Lucene search
K

676 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/21 10:2 p.m.5 views

CVE-2026-4528

A vulnerability was determined in trueleaf ApiFlow 0.9.7. The impacted element is the function validateUrlSecurity of the file packages/server/src/service/proxy/httpproxy.service.ts of the component URL Validation Handler. This manipulation causes server-side request forgery. Remote exploitation ...

7.5CVSS6.7AI score0.003EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.8 views

PT-2026-26946

A vulnerability was determined in trueleaf ApiFlow 0.9.7. The impacted element is the function validateUrlSecurity of the file packages/server/src/service/proxy/http proxy.service.ts of the component URL Validation Handler. This manipulation causes server-side request forgery. Remote exploitation...

7.5CVSS6.7AI score0.003EPSS
Exploits0References7
FreeBSD
FreeBSD
added 2026/03/20 12:0 a.m.7 views

Python -- HTTP proxy CONNECT tunnel does not sanitize CR/LF

Seth Larson reports: HTTP proxy via "CONNECT" tunneling doesn't sanitize CR/LF CVE-2026-1502...

5.7CVSS5.8AI score0.00562EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/31 12:30 a.m.7 views

EUVD-2020-30953

Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass file extension restrictions by renaming malicious PHP files. Attackers can upload PHP files with system command execution capabilities by manipulating the file upload request through a web proxy a...

8.8CVSS6AI score0.00601EPSS
Exploits0References6
NVD
NVD
added 2026/01/27 10:15 a.m.6 views

CVE-2026-1467

A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF Carriage Return Line Feed Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing ...

5.8CVSS0.00312EPSS
Exploits1References3
OSV
OSV
added 2026/01/27 10:15 a.m.6 views

UBUNTU-CVE-2026-1467

A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF Carriage Return Line Feed Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing ...

5.8CVSS6.1AI score0.00312EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/01/27 10:15 a.m.4 views

CVE-2026-1467

A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF Carriage Return Line Feed Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing ...

5.8CVSS6.1AI score0.00312EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/09 10:2 a.m.10 views

CVE-2011-0846

Unspecified vulnerability in the Oracle Sun Java System Access Manager Policy Agent 2.2 allows remote attackers to affect availability via unknown vectors related to Web Proxy Agent...

5CVSS6.5AI score0.01715EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:48 a.m.6 views

CVE-2020-17505

Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via servicecmdspeform...

9CVSS6.9AI score0.82165EPSS
Exploits4References1
Fedora
Fedora
added 2025/12/05 2:22 a.m.5 views

[SECURITY] Fedora 41 Update: python-kdcproxy-1.1.0-1.fc41

This package contains a Python WSGI module for proxying KDC requests over HTTP by following the MS-KKDCP protocol. It aims to be simple to deploy, with minimal configuration...

8.6CVSS6.9AI score0.00463EPSS
Exploits0
Fedora
Fedora
added 2025/12/05 2:11 a.m.9 views

[SECURITY] Fedora 43 Update: python-kdcproxy-1.1.0-1.fc43

This package contains a Python WSGI module for proxying KDC requests over HTTP by following the MS-KKDCP protocol. It aims to be simple to deploy, with minimal configuration...

8.6CVSS6.9AI score0.00463EPSS
Exploits0
Fedora
Fedora
added 2025/12/04 12:53 a.m.6 views

[SECURITY] Fedora 43 Update: tinyproxy-1.11.2-5.fc43

tinyproxy is a small, efficient HTTP/SSL proxy daemon that is very useful in a small network setting, where a larger proxy like Squid would either be too resource intensive, or a security risk...

6.5CVSS6.9AI score0.00229EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.3 views

Siemens SIMATIC S7-1500 Use After Free (CVE-2022-43552)

curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can and often do deny such tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struc...

5.9CVSS6.7AI score0.02511EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2025/11/11 7:17 p.m.9 views

squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling

A Information Disclosure vulnerability has been identified in the Squid web caching proxy. This flaw occurs when the application fails to properly redact sensitive Hypertext Transfer Protocol HTTP authentication credentials from an error response. A remote client can exploit this by triggering an...

10CVSS5.8AI score0.6332EPSS
Exploits1References6
EUVD
EUVD
added 2025/11/03 9:34 p.m.4 views

EUVD-2025-37512

Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to canonicalize or reject dot path segments in its catch-all route, allowing attackers to gain sensitive information via authenticated or anonymous WebDAV endpoints...

7.5CVSS6.2AI score0.00835EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/10/23 10:3 a.m.14 views

CVE-2025-11915

Connection desynchronization between an HTTP proxy and the model backend. The fixes were rolled out for all proxies in front of impacted models by 2025-09-28. Users do not need to take any action...

6.9CVSS6.9AI score0.00293EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/22 9:13 a.m.6 views

EUVD-2025-35358

Connection desynchronization between an HTTP proxy and the model backend. The fixes were rolled out for all proxies in front of impacted models by 2025-09-28. Users do not need to take any action...

6.9CVSS6.4AI score0.00293EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/22 12:0 a.m.6 views

PT-2025-43062

Name of the Vulnerable Software and Affected Versions versions prior to 2025-09-28 Description A desynchronization issue exists between an HTTP proxy and the model backend. This affects communication within the model backend. Approximately 10,000 devices worldwide are potentially affected. The...

6.9CVSS5.9AI score0.00293EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/10/17 4:21 p.m.3 views

CVE-2025-62168 Squid vulnerable to information disclosure via authentication credential leakage in error handling

Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to...

10CVSS6.4AI score0.6332EPSS
Exploits1References2
CVE
CVE
added 2025/10/17 4:21 p.m.596 views

CVE-2025-62168

Squid (proxy/cache) prior to version 7.2 is affected by information disclosure due to failure to redact HTTP authentication credentials in error handling. The vulnerability can allow a remote, unauthenticated attacker to learn credentials or tokens used by a trusted client or internal web applica...

10CVSS6.4AI score0.6332EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder