676 matches found
CVE-2026-4528
A vulnerability was determined in trueleaf ApiFlow 0.9.7. The impacted element is the function validateUrlSecurity of the file packages/server/src/service/proxy/httpproxy.service.ts of the component URL Validation Handler. This manipulation causes server-side request forgery. Remote exploitation ...
PT-2026-26946
A vulnerability was determined in trueleaf ApiFlow 0.9.7. The impacted element is the function validateUrlSecurity of the file packages/server/src/service/proxy/http proxy.service.ts of the component URL Validation Handler. This manipulation causes server-side request forgery. Remote exploitation...
Python -- HTTP proxy CONNECT tunnel does not sanitize CR/LF
Seth Larson reports: HTTP proxy via "CONNECT" tunneling doesn't sanitize CR/LF CVE-2026-1502...
EUVD-2020-30953
Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass file extension restrictions by renaming malicious PHP files. Attackers can upload PHP files with system command execution capabilities by manipulating the file upload request through a web proxy a...
CVE-2026-1467
A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF Carriage Return Line Feed Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing ...
UBUNTU-CVE-2026-1467
A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF Carriage Return Line Feed Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing ...
CVE-2026-1467
A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF Carriage Return Line Feed Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing ...
CVE-2011-0846
Unspecified vulnerability in the Oracle Sun Java System Access Manager Policy Agent 2.2 allows remote attackers to affect availability via unknown vectors related to Web Proxy Agent...
CVE-2020-17505
Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via servicecmdspeform...
[SECURITY] Fedora 41 Update: python-kdcproxy-1.1.0-1.fc41
This package contains a Python WSGI module for proxying KDC requests over HTTP by following the MS-KKDCP protocol. It aims to be simple to deploy, with minimal configuration...
[SECURITY] Fedora 43 Update: python-kdcproxy-1.1.0-1.fc43
This package contains a Python WSGI module for proxying KDC requests over HTTP by following the MS-KKDCP protocol. It aims to be simple to deploy, with minimal configuration...
[SECURITY] Fedora 43 Update: tinyproxy-1.11.2-5.fc43
tinyproxy is a small, efficient HTTP/SSL proxy daemon that is very useful in a small network setting, where a larger proxy like Squid would either be too resource intensive, or a security risk...
Siemens SIMATIC S7-1500 Use After Free (CVE-2022-43552)
curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can and often do deny such tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struc...
squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling
A Information Disclosure vulnerability has been identified in the Squid web caching proxy. This flaw occurs when the application fails to properly redact sensitive Hypertext Transfer Protocol HTTP authentication credentials from an error response. A remote client can exploit this by triggering an...
EUVD-2025-37512
Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to canonicalize or reject dot path segments in its catch-all route, allowing attackers to gain sensitive information via authenticated or anonymous WebDAV endpoints...
CVE-2025-11915
Connection desynchronization between an HTTP proxy and the model backend. The fixes were rolled out for all proxies in front of impacted models by 2025-09-28. Users do not need to take any action...
EUVD-2025-35358
Connection desynchronization between an HTTP proxy and the model backend. The fixes were rolled out for all proxies in front of impacted models by 2025-09-28. Users do not need to take any action...
PT-2025-43062
Name of the Vulnerable Software and Affected Versions versions prior to 2025-09-28 Description A desynchronization issue exists between an HTTP proxy and the model backend. This affects communication within the model backend. Approximately 10,000 devices worldwide are potentially affected. The...
CVE-2025-62168 Squid vulnerable to information disclosure via authentication credential leakage in error handling
Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to...
CVE-2025-62168
Squid (proxy/cache) prior to version 7.2 is affected by information disclosure due to failure to redact HTTP authentication credentials in error handling. The vulnerability can allow a remote, unauthenticated attacker to learn credentials or tokens used by a trusted client or internal web applica...