CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

SUSE CVE•added 2026/03/28 12:25 a.m.•2 views

SUSE CVE-2026-33529

Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. Prior to version 3.3.2, an authenticated path traversal vulnerability in the configuration import endpoint allows an authenticated user to write arbitrary files outside the config directory, which can lead to RCE by creating a...

8.8CVSS6AI score0.00028EPSS

Exploits1References3

RedhatCVE•added 2026/03/27 10:51 p.m.•1 views

CVE-2026-33529

3.3CVSS6AI score0.00028EPSS

Exploits1References1

OSV•added 2026/03/26 8:33 p.m.•1 views

GO-2026-4844 Zoraxy: Authenticated Path Traversal in Config Import leads to RCE in github.com/tobychui/zoraxy

Zoraxy: Authenticated Path Traversal in Config Import leads to RCE in github.com/tobychui/zoraxy...

8.8CVSS5.8AI score0.00028EPSS

Exploits1References3

NVD•added 2026/03/26 8:16 p.m.•1 views

CVE-2026-33529

8.8CVSS0.00028EPSS

Exploits1References3

OSV•added 2026/03/26 7:26 p.m.•2 views

CVE-2026-33529 Zoraxy: Authenticated Path Traversal in Config Import leads to RCE

3.3CVSS6.4AI score0.00028EPSS

Exploits1References5

CVE•added 2026/03/26 7:26 p.m.•9 views

CVE-2026-33529

Zoraxy (github.com/tobychui/zoraxy) exposes an authenticated path traversal in the configuration import endpoint prior to version 3.3.2. The flaw allows writing arbitrary files outside the config directory, enabling potential remote code execution by creating a plugin. The issue is mitigated in v...

8.8CVSS5.9AI score0.00028EPSS

Exploits1References3Affected Software1

Vulnrichment•added 2026/03/26 7:26 p.m.•2 views

CVE-2026-33529 Zoraxy: Authenticated Path Traversal in Config Import leads to RCE

3.3CVSS6AI score0.00028EPSS

Exploits1References3

Cvelist•added 2026/03/26 7:26 p.m.•21 views

CVE-2026-33529 Zoraxy: Authenticated Path Traversal in Config Import leads to RCE

3.3CVSS0.00028EPSS

Exploits1References3

CNNVD•added 2026/03/26 12:0 a.m.•2 views

Zoraxy 路径遍历漏洞

Zoraxy is a general-purpose HTTP reverse proxy and forwarding tool developed by Toby Chui. Versions of Zoraxy prior to 3.3.2 contained a path traversal vulnerability. This vulnerability stemmed from the configuration import endpoint allowing authenticated path traversal, which could lead to...

8.8CVSS6.8AI score0.00028EPSS

Exploits1References3

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-3209

Malicious code in bioql PyPI...

8.6CVSS9.3AI score0.00901EPSS

Exploits0References6

RedhatCVE•added 2025/05/23 6:30 a.m.•4 views

CVE-2024-52010

Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH...

8.6CVSS7.8AI score0.00901EPSS

Exploits0References1

SUSE CVE•added 2024/11/21 3:48 a.m.•1 views

SUSE CVE-2024-52010

8.6CVSS8.2AI score0.00901EPSS

Exploits0References3

OSV•added 2024/11/19 5:20 p.m.•12 views

GO-2024-3267 Zoraxy has an authenticated command injection in the Web SSH feature in github.com/tobychui/zoraxy

Zoraxy has an authenticated command injection in the Web SSH feature in github.com/tobychui/zoraxy. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

8.6CVSS9.3AI score0.00901EPSS

Exploits0References4

Github Security Blog•added 2024/11/12 9:28 p.m.•25 views

Zoraxy has an authenticated command injection in the Web SSH feature

Summary A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Details Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH servers from their browsers. In...

8.6CVSS8.8AI score0.00901EPSS

Exploits0References6Affected Software1

OSV•added 2024/11/12 9:28 p.m.•10 views

GHSA-7HPF-G48V-HW3J Zoraxy has an authenticated command injection in the Web SSH feature

8.6CVSS9.8AI score0.00901EPSS

Exploits0References6

NVD•added 2024/11/12 5:15 p.m.•16 views

CVE-2024-52010

8.6CVSS0.00901EPSS

Exploits0References3

CVE•added 2024/11/12 4:6 p.m.•55 views

CVE-2024-52010

CVE-2024-52010 concerns Zoraxy, a general-purpose HTTP reverse proxy/forwarding tool, with a vulnerability in the Web SSH feature. In HandleCreateProxySession , the request to create an SSH session handles a user-supplied username that can be injected into the sshCommand ; the username is not val...

8.6CVSS7.6AI score0.00901EPSS

Exploits0References3

OSV•added 2024/11/12 4:6 p.m.•20 views

CVE-2024-52010 Zoraxy has an authenticated command injection in the Web SSH feature

8.6CVSS9.7AI score0.00901EPSS

Exploits0References5

Cvelist•added 2024/11/12 4:6 p.m.•19 views

CVE-2024-52010 Zoraxy has an authenticated command injection in the Web SSH feature

8.6CVSS0.00901EPSS

Exploits0References3

Vulnrichment•added 2024/11/12 4:6 p.m.•17 views

CVE-2024-52010 Zoraxy has an authenticated command injection in the Web SSH feature