Lucene search
K

71 matches found

RedhatCVE
RedhatCVE
added 2026/04/20 7:22 p.m.6 views

CVE-2026-40481

monetr is a budgeting application for recurring expenses. In versions 1.12.3 and below, the public Stripe webhook endpoint buffers the entire request body into memory before validating the Stripe signature. A remote unauthenticated attacker can send oversized POST payloads to cause uncontrolled...

8.2CVSS5.7AI score0.00446EPSS
Exploits1References1
OSV
OSV
added 2026/04/16 11:36 p.m.9 views

BIT-AUTHENTIK-2023-36456 Authentik lacks Proxy IP headers validation

authentik is an open-source Identity Provider. Prior to versions 2023.4.3 and 2023.5.5, authentik does not verify the source of the X-Forwarded-For and X-Real-IP headers, both in the Python code and the go code. Only authentik setups that are directly accessible by users without a reverse proxy a...

8.3CVSS7.1AI score0.00573EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/04 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-26961

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser extracts the boundary parameter from...

5.3CVSS6.2AI score0.00253EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/02 8:30 p.m.5 views

EUVD-2026-18368

Rack's greedy multipart boundary parsing can cause parser differentials and WAF bypass...

3.7CVSS5.8AI score0.00253EPSS
Exploits0References2
OSV
OSV
added 2026/04/02 8:30 p.m.2 views

GHSA-VGPV-F759-9WX3 Rack's greedy multipart boundary parsing can cause parser differentials and WAF bypass.

Summary Rack::Multipart::Parser extracts the boundary parameter from multipart/form-data using a greedy regular expression. When a Content-Type header contains multiple boundary parameters, Rack selects the last one rather than the first. In deployments where an upstream proxy, WAF, or intermedia...

5.3CVSS5.9AI score0.00253EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/02 8:30 p.m.11 views

Rack's greedy multipart boundary parsing can cause parser differentials and WAF bypass.

Summary Rack::Multipart::Parser extracts the boundary parameter from multipart/form-data using a greedy regular expression. When a Content-Type header contains multiple boundary parameters, Rack selects the last one rather than the first. In deployments where an upstream proxy, WAF, or intermedia...

5.3CVSS5.9AI score0.00253EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/04/02 4:42 p.m.60 views

CVE-2026-26961

Rack vulnerable component: Rack::Multipart::Parser extracts multipart boundary from Content-Type using a greedy regex, causing last-boundary selection when multiple boundaries exist. This can allow smuggling of multipart content past upstream validation. Affected versions are before 2.2.23, 3.1.2...

5.3CVSS5.8AI score0.00253EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/02 4:42 p.m.2 views

CVE-2026-26961 Rack: Multipart Boundary Parsing Ambiguity allowing WAF Bypass

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser extracts the boundary parameter from multipart/form-data using a greedy regular expression. When a Content-Type header contains multiple boundary parameters, Rack selects the last one...

3.7CVSS5.8AI score0.00253EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/03/31 10:5 p.m.9 views

nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections

A flaw was found in NGINX. When NGINX is configured to proxy to upstream Transport Layer Security TLS servers, An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response...

8.2CVSS6AI score0.00339EPSS
Exploits0References5
OSV
OSV
added 2026/02/16 3:57 p.m.2 views

BIT-NGINX-GATEWAY-2026-1642 NGINX vulnerability

A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security TLS servers. An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data in...

8.2CVSS5.7AI score0.00339EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/02/13 12:0 a.m.7 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : nginx vulnerability (USN-8038-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8038-1 advisory. It was discovered that nginx incorrectly handled proxying to upstream TLS servers. An attacker could possibly use this issue to insert plain...

8.2CVSS5.7AI score0.00339EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/13 12:0 a.m.7 views

Debian dsa-6131 : libnginx-mod-http-geoip - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6131 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6131-1 [email protected] https://www.debian.org/security/...

8.2CVSS5.6AI score0.00339EPSS
Exploits0References5
OSV
OSV
added 2026/02/04 3:16 p.m.5 views

UBUNTU-CVE-2026-1642

A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security TLS servers. An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data in...

8.2CVSS5.8AI score0.00339EPSS
Exploits0References6
CVE
CVE
added 2026/02/04 3:2 p.m.841 views

CVE-2026-1642

The CVE-2026-1642 entry describes a vulnerability in NGINX OSS and NGINX Plus when configured to proxy to upstream TLS servers. Under a MITM position on the upstream side and conditions outside the attacker’s control, an attacker may inject plain text data into the response from an upstream proxi...

8.2CVSS5.5AI score0.00339EPSS
Exploits0References2Affected Software5
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.5 views

PT-2026-6052

Name of the Vulnerable Software and Affected Versions NGINX OSS and NGINX Plus affected versions not specified F5 BIG-IP affected versions not specified Description A flaw exists in NGINX OSS and NGINX Plus when used to proxy to upstream Transport Layer Security TLS servers. An attacker positione...

8.2CVSS5.5AI score0.00339EPSS
Exploits0References88
EUVD
EUVD
added 2025/10/07 12:30 a.m.23 views

EUVD-2021-1600

Malware in sbrugna...

8.1CVSS7.9AI score0.04771EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.38 views

EUVD-2021-16051

Malware in sbrugna...

6.5CVSS6.5AI score0.01149EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2017-14740

Malware in sbrugna...

8.6CVSS8.5AI score0.0197EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-21299

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hyper is an open-source HTTP library for Rust crates.io. In hyper from version 0.12.0 and before versions 0.13.10 and 0.14.3 there is a vulnerability that can...

8.1CVSS7.2AI score0.04771EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 9:24 p.m.18 views

CVE-2021-29416

An issue was discovered in PortSwigger Burp Suite before 2021.2. During viewing of a malicious request, it can be manipulated into issuing a request that does not respect its upstream proxy configuration. This could leak NetNTLM hashes on Windows systems that fail to block outbound SMB...

6.5CVSS6.7AI score0.01149EPSS
Exploits1References1
Rows per page
Query Builder