82 matches found
WordPress plugin Fediverse Embeds 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...
EUVD-2026-33765
Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all installations allows an unauthenticated remote attacker to gain read access to every log and metric for every application and platform component via minting a JWT that the cf-auth-proxy accepts as a valid logs.admin token...
GHSA-R75F-5X8P-QVMC LiteLLM has SQL Injection in Proxy API key verification
Impact A database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An unauthenticated attacker could send a specially crafted Authorization header to any LLM API route for example POST /chat/completions a...
runZero Platform 安全漏洞
runZero Platform is an asset discovery and attack surface management platform developed by the US company runZero. Versions of runZero Platform prior to 4.0.260203.0 contained security vulnerabilities. These vulnerabilities were due to improper authorization, which could allow the MCP proxy to...
CVE-2026-2835
An HTTP Request Smuggling vulnerability CWE-444 has been found in Pingora's parsing of HTTP/1.0 and Transfer-Encoding requests. The issue occurs due to improperly allowing HTTP/1.0 request bodies to be close-delimited and incorrect handling of multiple Transfer-Encoding values, allowing attackers...
CVE-2026-2833
An HTTP request smuggling vulnerability CWE-444 was found in Pingora's handling of HTTP/1.1 connection upgrades. The issue occurs when a Pingora proxy reads a request containing an Upgrade header, causing the proxy to pass through the rest of the bytes on the connection to a backend before the...
GHSA-GQF8-RVRH-G7W6 Rancher cloud credentials can be used through proxy API by users without access
A vulnerability was discovered in Rancher 2.2.0 through the aforementioned patched versions, where cloud credentials weren't being properly validated through the Rancher API. Specifically through a proxy designed to communicate with cloud providers. Any Rancher user that was logged-in and aware o...
CVE-2026-1495
The vulnerability, if exploited, could allow an attacker with Event Log Reader S-1-5-32-573 privileges to obtain proxy details, including URL and proxy credentials, from the PI to CONNECT event log files. This could enable unauthorized access to the proxy server...
AVEVA PI to CONNECT Agent 日志信息泄露漏洞
AVEVA PI to CONNECT Agent is a data transfer component developed by the British company AVEVA. AVEVA PI to CONNECT Agent has a vulnerability related to log information leakage. This vulnerability arises from attackers who have access to event log reading capabilities, allowing them to obtain...
CVE-2026-23944 Arcane allows unauthenticated proxy access to remote environments
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.13.2, unauthenticated requests could be proxied to remote environment agents, allowing access to remote environment resources without authentication. The environment proxy middleware handled...
CVE-2025-64123 Nuvation Energy Multi-Stack Controller Proxy service allows arbitrary BMS access
Unintended Proxy or Intermediary vulnerability in Nuvation Energy Multi-Stack Controller MSC allows Network Boundary Bridging.This issue affects Multi-Stack Controller MSC: through and including release 2.5.1...
Timing Attack
Dragonfly is vulnerable to Timing Attack. The vulnerability is due to the use of simple string comparisons in the Proxy feature’s access control mechanism, which allows an attacker to guess the password one character at a time by analyzing response time variations...
GHSA-C6CM-5GC7-C3F4 Duplicate Advisory: Keycloak allows access to admin path through flaw
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j4vq-q93m-4683. This link is maintained to preserve external references. Original Description A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the...
CVE-2025-10939
Keycloak is affected by a path traversal vulnerability (CVE-2025-10939) that can expose the admin console path via relative or non-normalized URLs (e.g., /realms/../admin/), potentially bypassing proxy restrictions intended to block /admin. Multiple sources (including GHSA entry and Nessus plugin...
GHSA-R657-RXJC-J557 Rack has a Possible Information Disclosure Vulnerability
Summary A possible information disclosure vulnerability existed in Rack::Sendfile when running behind a proxy that supports x-sendfile headers such as Nginx. Specially crafted headers could cause Rack::Sendfile to miscommunicate with the proxy and trigger unintended internal requests, potentially...
Rack has a Possible Information Disclosure Vulnerability
Summary A possible information disclosure vulnerability existed in Rack::Sendfile when running behind a proxy that supports x-sendfile headers such as Nginx. Specially crafted headers could cause Rack::Sendfile to miscommunicate with the proxy and trigger unintended internal requests, potentially...
CVE-2025-61780
Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, a possible information disclosure vulnerability existed in Rack::Sendfile when running behind a proxy that supports x-sendfile headers such as Nginx. Specially crafted headers could cause Rack::Sendfile to...
EUVD-2019-4115
Malware in sbrugna...
EUVD-1999-0973
Malware in sbrugna...
EUVD-2001-0479
Malware in sbrugna...