22690 matches found
Artica Proxy 4.30.000000 - Cross-Site Scripting
Artica Proxy 4.30.000000 contains a cross-site scripting vulnerability via the password parameter in /fw.login.php. id: CVE-2022-37153 info: name: Artica Proxy 4.30.000000 - Cross-Site Scripting author: arafatansari severity: medium description: | Artica Proxy 4.30.000000 contains a cross-site...
PHP Proxy 3.0.3 - Local File Inclusion
PHP Proxy 3.0.3 is susceptible to local file inclusion vulnerabilities that allow unauthenticated users to read files from the server via index.php?q=file:/// a different vulnerability than CVE-2018-19246. id: CVE-2018-19458 info: name: PHP Proxy 3.0.3 - Local File Inclusion author: daffainfo...
Artica Web Proxy 4.30 - OS Command Injection
Artica Web Proxy 4.30 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via servicecmdspeform. id: CVE-2020-17505 info: name: Artica Web Proxy 4.30 - OS Command Injection author: dwisiswant0...
Squid Proxy - HTTP Authentication Credentials Disclosure
Squid versions prior to 7.2 fail to redact HTTP authentication credentials in error page responses. The Authorization header value is embedded in plain text inside the mailto: diagnostic block when Squid generates an error page e.g. ERRDNSFAIL. id: CVE-2025-62168 info: name: Squid Proxy - HTTP...
WordPress Varnish/Nginx Proxy Caching <= 1.8.3 - Information Exposure
Razvan Stanga Varnish/Nginx Proxy Caching = 1.8.3 contains an insertion of sensitive information into sent data vulnerability caused by improper handling of embedded sensitive data, letting attackers retrieve sensitive information, exploit requires crafted requests. id: CVE-2025-62126 info: name:...
Apache Druid - Server-Side Request Forgery
Server-Side Request Forgery SSRF, Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting', URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Apache Druid.This issue affects all previous Druid versions.When using the Druid management proxy, a request tha...
Request-Baskets <= 1.2.1 - Server Side Request Forgery
Request-Baskets = 1.2.1 allows unauthenticated SSRF via the forwardurl parameter when creating a new basket. id: CVE-2023-27163 info: name: Request-Baskets = 1.2.1 - Server Side Request Forgery author: Jaenact severity: medium description: | Request-Baskets = 1.2.1 allows unauthenticated SSRF via...
Emby Server - Authentication Bypass
Emby Server is a user-installable home media server which stores and organizes a user's media files of virtually any format and makes them available for viewing at home and abroad on a broad range of client devices. This vulnerability may allow administrative access to an Emby Server system,...
Mailpit < 1.28.3 - Server-Side Request Forgery
Mailpit = 1.28.0 contains a server-side request forgery caused by insufficient validation of internal IP addresses in the /proxy endpoint, letting attackers make requests to internal network resources, exploit requires crafted HTTP GET requests. id: CVE-2026-21859 info: name: Mailpit 1.28.3 -...
LoLLMs WEBUI - Server-Side Request Forgery
LoLLMs WEBUI contains a server-side request forgery caused by unauthenticated access to the /api/proxy endpoint, letting attackers force the server to make arbitrary GET requests, exploit requires no authentication. id: CVE-2026-33340 info: name: LoLLMs WEBUI - Server-Side Request Forgery author:...
LobeHub LobeChat <= 2.1.56 - Server-Side Request Forgery
LobeHub LobeChat versions up to and including 2.1.56 are vulnerable to an unauthenticated server-side request forgery vulnerability in the /webapi/proxy endpoint. The endpoint accepts a URL in the POST request body and fetches it server-side without authentication. id: CVE-2026-54157 info: name:...
Geoserver - Server-Side Request Forgery
GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows server-side request forgery via the option for setting a proxy host. id: CVE-2021-40822 info: name: Geoserver - Server-Side Request Forgery author: For3stCo1d,aringo-bf severity: high description: GeoServer through 2.18.5 and 2.19.x throug...
vCenter Server - Improper Access Control
Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed. id: CVE-2021-22017 info: name:...
Apache Tomcat JK Connect <=1.2.44 - Manager Access
Apache Tomcat JK modjk Connector 1.2.0 to 1.2.44 allows specially constructed requests to expose application functionality through the reverse proxy. It is also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is so...
LiteLLM - SQL Injection
LiteLLM 1.81.16 to 1.83.7 contains a SQL injection caused by improper handling of caller-supplied key in database query during proxy API key checks, letting unauthenticated attackers read and modify database data, exploit requires crafted Authorization header. id: CVE-2026-42208 info: name: LiteL...
CVE-2026-20896 Gitea Docker image trusts spoofable reverse-proxy headers by default
Gitea Docker image versions up to and including 1.26.2 use REVERSEPROXYTRUSTEDPROXIES= by default, allowing any source IP to impersonate a user when reverse-proxy authentication headers such as X-WEBAUTH-USER are enabled...
CVE-2026-20896
CVE-2026-20896 affects Gitea Docker images up to and including 1.26.2. The root cause is the default setting REVERSE_PROXY_TRUSTED_PROXIES=*, which can let an attacker impersonate a user when reverse-proxy authentication headers (e.g., X-WEBAUTH-USER) are enabled. Several sources document this, i...
Zimbra Collaboration Suite - SSRF
Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component. id: CVE-2019-9621 info: name: Zimbra Collaboration Suite - SSRF author: riteshs4hu severity: high description: |...
Apache HTTP Server - ACL Bypass
Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. id: CVE-2024-38473 info: name: Apache HTTP Server - ACL Bypass author: pdteam severity: high...
Artica Proxy - Unauthenticated LFI
The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to...