration of whether outbound HTTPS connections from the proxy server to Internet servers succee...

3.2CVSS0.00009EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-0159

Malicious code in bioql PyPI...

7.5CVSS7.3AI score0.00461EPSS

Exploits1References11

RedHat Linux•added 2025/05/12 8:6 a.m.•4 views

mod_wsgi: Trusted Proxy Headers Removing Bypass

A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...

7.5CVSS5.7AI score0.00461EPSS

Exploits1References5

OSV•added 2024/03/06 10:56 a.m.•24 views

BIT-MOD_WSGI-2022-2255

7.5CVSS7AI score0.00461EPSS

Exploits1References5

Tenable Nessus•added 2023/09/27 12:0 a.m.•22 views

Amazon Linux 2 : mod_wsgi (ALASHTTPD_MODULES-2023-001)

It is, therefore, affected by a vulnerability as referenced in the ALAS2HTTPDMODULES-2023-001 advisory. A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI...

7.5CVSS7.2AI score0.00461EPSS

Exploits1References4

Amazon•added 2023/09/25 12:0 a.m.•2 views

Medium: mod_wsgi

Issue Overview: A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing. CVE-2022-2255 Affected Packages:...

7.5CVSS6.9AI score0.00461EPSS

Exploits1

SUSE CVE•added 2023/02/15 3:32 a.m.•5 views

SUSE CVE-2022-2255

5.6CVSS6.8AI score0.00461EPSS

Exploits1References7

Tenable Nessus•added 2023/02/08 12:0 a.m.•24 views

EulerOS 2.0 SP8 : mod-wsgi (EulerOS-SA-2023-1328)

According to the versions of the mod-wsgi packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pa...

7.5CVSS7.2AI score0.00461EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by