Lucene search
K

299 matches found

Vulnrichment
Vulnrichment
added 2026/04/21 5:43 p.m.7 views

CVE-2026-40606 ProxyAuth Addon LDAP Injection in mitmproxy

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmproxy 12.2.1 and below, the builtin LDAP proxy authentication does not correctly sanitize the username when querying the LDAP...

4.8CVSS5.7AI score0.00166EPSS
Exploits1References1
Snyk
Snyk
added 2026/04/14 1:8 a.m.6 views

LDAP Injection

Overview mitmproxy is an interactive, SSL/TLS-capable intercepting proxy with a console interface for HTTP/1, HTTP/2, and WebSockets. Affected versions of this package are vulnerable to LDAP Injection through the Ldap authentication handler in mitmproxy/addons/proxyauth.py. An attacker can...

8.3CVSS5.8AI score0.00166EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.7 views

PT-2026-33226

Name of the Vulnerable Software and Affected Versions mitmproxy versions prior to 12.2.2 Description The builtin LDAP proxy authentication fails to correctly sanitize the username when querying the LDAP server. This allows a malicious client to bypass authentication. This issue only affects...

4.8CVSS5.2AI score0.00166EPSS
Exploits1References7
OSV
OSV
added 2026/04/12 8:35 a.m.4 views

SUSE-SU-2026:1281-1 Security update for the Linux Kernel (Live Patch 42 for SUSE Linux Enterprise 15 SP4)

This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.170 fixes various security issues The following security issues were fixed: - CVE-2025-39973: i40e: add validation for ringlen param bsc1252036. - CVE-2025-40018: ipvs: Defer ipvsftp unregister during netns cleanup bsc1252689. -...

7.8CVSS5.8AI score0.00204EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2026/04/08 7:34 p.m.4 views

CVE-2026-35607

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, the fix in commit b6a4fb1 "self-registered users don't get execute perms" stripped Execute permission and Commands from users created via the...

8.8CVSS6.1AI score0.00383EPSS
Exploits1References1
Snyk
Snyk
added 2026/04/08 12:5 a.m.4 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the createUser process in auth/proxy.go when proxy authentication is enabled and default settings include non-empty commands. An attacker can gain unauthorized execution capabilities and access to...

8.8CVSS5.9AI score0.00383EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/08 12:5 a.m.3 views

EUVD-2026-19782

File Browser: Proxy auth auto-provisioned users inherit Execute permission and Commands...

8.1CVSS5.9AI score0.00383EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/08 12:5 a.m.5 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the createUser process in auth/proxy.go when proxy authentication is enabled and default settings include non-empty commands. An attacker can gain unauthorized execution capabilities and access to...

8.8CVSS5.9AI score0.00383EPSS
Exploits1References2
OSV
OSV
added 2026/04/08 12:5 a.m.2 views

GHSA-7526-J432-6PPP File Browser: Proxy auth auto-provisioned users inherit Execute permission and Commands

Summary The fix in commit b6a4fb1 "self-registered users don't get execute perms" stripped Execute permission and Commands from users created via the signup handler. The same fix was not applied to the proxy auth handler. Users auto-created on first successful proxy-auth login are granted executi...

8.1CVSS6.1AI score0.00383EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/08 12:5 a.m.8 views

File Browser: Proxy auth auto-provisioned users inherit Execute permission and Commands

Summary The fix in commit b6a4fb1 "self-registered users don't get execute perms" stripped Execute permission and Commands from users created via the signup handler. The same fix was not applied to the proxy auth handler. Users auto-created on first successful proxy-auth login are granted executi...

8.8CVSS6.1AI score0.00383EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/04/07 5:16 p.m.4 views

CVE-2026-35607

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, the fix in commit b6a4fb1 "self-registered users don't get execute perms" stripped Execute permission and Commands from users created via the...

8.8CVSS0.00383EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/07 4:31 p.m.15 views

CVE-2026-35607 File Browser: Proxy auth auto-provisioned users inherit Execute permission and Commands

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, the fix in commit b6a4fb1 "self-registered users don't get execute perms" stripped Execute permission and Commands from users created via the...

8.1CVSS0.00383EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/07 4:31 p.m.2 views

CVE-2026-35607

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, the fix in commit b6a4fb1 "self-registered users don't get execute perms" stripped Execute permission and Commands from users created via the...

8.1CVSS6.1AI score0.00383EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/07 4:31 p.m.3 views

CVE-2026-35607 File Browser: Proxy auth auto-provisioned users inherit Execute permission and Commands

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, the fix in commit b6a4fb1 "self-registered users don't get execute perms" stripped Execute permission and Commands from users created via the...

8.1CVSS6.1AI score0.00383EPSS
Exploits1References2
CVE
CVE
added 2026/04/07 4:31 p.m.14 views

CVE-2026-35607

CVE-2026-35607 affects File Browser. Before version 2.63.1, a fix that prevented execution rights from being inherited by self-registered users was not applied to the proxy authentication path, causing auto-created proxy-auth users on first successful login to inherit Execute permissions and Comm...

8.8CVSS6.1AI score0.00383EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.9 views

File Browser 安全漏洞

File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of File Browser prior to 2.63.1 contained security vulnerabilities. These vulnerabilities stemmed from...

8.8CVSS5.9AI score0.00383EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.7 views

PT-2026-30908

File Browser versions prior to 2.63.1 Description: File Browser is a file managing interface. Prior to version 2.63.1, a fix intended to restrict execute permissions for self-registered users was not applied to the proxy authentication handler. This allowed users automatically created on first...

8.8CVSS6.1AI score0.00383EPSS
Exploits1References9
SUSE Linux
SUSE Linux
added 2026/03/25 10:10 a.m.3 views

Security update 5.0.7 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-QubitProducts-exporterexporter: Non-customer-facing optimization and update golang-github-boynux-squidexporter: Version update from 1.6.0 to 1.13.0 with the following highlighted changes and fixes jscPED-14971: Added compatibility for Squid 6...

4.6CVSS5.8AI score0.00324EPSS
Exploits1References24
Tenable Nessus
Tenable Nessus
added 2026/03/15 12:0 a.m.8 views

openSUSE 16 Security Update : libsoup2 (openSUSE-SU-2026:20354-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20354-1 advisory. - CVE-2025-4476: null pointer dereference may lead to denial of service bsc1243422. - CVE-2025-14523: Duplicate Host Header Handling Causes...

9.1CVSS7.4AI score0.00728EPSS
Exploits3References33
OSV
OSV
added 2026/03/13 9:7 a.m.2 views

SUSE-SU-2026:20727-1 Security update for libsoup

This update for libsoup fixes the following issues: - CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests bsc1257398. - CVE-2026-1539: proxy authentication credentials leaked via the Proxy-Authorization header when handling HTTP redirects bsc1257441. -...

5.8CVSS5.8AI score0.00423EPSS
Exploits1References7
Rows per page
Query Builder