CVE-2026-34355

A vulnerability has been identified in the Apache HTTP Server. If the server is configured to connect to a malicious or compromised backend server, an attacker could exploit this flaw to bypass security controls or run unauthorized code on the system. Mitigation Disable the modproxyhtml module if...

Palo Alto Networks Cortex XDR Agent 安全漏洞

Palo Alto Networks Cortex XDR Agent is a terminal security software developed by Palo Alto Networks, Inc. There is a security vulnerability present in the Palo Alto Networks Cortex XDR Agent. This vulnerability stems from issues with the protection mechanisms, and it may cause local administrator...

GHSA-WQ34-7F4G-953V Csla affected by Remote Code Execution via WcfProxy (NetDataContractSerializer)

Impact Versions of CSLA .NET prior to version 6 allow the use of WcfProxy. WcfProxy uses the NetDataContractSerializer NDCS which has known vulnerabilities that can allow remote execution of code during deserialization. NDCS itself is considered obsolete, and you should avoid using WcfProxy or...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the concatenateForRewrite method in JettyUtils when the management proxy is enabled - which it is in the default configuration. An attacker can manipulate the URL to redirect requests to an arbitrary...

PT-2024-39711 · WordPress · Amp For Wp – Accelerated Mobile Pages

Name of the Vulnerable Software and Affected Versions: AMP for WP – Accelerated Mobile Pages plugin for WordPress versions up to, and including, 1.0.99.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the proxy function. This allows...

PT-2024-29495 · Unknown · Cbioportal

Name of the Vulnerable Software and Affected Versions: cBioPortal versions prior to 6.0.12 Description: The cBioPortal for Cancer Genomics provides visualization, analysis, and download of large-scale cancer genomics data sets. When running a publicly exposed proxy endpoint without authentication...

PT-2024-2769

Name of the Vulnerable Software and Affected Versions Envoy versions prior to 1.26.7 Envoy versions prior to 1.27.3 Envoy versions prior to 1.28.1 Envoy versions prior to 1.29.1 Description The issue is related to Envoy crashing in Proxy protocol when using an address type that isn’t supported by...

Escalation from admin to server admin when auth proxy is used

Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All...

PT-2021-5464 · Apache +8 · Apache Http Server +8

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.41 through 2.4.46 Description: The issue is related to the mod proxy http function in the Apache HTTP Server, which can be made to crash due to a NULL pointer dereference when handling specially crafted request...