Lucene search
K

300 matches found

Hacker One
Hacker One
added 2026/05/28 6:53 p.m.22 views

curl: Proxy CONNECT response poisoning via authentication retry in cf-h1-proxy.c (libcurl)

Summary: When an HTTP/1.x proxy returns a 407 with no Content-Length and no chunked transfer-encoding, lib/cf-h1-proxy.c singleheader sets ts-keepon = KEEPONDONE but never sets ts-closeconnection = TRUE. Because ts-closeconnection and conn-bits.close both stay false, the CONNECT tunnel state...

5.8AI score
Exploits0
NVD
NVD
added 2026/05/25 9:16 p.m.18 views

CVE-2026-48851

PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session...

3.1CVSS0.00224EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/25 9:16 p.m.18 views

CVE-2026-48851

PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session...

3.1CVSS5.8AI score0.00224EPSS
Exploits0References3
OSV
OSV
added 2026/05/25 9:16 p.m.7 views

UBUNTU-CVE-2026-48851

PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session...

3.1CVSS5.8AI score0.00224EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/25 8:16 p.m.26 views

CVE-2026-48851

PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session...

3.1CVSS0.00224EPSS
Exploits0References2
CVE
CVE
added 2026/05/25 8:16 p.m.45 views

CVE-2026-48851

PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indicator for TELNET data, but the trust status is not cleared between proxy authentication and the main session. This may cause a misleading trust cue to the user. Affected version range is 0.77–0.83; remediation is to upgrade to 0....

3.1CVSS5.8AI score0.00224EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/25 8:16 p.m.13 views

EUVD-2026-31731

PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session...

3.1CVSS5.8AI score0.00224EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/25 8:16 p.m.14 views

CVE-2026-48851

PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session...

3.1CVSS5.8AI score0.00224EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/25 8:16 p.m.8 views

CVE-2026-48851

PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session...

3.1CVSS5.8AI score0.00224EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/05/25 8:16 p.m.7 views

CVE-2026-48851

PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session...

3.1CVSS5.8AI score0.00224EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/25 8:16 p.m.19 views

CVE-2026-48851

PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session...

3.1CVSS5.8AI score0.00224EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.13 views

PT-2026-43123

Name of the Vulnerable Software and Affected Versions PuTTY versions 0.77 through 0.83 Description The software uses a copy of the PuTTY icon to indicate trust for TELNET data. However, the trust status is not cleared between the proxy authentication phase and the main session, which may lead to...

3.1CVSS5.8AI score0.00224EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.9 views

PuTTY 安全漏洞

PuTTY is a suite of free Telnet, Rlogin and SSH client software from the individual developer Simon Tatham. The software is primarily used for remote administration of Linux systems. A security vulnerability exists in PuTTY versions prior to 0.84 that stems from using a copy of the PuTTY icon as ...

3.1CVSS5.8AI score0.00224EPSS
Exploits0References2
OSV
OSV
added 2026/05/22 5:52 p.m.9 views

CLSA-2026-1779372207 curl: Fix of CVE-2026-7168

CVE-2026-7168: clear proxy Digest auth state when CURLOPTPROXY is reassigned to a different proxy host on the same easy handle so a stale Proxy-Authorization header is not replayed to the new proxy...

5.3CVSS5.8AI score0.00471EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.10 views

LiteLLM 安全漏洞

LiteLLM is an open-source application developed by Berri AI. It allows for the invocation of all LLM APIs in the OpenAI format. Versions of LiteLLM from 1.80.5 to 1.83.7 contained a security vulnerability. This vulnerability stemmed from the POST /prompts/test endpoint accepting user-provided...

8.8CVSS6.3AI score0.00373EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/28 6:10 p.m.2 views

CVE-2026-41404 OpenClaw < 2026.3.31 - Operator Admin Privilege Escalation via Trusted-Proxy Authentication

OpenClaw before 2026.3.31 contains an incomplete scope-clearing vulnerability in trusted-proxy authentication mode that allows operator.admin privilege escalation. Attackers can exploit this by declaring operator scopes on non-Control-UI clients, allowing self-declared scopes to persist on...

8.8CVSS5.3AI score0.0034EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.8 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from incomplete range clearance issues in the trusted proxy authentication mode, which could allow attackers...

8.8CVSS5.8AI score0.0034EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.8 views

PT-2026-35787

OpenClaw before 2026.3.31 contains an incomplete scope-clearing vulnerability in trusted-proxy authentication mode that allows operator.admin privilege escalation. Attackers can exploit this by declaring operator scopes on non-Control-UI clients, allowing self-declared scopes to persist on...

8.8CVSS5.3AI score0.0034EPSS
Exploits0References6
Hacker One
Hacker One
added 2026/04/27 2:54 a.m.27 views

curl: CVE-2026-7168: cross-proxy Digest auth state leak

Summary: On libcurl 8.19.0, Proxy Digest state learned from proxyA survives an independent transfer boundary on a reused easy handle and is emitted preemptively to proxyB when the proxy is changed. In the attached C PoC, the first CONNECT to proxyB carries Proxy-Authorization: Digest ... built fr...

5.3CVSS5.5AI score0.00471EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/04/22 7:22 p.m.5 views

CVE-2026-40606

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmproxy 12.2.1 and below, the builtin LDAP proxy authentication does not correctly sanitize the username when querying the LDAP...

4.8CVSS5.7AI score0.00166EPSS
Exploits1References1
Rows per page
Query Builder