Lucene search
K

8 matches found

OSV
OSV
added 2026/06/29 5:48 a.m.6 views

BIT-NODE-2026-48615

A flaw in Node.js proxy tunnel error handling could expose proxy credentials in ERRPROXYTUNNEL error messages. When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers. This vulnerability...

7.5CVSS7.1AI score0.00437EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/16 12:30 p.m.2 views

Insertion of Sensitive Information into Log File

Overview apache-airflow-providers-microsoft-azure is a Provider package apache-airflow-providers-microsoft-azure for Apache Airflow Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the proxies and proxy fields in a Connection. An attacker ca...

7.5CVSS5.6AI score0.01979EPSS
Exploits0References2
OSV
OSV
added 2026/01/16 10:23 a.m.6 views

CVE-2025-68675 Apache Airflow: proxy credentials for various providers might leak in task logs

In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result,...

7.5CVSS7.2AI score0.01979EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/15 10:32 p.m.7 views

CVE-2026-0600

Server-Side Request Forgery SSRF vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services and internal network...

6.2CVSS6.8AI score0.00284EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/14 12:0 a.m.24 views

Sonatype Nexus Repository 安全漏洞

Sonatype Nexus Repository is a repository manager from Sonatype, Inc. that is used for managing, storing, and distributing software, among other things. A security vulnerability exists in Sonatype Nexus Repository 3 3.0.0 and later versions, which stems from improper validation of proxy repositor...

6.2CVSS7.1AI score0.00284EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.7 views

PT-2026-2966

Name of the Vulnerable Software and Affected Versions Sonatype Nexus Repository versions 3.0.0 and later Description A Server-Side Request Forgery SSRF issue exists in Sonatype Nexus Repository. Authenticated administrators can configure proxy repositories with URLs that may access unintended...

6.2CVSS6.6AI score0.00284EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/05/09 8:59 p.m.10 views

CVE-2025-47269 code-server session cookie can be extracted by having user visit specially crafted proxy URL

code-server runs VS Code on any machine anywhere through browser access. Prior to version 4.99.4, a maliciously crafted URL using the proxy subpath can result in the attacker gaining access to the session token. Failure to properly validate the port for a proxy request can result in proxying to a...

8.3CVSS8.2AI score0.36027EPSS
Exploits0References3
Veracode
Veracode
added 2023/06/21 2:38 a.m.22 views

Path Traversal

gradio is vulnerable to Path Traversal. The vulnerability exists because the library does not properly restrict the proxy URLs, which allows an attacker to access and read arbitrary files outside the expected directory through the malicious proxy URL...

9.1CVSS6.8AI score0.00651EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder