6 matches found
CVE-2026-2264
A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery SSRF and exfiltrate service account access tokens. For successful exploitation, an administrator must initially establish an insecure configuration of the API...
CVE-2025-34069
An authentication bypass vulnerability exists in GFI Kerio Control 9.4.5 due to insecure default proxy configuration and weak access control in the GFIAgent service. The non-transparent proxy on TCP port 3128 can be used to forward unauthenticated requests to internal services such as GFIAgent,...
CVE-2025-34069
An authentication bypass vulnerability exists in GFI Kerio Control 9.4.5 due to insecure default proxy configuration and weak access control in the GFIAgent service. The non-transparent proxy on TCP port 3128 can be used to forward unauthenticated requests to internal services such as GFIAgent,...
CVE-2025-34069
An authentication bypass vulnerability exists in GFI Kerio Control 9.4.5 due to insecure default proxy configuration and weak access control in the GFIAgent service. The non-transparent proxy on TCP port 3128 can be used to forward unauthenticated requests to internal services such as GFIAgent,...
PT-2025-27627 · Gfi · Gfi Kerio Control
Name of the Vulnerable Software and Affected Versions: GFI Kerio Control version 9.4.5 Description: An authentication bypass issue exists due to insecure default proxy configuration and weak access control in the GFIAgent service. The non-transparent proxy on TCP port 3128 can be used to forward...
Insecure Proxy
spring-cloud-netflix-hystrix-dashboard uses an insecure proxy. The proxy.stream endpoint allows an attacker to make requests to any server reachable by the server hosting the dashboard...