Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is affected by multiple vulnerabilities

Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. HTTP Proxy bypass using IPv6 Zone IDs can improperly treat an IPv6 zone ID as a hostname component CVE-2025-22870. Spring Framework...

TencentOS Server 2: curl (TSSA-2023:0311)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0311 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

MAL-2025-4834 Malicious code in http-proxy-error (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7998e5d5542dec49e826d015f403fed34b411fdd9e28030aea1c3aa0fc4657ec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in http-proxy-error (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7998e5d5542dec49e826d015f403fed34b411fdd9e28030aea1c3aa0fc4657ec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Exploit for CVE-2025-22870

PoC – CVE-2025-22870 – HTTP Proxy Bypass via IPv6 Zone ID in G...

Security Bulletin: IBM Maximo Application Suite - Manage Component uses dompurify- http-proxy-middleware-2.0.6.tgz which is vulnerable to CVE-2024-21536.

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses dompurify- http-proxy-middleware-2.0.6.tgz which is vulnerable to CVE-2024-21536. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-21536 DESCRIPTION:...

CVE-2024-20490

A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller NDFC and Cisco Nexus Dashboard Orchestrator NDO could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because HTTP proxy credentials could be recorded in ...

CVE-2022-29188

Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional...

CVE-2020-5883

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, when a virtual server is configured with HTTP explicit proxy and has an attached HTTPPROXYREQUEST iRule, POST requests sent to the virtual server cause an xdata memory leak...

CVE-2016-1000109

HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic t...

CVE-2019-17598

An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host...

CVE-2011-4661

A memory leak vulnerability exists in Cisco IOS before 15.21T due to a memory leak in the HTTP PROXY Server process aka CSCtu52820, when configured with Cisco ISR Web Security with Cisco ScanSafe and User Authenticaiton NTLM configured...

CVE-2005-1340

The HTTP proxy service in Server Admin for Mac OS X 10.3.9 does not restrict access when it is enabled, which allows remote attackers to use the proxy...

CVE-2003-0803

Nokia Electronic Documentation NED 5.0 allows remote attackers to use NED as an open HTTP proxy via a URL in the location parameter, which NED accesses and returns to the user...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service, SSRF and credential leakage [CVE-2025-27152, CVE-2025-27789, CVE-2025-32996, CVE-2025-32997]

Summary Node.js modules axios and http-proxy-middleware are used by IBM App Connect Enterprise Certified Container for HTTP communications. Node.js module Babel is used for internal code generation. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service, SSRF...

PT-2025-20706 · Ооо "Юзергейт" · Usergate Next-Generation Firewall

Уязвимость сервиса HTTP-Proxy программного обеспечения межсетевого экрана UserGate Next-Generation Firewall NGFW существует из-за отсутствия мер по проверке вводимых данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, читать произвольные файлы...

Denial Of Service (DoS)

http-proxy-middleware is vulnerable to Denial Of Service DoS. The vulnerability is due to improper conditional logic due to the absence of "else if", which allows an attacker to trigger writeBody twice and potentially disrupt normal application behavior...

Improper Request Handling

http-proxy-middleware is vulnerable to Improper Request Handling. The vulnerability is due to improper request handling caused by fixRequestBody executing even when bodyParser has failed, which allows attackers to smuggle malicious HTTP requests...

Important: Red Hat Security Advisory: ACS 4.5 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security RHACS. This release of RHACS includes the following bug fix: Fixed a bug to match the aggregation field of the compliance tables to the widgets for consistency. This release also addresses the following security vulnerabilitie...

Always-Incorrect Control Flow Implementation

Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation in the fixRequestBody function. An attacker can cause writeBody to be called multiple times, leading to unexpected behavior. Remediation A fix was pushed into the master branch but not yet...