Lucene search
+L

265 matches found

OSV
OSV
added 2026/05/15 8:50 a.m.8 views

BIT-NGINX-GATEWAY-2026-42926 NGINX ngx_http_proxy_v2_module vulnerability

When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...

6.3CVSS5.8AI score0.00339EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.20 contained security vulnerabilities. These vulnerabilities stemmed from security bypasses in the proxy’s config.patch and config.apply endpoints, which failed to protect...

7.1CVSS5.8AI score0.00218EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/08 8:48 p.m.13 views

OpenTelemetry.Exporter.Instana bypasses TLS certificate validation when a proxy is configured

Summary The OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana back-end when a proxy is configured using the INSTANAENDPOINTPROXY environment variable. If a network attacker can Man-in-the-Middle MitM the...

6.5CVSS5.8AI score0.00207EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/08 8:48 p.m.52 views

GHSA-WFR5-454P-MJC2 OpenTelemetry.Exporter.Instana bypasses TLS certificate validation when a proxy is configured

Summary The OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana back-end when a proxy is configured using the INSTANAENDPOINTPROXY environment variable. If a network attacker can Man-in-the-Middle MitM the...

6.5CVSS5.8AI score0.00207EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.16 views

PT-2026-39240

Name of the Vulnerable Software and Affected Versions OpenTelemetry.Exporter.Instana affected versions not specified Description The OpenTelemetry.Exporter.Instana NuGet package fails to validate HTTPS/TLS certificates when sending telemetry to an Instana back-end if a proxy is configured via the...

6.5CVSS5.8AI score0.00207EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/04 2:41 p.m.143 views

CVE-2026-33007 Apache HTTP Server: mod_authn_socache crash

A NULL pointer dereference in the modauthnsocache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

0.00514EPSS
Exploits0References1
NVD
NVD
added 2026/04/29 8:16 p.m.7 views

CVE-2018-25313

SysGauge 4.5.18 contains a buffer overflow vulnerability in the proxy configuration handler that allows local attackers to cause a denial of service by supplying an oversized string. Attackers can inject a large payload through the Proxy Server Host Name field in the Options menu to crash the...

6.9CVSS0.0012EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/29 7:24 p.m.4 views

CVE-2018-25313 SysGauge 4.5.18 Local Denial of Service via Proxy Configuration

SysGauge 4.5.18 contains a buffer overflow vulnerability in the proxy configuration handler that allows local attackers to cause a denial of service by supplying an oversized string. Attackers can inject a large payload through the Proxy Server Host Name field in the Options menu to crash the...

6.9CVSS6AI score0.0012EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/29 7:24 p.m.8 views

EUVD-2018-21834

SysGauge 4.5.18 contains a buffer overflow vulnerability in the proxy configuration handler that allows local attackers to cause a denial of service by supplying an oversized string. Attackers can inject a large payload through the Proxy Server Host Name field in the Options menu to crash the...

6.9CVSS5.7AI score0.0012EPSS
Exploits0References2
CVE
CVE
added 2026/04/29 7:24 p.m.13 views

CVE-2018-25313

CVE-2018-25313 affects SysGauge 4.5.18. A buffer overflow in the proxy configuration handler allows local attackers to cause a denial of service by supplying an oversized string, specifically via the Proxy Server Host Name field in the Options menu. The impact is a local DoS with the application ...

6.9CVSS5.7AI score0.0012EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/29 7:24 p.m.27 views

CVE-2018-25313 SysGauge 4.5.18 Local Denial of Service via Proxy Configuration

SysGauge 4.5.18 contains a buffer overflow vulnerability in the proxy configuration handler that allows local attackers to cause a denial of service by supplying an oversized string. Attackers can inject a large payload through the Proxy Server Host Name field in the Options menu to crash the...

6.9CVSS0.0012EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.11 views

Flexense SysGauge 安全漏洞

Flexense SysGauge is a system analysis tool developed by Flexense Corporation, designed for real-time monitoring of system performance and resource usage. Version 4.5.18 of Flexense SysGauge contains a security vulnerability. This vulnerability stems from a buffer overflow in the proxy...

6.9CVSS6.1AI score0.0012EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.10 views

PT-2026-35996

SysGauge 4.5.18 contains a buffer overflow vulnerability in the proxy configuration handler that allows local attackers to cause a denial of service by supplying an oversized string. Attackers can inject a large payload through the Proxy Server Host Name field in the Options menu to crash the...

6.9CVSS5.6AI score0.0012EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.11 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from an access control bypass vulnerability in the allowProfiles function. This allowed attackers to...

8.1CVSS5.8AI score0.00335EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/22 12:31 a.m.8 views

EUVD-2026-24547

An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Management Console administrator to execute arbitrary OS commands via shell metacharacter injection in proxy configuration fields such as httpproxy. Exploitation o...

8.1CVSS6AI score0.00014EPSS
Exploits0References8
CVE
CVE
added 2026/04/21 10:12 p.m.22 views

CVE-2026-4821

The CVE-2026-4821 entry describes an improper neutralization of special elements vulnerability in GitHub Enterprise Server . It allows an authenticated Management Console administrator to execute arbitrary OS commands via shell metacharacter injection in proxy configuration fields (e.g., http_pro...

8.1CVSS6AI score0.00014EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/21 10:12 p.m.2 views

CVE-2026-4821 Proxy configuration command injection vulnerability found in GitHub Enterprise Server Management Console configuration API

An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Management Console administrator to execute arbitrary OS commands via shell metacharacter injection in proxy configuration fields such as httpproxy. Exploitation o...

8.1CVSS6AI score0.00014EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/04/21 10:12 p.m.37 views

CVE-2026-4821

...

0.00014EPSS
Exploits0
SUSE Linux
SUSE Linux
added 2026/04/21 9:24 a.m.7 views

Security update 5.1.3 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-lusitaniae-apacheexporter: Internal changes to fix build issues with no impact for customers spacecmd: Version 5.1.13-0 Updated translation strings uyuni-tools: Version 5.1.26-0 Fixed applying PTF with images from RPMs bsc1252548 Ssl Key file...

8.7CVSS5.7AI score0.00375EPSS
Exploits0References36
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.12 views

PT-2026-34210

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21 Description An improper neutralization of special elements allows an authenticated Management Console administrator to execute arbitrary OS commands. This occurs via shell metacharacter injection...

8.1CVSS5.6AI score0.00014EPSS
Exploits0References10
Rows per page
Query Builder