Malicious Package

Overview abuden2 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertising...

Server-side Request Forgery (SSRF)

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the shouldBypassProxy function. An attacker can access internal or metadata endpoints by crafting request URLs in IPv4-mapped IPv6...

curl: Proxy-Authorization header is leaked to origin server after redirect from proxied to direct connection

Summary curl leaks the Proxy-Authorization header to the origin server after following an HTTP redirect that transitions from a proxied connection to a direct connection e.g. when using --noproxy or when proxy is bypassed after redirect. This causes proxy credentials which are hop-by-hop to be se...

EUVD-2015-0641

Malware in sbrugna...

CVE-2025-6432

When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding. This vulnerability affects Firefox 140 and Thunderbird 140...

PrivateBin Security Vulnerability

PrivateBin is a minimalist open source online pastebin from the PrivateBin project. A security vulnerability exists in PrivateBin versions prior to 1.7.4 that stems from exposing authentication tokens to the public without authentication, allowing anyone to break through restrictions imposed by a...

The vulnerability of Cisco FWSM software allows a malicious actor to trigger a service failure.

The state of the competition when using the bypass proxy server function in the Cisco Firewall Service Module FWSM allows malicious actors operating remotely to trigger a service failure device reboot by using specially crafted traffic...