PT-2026-33224

Name of the Vulnerable Software and Affected Versions OAuth2 Proxy versions prior to 7.15.2 Description A configuration-dependent authentication bypass occurs when OAuth2 Proxy is configured with --reverse-proxy and has at least one rule defined using --skip auth routes or --skip-auth-regex. In...

CVE-2026-1495

CVE-2026-1495 concerns an information-insertion vulnerability in AVEVA PI to CONNECT Agent. The CVE describes that an attacker with Event Log Reader privileges (S-1-5-32-573) can access proxy details, including the proxy URL and credentials, from the PI to CONNECT event log files. This could enab...

PT-2026-7470

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A security issue exists where an attacker with Event Log Reader S-1-5-32-573 privileges may be able to obtain proxy details, including the URL and proxy credentials, from PI to CONNECT event log file...

CVE-2020-37170

TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy address configuration that allows local attackers to crash the application. Attackers can overwrite the address field with 3000 bytes of arbitrary data to trigger an application crash and prevent normal program...

CVE-2020-37170

TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy address configuration that allows local attackers to crash the application. Attackers can overwrite the address field with 3000 bytes of arbitrary data to trigger an application crash and prevent normal program...

CVE-2020-37170

TapinRadio 2.12.3 is affected by a local, denial-of-service vulnerability in the application proxy address configuration. The issue arises when an attacker overwrites the address field with 3000 bytes of arbitrary data, causing the application to crash and fail normal operation. Affected componen...

CVE-2020-37170 TapinRadio 2.12.3 - 'address' Denial of Service

TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy address configuration that allows local attackers to crash the application. Attackers can overwrite the address field with 3000 bytes of arbitrary data to trigger an application crash and prevent normal program...

CVE-2020-37170 TapinRadio 2.12.3 - 'address' Denial of Service

TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy address configuration that allows local attackers to crash the application. Attackers can overwrite the address field with 3000 bytes of arbitrary data to trigger an application crash and prevent normal program...

PT-2026-6833

Name of the Vulnerable Software and Affected Versions TapinRadio version 2.12.3 Description TapinRadio version 2.12.3 contains a denial of service issue in the application proxy address configuration. Local attackers can crash the application by overwriting the address field with 3000 bytes of...

CVE-2023-50266

Bazarr manages and downloads subtitles. In version 1.2.4, the proxy method in bazarr/bazarr/app/ui.py does not validate the user-controlled protocol and url variables and passes them to requests.get without any sanitization, which leads to a blind server-side request forgery SSRF. This issue allo...

CVE-2025-59951 Termix' official Docker image contains an authentication bypass vulnerability

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The official Docker image for Termix versions 1.5.0 and below, due to being configured with an Nginx reverse proxy, causes the backend to retrieve the proxy's IP instead of the client's I...

CVE-2025-10471

A vulnerability was detected in ZKEACMS 4.3. Impacted is the function Proxy of the file src/ZKEACMS/Controllers/MediaController.cs. Performing manipulation of the argument url results in server-side request forgery. It is possible to initiate the attack remotely. The exploit is now public and may...

CLSA-2024-1734006823 php: Fix of CVE-2024-11234

CVE-2024-11234: Fix possibility of HTTP request smuggling in configured proxy URI by prohibiting CRLF injection...

CVE-2024-32965 ssrf vulnerability in lobe-chat

Lobe Chat is an open-source, AI chat framework. Versions of lobe-chat prior to 1.19.13 have an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. The jwt token header...

CVE-2024-32965 ssrf vulnerability in lobe-chat

Lobe Chat is an open-source, AI chat framework. Versions of lobe-chat prior to 1.19.13 have an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. The jwt token header...

PT-2024-32383 · Lobe Chat · Lobe Chat

Name of the Vulnerable Software and Affected Versions: Lobe Chat versions prior to 1.19.13 Description: The issue concerns a server-side request forgery protection bypass in Lobe Chat, an open-source artificial intelligence chat framework. This protection, implemented in src/app/api/proxy/route.t...

python-requests: Unintended leak of Proxy-Authorization header

A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuildproxies is used to recompute and reattach the Proxy-Authorization...

Deterministic proxy contract address with a hard-coded salt enables token theft.

Lines of code Vulnerability details Impact The retrieveProxyContractAddress function calculates the address of the proxy contract deterministically based only on the delegate address. An attacker could pre-compute proxy contract addresses for target delegates and steal tokens by transferring to...

Unexpected proxy address format - Error After Upgrading to Veeam Backup for Microsoft 365 6.0 P20220524

Challenge After upgrading to Veeam Backup for Microsoft 365 6.0 P20220524, the mailbox backup for organizations added as Hybrid or Microsoft 365 may fail with the error: Error: Unexpected proxy address format: x500:/o=ExchangeLabs/ou=Exchange Administrative Group...

Fortinet FortiOS 信息泄露漏洞

Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform from Fortinet, Inc. Fortinet FortiOS is vulnerable to an information leakage vulnerability that results from excessive data output in server-generated error messages, which can be exploited by...