35 matches found
GHSA-QCCP-GFCP-XXVC urllib3: Sensitive headers forwarded across origins in proxied low-level redirects
Impact When following cross-origin redirects for requests made using urllib3’s high-level APIs, such as urllib3.request, PoolManager.request, and ProxyManager.request, sensitive headers — Authorization, Cookie, and Proxy-Authorization defined in Retry.DEFAULTREMOVEHEADERSONREDIRECT — are stripped...
BIT-MILVUS-2025-64513 Milvus Proxy has Critical Authentication Bypass Vulnerability
Milvus is an open-source vector database built for generative AI applications. An unauthenticated attacker can exploit a vulnerability in versions prior to 2.4.24, 2.5.21, and 2.6.5 to bypass all authentication mechanisms in the Milvus Proxy component, gaining full administrative access to the...
CLSA-2026-1768213076 httpd: Fix of 2 CVEs
CVE-2025-65082: fix CGI environment variable injection by preventing HTTP headers from overriding server-set variables - CVE-2025-66200: prevent suexec bypass by removing request notes usage and rejecting the undocumented RequestHeader note option...
CVE-2025-64513 Milvus Proxy has Critical Authentication Bypass Vulnerability
Milvus is an open-source vector database built for generative AI applications. An unauthenticated attacker can exploit a vulnerability in versions prior to 2.4.24, 2.5.21, and 2.6.5 to bypass all authentication mechanisms in the Milvus Proxy component, gaining full administrative access to the...
CVE-2025-64513 Milvus Proxy has Critical Authentication Bypass Vulnerability
Milvus is an open-source vector database built for generative AI applications. An unauthenticated attacker can exploit a vulnerability in versions prior to 2.4.24, 2.5.21, and 2.6.5 to bypass all authentication mechanisms in the Milvus Proxy component, gaining full administrative access to the...
CVE-2025-64513
CVE-2025-64513 describes a critical authentication bypass in the Milvus Proxy component of Milvus. An unauthenticated attacker can bypass all authentication, gaining full administrative access to the Milvus cluster, with read/modify/delete of data and privileged operations such as database or col...
EUVD-2025-15631
Malicious code in bioql PyPI...
EUVD-2023-39927
Malicious code in bioql PyPI...
EUVD-2022-6123
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-28361
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kamailio before 5.4.0, as used in Sip Express Router SER in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection...
mod_wsgi: Trusted Proxy Headers Removing Bypass
A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...
Medium: mod_wsgi
Issue Overview: A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing. CVE-2022-2255 Affected Packages:...
How to remove HTTP Header with rewrite policy in NetScaler
This article describes how to deletespecific HTTP Request Header with rewrite policy in NetScaler...
SUSE CVE-2022-48521
An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x through 2.11.0-Beta2. It fails to keep track of ordinal numbers when removing fake Authentication-Results header fields, which allows a remote attacker to craft an e-mail message with a fake sender address such that programs that rely...
CVE-2022-48521
An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x through 2.11.0-Beta2. It fails to keep track of ordinal numbers when removing fake Authentication-Results header fields, which allows a remote attacker to craft an e-mail message with a fake sender address such that programs that rely...
SUSE CVE-2022-2255
A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...
A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing.
...
CVE-2022-2255
A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...
AZL-10734 CVE-2022-2255 affecting package mod_wsgi for versions less than 4.9.3-2
A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...
PYSEC-2022-254
A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...