Lucene search
K

6 matches found

OSV
OSV
added 2026/07/06 12:0 a.m.3 views

CVE-2026-14784 vxcontrol PentAGI Docker API client.go sandbox

A vulnerability was identified in vxcontrol PentAGI up to 2.1.0. This affects an unknown function of the file backend/pkg/docker/client.go of the component Docker API. The manipulation leads to sandbox issue. The attack may be initiated remotely. The pull request to fix this issue awaits acceptan...

5.3CVSS6.1AI score0.00228EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/22 8:7 p.m.27 views

CVE-2026-55603 http-proxy-middleware: multipart/form-data field injection via unescaped CRLF in `fixRequestBody`

http-proxy-middleware is node.js http-proxy middleware. From 3.0.4 until 3.0.7 and 4.1.1, fixRequestBody is the library's documented helper for re-emitting a request body that was already consumed by a body parser. When the outgoing Content-Type is multipart/form-data, it rebuilds the body with...

7.5CVSS0.00243EPSS
Exploits1References1
CVE
CVE
added 2026/06/22 8:7 p.m.48 views

CVE-2026-55603

CVE-2026-55603 affects http-proxy-middleware (Node.js). In versions 3.0.4–3.0.7 and 4.1.1, fixRequestBody() rebuilds multipart/form-data by interpolating req.body into the wire format without neutralizing CR/LF. This can let an attacker inject a new multipart part (via unescaped CRLF in keys/valu...

7.5CVSS5.9AI score0.00243EPSS
Exploits1References1Affected Software1
Snyk
Snyk
added 2025/04/15 3:41 a.m.5 views

Always-Incorrect Control Flow Implementation

Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation in the fixRequestBody function. An attacker can cause writeBody to be called multiple times, leading to unexpected behavior. Remediation A fix was pushed into the master branch but not yet...

6.3CVSS6.9AI score0.00412EPSS
Exploits0References2
OSV
OSV
added 2025/04/15 3:30 a.m.12 views

GHSA-9GQV-WP59-FQ42 http-proxy-middleware allows fixRequestBody to proceed even if bodyParser has failed

In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed...

4CVSS7.1AI score0.00417EPSS
Exploits0References6
OSV
OSV
added 2023/08/29 7:31 a.m.3 views

SUSE-SU-2023:3469-1 Security update for haproxy

This update for haproxy fixes the following issues: - CVE-2023-40225: Fixed request smuggling with empty content-length header value bsc1214102...

7.2CVSS7AI score0.01815EPSS
Exploits1References3
Rows per page
Query Builder