11 matches found
Cleartext Transmission of Sensitive Information
Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information through the AccountService in account.service.ts. An attacker can cause password reset, verification, registration, and invite emails to contain http:// links...
CVE-2025-47909
Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit to https://example.com because the Origin...
CVE-2025-47909 Improper validation of TrustedOrigins allows CSRF attacks in github.com/gorilla/csrf
Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit to https://example.com because the Origin...
PT-2025-35244
Name of the Vulnerable Software and Affected Versions: Go affected versions not specified Description: Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, potentially enabling network attackers to perform Cross-Site Request Forgery CSRF attacks. Following...
F5 Networks BIG-IP : Python urllib3 vulnerability (K000140711)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000140711 advisory. urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the...
CVE-2024-37891
urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidental...
python-requests: Unintended leak of Proxy-Authorization header
A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuildproxies is used to recompute and reattach the Proxy-Authorization...
CVE-2023-3581 WebSockets accept connections from HTTPS origin
Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs...
CVE-2023-3581 WebSockets accept connections from HTTPS origin
Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs...
DEBIAN-CVE-2011-4968
nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack MITM...
UBUNTU-CVE-2011-4968
nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack MITM...