Lucene search
+L

265 matches found

OpenVAS
OpenVAS
added 2026/02/02 12:0 a.m.5 views

Huawei EulerOS: Security Advisory for mod_http2 (EulerOS-SA-2026-1182)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS5.4AI score0.01149EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/27 9:17 a.m.57 views

CVE-2026-1467 Libsoup: libsoup: http header injection via specially crafted urls when an http proxy is configured

A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF Carriage Return Line Feed Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing ...

5.8CVSS0.00312EPSS
Exploits1References3
CVE
CVE
added 2026/01/27 9:17 a.m.32 views

CVE-2026-1467

Libsoup contains a CRLF injection vulnerability (CVE-2026-1467) in which URL-decoded input used to form the Host header can be manipulated when an HTTP proxy is configured. A remote attacker can craft a URL with CRLF sequences to inject extra HTTP headers or request bodies, potentially affecting ...

5.8CVSS5.8AI score0.00312EPSS
Exploits1References3Affected Software2
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.6 views

LibSoup injection vulnerability

Libsoup is a GNOME project’s HTTP client/server library. Libsoup has a vulnerability due to improper handling of URL decoding when configuring HTTP proxies, which may lead to CRLF injection attacks...

5.8CVSS6AI score0.00312EPSS
Exploits1References2
EUVD
EUVD
added 2026/01/14 10:29 p.m.4 views

EUVD-2026-2838

Server-Side Request Forgery SSRF vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services and internal network...

6.2CVSS6.2AI score0.00284EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/14 10:29 p.m.3 views

CVE-2026-0600

Server-Side Request Forgery SSRF vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services and internal network...

6.2CVSS5.5AI score0.00284EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 10:10 a.m.10 views

CVE-2019-11350

CloudBees Jenkins Operations Center 2.150.2.3, when an expired trial license exists, allows Cleartext Password Storage and Retrieval via the proxy configuration page...

9.8CVSS6.9AI score0.01787EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/01/08 9:53 a.m.9 views

Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances

Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify, an open-source, self-hosting platform, that could result in authentication bypass and remote code execution. The list of vulnerabilities is as follows - CVE-2025-66209 CVSS score: 10.0...

9.9CVSS7.9AI score0.0376EPSS
Exploits12
Snyk
Snyk
added 2026/01/07 10:55 p.m.2 views

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition via the Request function in the client.go file. An attacker can access or leak proxy configuration and potentially sensitive data by exploiting concurrent requests that mutate shared HTTP client properties without...

8.2CVSS6.8AI score0.00363EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/07 10:29 p.m.37 views

CVE-2026-21697 axios4go's Race Condition in Shared HTTP Client Allows Proxy Configuration Leak

axios4go is a Go HTTP client library. Prior to version 0.6.4, a race condition vulnerability exists in the shared HTTP client configuration. The global defaultClient is mutated during request execution without synchronization, directly modifying the shared http.Client's Transport, Timeout, and...

8.2CVSS0.00363EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/07 10:29 p.m.2 views

CVE-2026-21697 axios4go's Race Condition in Shared HTTP Client Allows Proxy Configuration Leak

axios4go is a Go HTTP client library. Prior to version 0.6.4, a race condition vulnerability exists in the shared HTTP client configuration. The global defaultClient is mutated during request execution without synchronization, directly modifying the shared http.Client's Transport, Timeout, and...

8.2CVSS6.5AI score0.00363EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.10 views

PT-2026-2093

Name of the Vulnerable Software and Affected Versions axios4go versions prior to 0.6.4 Description axios4go is a Go HTTP client library affected by a race condition in its shared HTTP client configuration. The global defaultClient is modified during request execution without proper synchronizatio...

8.2CVSS6.9AI score0.00363EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.6 views

PT-2026-4876

Name of the Vulnerable Software and Affected Versions libsoup affected versions not specified Description A flaw exists in libsoup, an HTTP client library, related to CRLF Carriage Return Line Feed Injection. This issue occurs when an HTTP proxy is configured and the library improperly handles...

5.8CVSS5.9AI score0.00423EPSS
Exploits2References33
CVE
CVE
added 2025/12/23 10:4 p.m.15 views

CVE-2025-66212

CVE-2025-66212 (Coolify) is an authenticated command injection affecting Coolify before 4.0.0-beta.451. The vulnerability lies in Dynamic Proxy Configuration Filename handling, where proxy filenames are passed to shell commands without escaping, enabling arbitrary commands to run with root privil...

9.4CVSS8.7AI score0.0318EPSS
Exploits1References4Affected Software1
OpenVAS
OpenVAS
added 2025/12/19 12:0 a.m.5 views

Huawei EulerOS: Security Advisory for mod_http2 (EulerOS-SA-2025-2588)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.01149EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/12/19 12:0 a.m.5 views

Huawei EulerOS: Security Advisory for mod_http2 (EulerOS-SA-2025-2553)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.01149EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/18 12:0 a.m.3 views

EulerOS Virtualization 2.13.1 : mod_http2 (EulerOS-SA-2025-2553)

According to the versions of the modhttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In certain proxy configurations, a denial of service attack againstApache HTTP Server versions 2.4.26 through to 2.4.63 can be...

7.5CVSS7.2AI score0.01149EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/11/21 12:0 a.m.7 views

Huawei EulerOS: Security Advisory for mod_http2 (EulerOS-SA-2025-2440)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.01149EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/19 5:20 p.m.5 views

CVE-2025-34324

GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing application updates. The manifest contains package URLs and SHA-256 hashes but is not digitally signed, so its authenticity relies solely on the underlying TLS channel. In affected versions, TLS certificate...

7.8CVSS7.6AI score0.001EPSS
Exploits1References1
NVD
NVD
added 2025/11/18 5:16 p.m.3 views

CVE-2025-34324

GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing application updates. The manifest contains package URLs and SHA-256 hashes but is not digitally signed, so its authenticity relies solely on the underlying TLS channel. In affected versions, TLS certificate...

7.8CVSS0.001EPSS
Exploits1References4
Rows per page
Query Builder