Lucene search
K

8260 matches found

Github Security Blog
Github Security Blog
added 2026/06/18 1:6 p.m.22 views

http-proxy-middleware `router` host+path substring matching allows Host-header-driven backend routing bypass

Summary http-proxy-middleware documents router proxy-table entries as host, path, or host+path selectors, but the host+path implementation uses unanchored substring matching on attacker-controlled request metadata. As a result, a crafted Host header that is only a superstring match for a configur...

8.6CVSS5.6AI score0.0034EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.17 views

PT-2026-50734

Name of the Vulnerable Software and Affected Versions http-proxy-middleware versions 0.16.0 through 2.0.9 http-proxy-middleware versions 3.0.0 through 3.0.5 http-proxy-middleware versions 4.0.0 through 4.0.9 Description An issue exists in the router proxy-table implementation where host+path...

8.6CVSS5.9AI score0.0034EPSS
Exploits1References5
Circl
Circl
added 2026/06/17 5:17 p.m.7 views

CVE-2026-55603

creationtimestamp| type| source ---|---|--- 2026-06-17 17:17:39+00:00| published-proof-of-concept| https://github.com/chimurai/http-proxy-middleware/security/advisories/GHSA-gcq2-9pq2-cxqm 2026-06-23 09:03:07+00:00| seen| https://bsky.app/profile/hugovalters.bsky.social/post/3mox25jonrk2t...

7.5CVSS5.8AI score0.00243EPSS
Exploits1References2
Circl
Circl
added 2026/06/17 5:17 p.m.9 views

CVE-2026-55602

creationtimestamp| type| source ---|---|--- 2026-06-17 17:17:28+00:00| published-proof-of-concept| https://github.com/chimurai/http-proxy-middleware/security/advisories/GHSA-64mm-vxmg-q3vj...

8.6CVSS5AI score0.0034EPSS
Exploits1References1
NVD
NVD
added 2026/06/17 10:54 a.m.17 views

CVE-2026-46847

Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware component: Runtime Tools. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle WebCent...

9.9CVSS0.00411EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:54 a.m.16 views

CVE-2026-46848

Vulnerability in the WebLogic Server product of Oracle Fusion Middleware component: Console. Supported versions that are affected are 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where WebLogic Server executes to...

7.9CVSS0.00152EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:53 a.m.11 views

CVE-2026-46810

Vulnerability in the Identity Manager product of Oracle Fusion Middleware component: End User Self Service. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Identity...

6.5CVSS0.00272EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:53 a.m.9 views

CVE-2026-46813

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware component: Content Server. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

9.8CVSS0.00473EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:53 a.m.9 views

CVE-2026-46812

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Authentication Engine. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

6.1CVSS0.00245EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:53 a.m.12 views

CVE-2026-46807

Vulnerability in the Identity Manager product of Oracle Fusion Middleware component: OIM Legacy UI. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Identity Manager...

9.8CVSS0.00518EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:53 a.m.8 views

CVE-2026-46794

Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware component: Generic Unix Connector. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via SSH to compromise...

9.9CVSS0.00432EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:53 a.m.10 views

CVE-2026-46793

Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware component: Database User. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity...

9.9CVSS0.00402EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:53 a.m.10 views

CVE-2026-46792

Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware component: Generic Unix Connector. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

9.9CVSS0.00402EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:53 a.m.9 views

CVE-2026-46770

Vulnerability in the Oracle Application Development Framework ADF product of Oracle Fusion Middleware component: Security Framework. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

6.1CVSS0.00245EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:53 a.m.10 views

CVE-2026-46772

Vulnerability in the Oracle Application Development Framework ADF product of Oracle Fusion Middleware component: ADF Faces. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where...

4.7CVSS0.00137EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:53 a.m.8 views

CVE-2026-46769

Vulnerability in the Oracle Application Development Framework ADF product of Oracle Fusion Middleware component: ADF Shared Components. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP...

7.2CVSS0.00453EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:40 a.m.11 views

CVE-2026-35326

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware component: Content Server. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle...

7.2CVSS0.00453EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:40 a.m.10 views

CVE-2026-35323

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware component: Content Server. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

9.9CVSS0.00411EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:40 a.m.12 views

CVE-2026-35311

Vulnerability in the WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise WebLogic Server. Successful...

8.8CVSS0.00402EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:40 a.m.10 views

CVE-2026-35313

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Authentication Engine. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

9.9CVSS0.00411EPSS
Exploits0References1
Rows per page
Query Builder