265 matches found
Huawei EulerOS: Security Advisory for mod_http2 (EulerOS-SA-2026-1182)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2026-1467 Libsoup: libsoup: http header injection via specially crafted urls when an http proxy is configured
A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF Carriage Return Line Feed Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing ...
CVE-2026-1467
Libsoup contains a CRLF injection vulnerability (CVE-2026-1467) in which URL-decoded input used to form the Host header can be manipulated when an HTTP proxy is configured. A remote attacker can craft a URL with CRLF sequences to inject extra HTTP headers or request bodies, potentially affecting ...
LibSoup injection vulnerability
Libsoup is a GNOME project’s HTTP client/server library. Libsoup has a vulnerability due to improper handling of URL decoding when configuring HTTP proxies, which may lead to CRLF injection attacks...
EUVD-2026-2838
Server-Side Request Forgery SSRF vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services and internal network...
CVE-2026-0600
Server-Side Request Forgery SSRF vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services and internal network...
CVE-2019-11350
CloudBees Jenkins Operations Center 2.150.2.3, when an expired trial license exists, allows Cleartext Password Storage and Retrieval via the proxy configuration page...
Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances
Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify, an open-source, self-hosting platform, that could result in authentication bypass and remote code execution. The list of vulnerabilities is as follows - CVE-2025-66209 CVSS score: 10.0...
Race Condition
Overview Affected versions of this package are vulnerable to Race Condition via the Request function in the client.go file. An attacker can access or leak proxy configuration and potentially sensitive data by exploiting concurrent requests that mutate shared HTTP client properties without...
CVE-2026-21697 axios4go's Race Condition in Shared HTTP Client Allows Proxy Configuration Leak
axios4go is a Go HTTP client library. Prior to version 0.6.4, a race condition vulnerability exists in the shared HTTP client configuration. The global defaultClient is mutated during request execution without synchronization, directly modifying the shared http.Client's Transport, Timeout, and...
CVE-2026-21697 axios4go's Race Condition in Shared HTTP Client Allows Proxy Configuration Leak
axios4go is a Go HTTP client library. Prior to version 0.6.4, a race condition vulnerability exists in the shared HTTP client configuration. The global defaultClient is mutated during request execution without synchronization, directly modifying the shared http.Client's Transport, Timeout, and...
PT-2026-2093
Name of the Vulnerable Software and Affected Versions axios4go versions prior to 0.6.4 Description axios4go is a Go HTTP client library affected by a race condition in its shared HTTP client configuration. The global defaultClient is modified during request execution without proper synchronizatio...
PT-2026-4876
Name of the Vulnerable Software and Affected Versions libsoup affected versions not specified Description A flaw exists in libsoup, an HTTP client library, related to CRLF Carriage Return Line Feed Injection. This issue occurs when an HTTP proxy is configured and the library improperly handles...
CVE-2025-66212
CVE-2025-66212 (Coolify) is an authenticated command injection affecting Coolify before 4.0.0-beta.451. The vulnerability lies in Dynamic Proxy Configuration Filename handling, where proxy filenames are passed to shell commands without escaping, enabling arbitrary commands to run with root privil...
Huawei EulerOS: Security Advisory for mod_http2 (EulerOS-SA-2025-2588)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for mod_http2 (EulerOS-SA-2025-2553)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 2.13.1 : mod_http2 (EulerOS-SA-2025-2553)
According to the versions of the modhttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In certain proxy configurations, a denial of service attack againstApache HTTP Server versions 2.4.26 through to 2.4.63 can be...
Huawei EulerOS: Security Advisory for mod_http2 (EulerOS-SA-2025-2440)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-34324
GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing application updates. The manifest contains package URLs and SHA-256 hashes but is not digitally signed, so its authenticity relies solely on the underlying TLS channel. In affected versions, TLS certificate...
CVE-2025-34324
GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing application updates. The manifest contains package URLs and SHA-256 hashes but is not digitally signed, so its authenticity relies solely on the underlying TLS channel. In affected versions, TLS certificate...