17 matches found
Insufficient Verification of Data Authenticity
Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the ForwardAuth middleware when trustForwardHeader is set to false and the deployment is behind a trusted upstream proxy. An attacker can gain unauthorized access to protected backend...
CVE-2026-33397
The Angular SSR is a server-rise rendering tool for Angular applications. Versions on the 22.x branch prior to 22.0.0-next.2, the 21.x branch prior to 21.2.3, and the 20.x branch prior to 20.3.21 have an Open Redirect vulnerability in @angular/ssr due to an incomplete fix for CVE-2026-27738. Whil...
Self-Spreading 'GlassWorm' Infects VS Code Extensions in Widespread Supply Chain Attack
Cybersecurity researchers have discovered a self-propagating worm that spreads via Visual Studio Code VS Code extensions on the Open VSX Registry and the Microsoft Extension Marketplace, underscoring how developers have become a prime target for attacks. The sophisticated threat, codenamed...
HTTP Request Smuggling
Overview Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper parsing of the HTTP trailer section in the parse function. An attacker can bypass security controls, launch targeted attacks against users, or poison web caches by crafting specially formed HTTP...
HTTP Request Smuggling
Overview Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper parsing of the HTTP trailer section in the parse function. An attacker can bypass security controls, launch targeted attacks against users, or poison web caches by crafting specially formed HTTP...
USN-7709-1 ruby-webrick vulnerability
It was discovered that WEBrick incorrectly parsed HTTP headers. In configurations where WEBrick is placed behind an HTTP proxy, a remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack...
CVE-2025-53638 Solady lacks extcodesize validation on implementation in ERC4337Factory
Solady is software that provides Solidity snippets with APIs. Starting in version 0.0.125 and prior to version 0.1.24, when an account is deployed via a proxy, using regular Solidity to call its initialization function may result in a silent failure, if the initialization function does not return...
CVE-2025-6442
Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The...
DEBIAN-CVE-2025-6442
Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The...
AZL-64352 CVE-2025-6442 affecting package ruby for versions less than 3.3.5-4
Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The...
SUSE CVE-2025-6442
Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The...
Attacker can call initializeTokenomics in the tokenomics implementation contract and self destruct afterwards
Lines of code Vulnerability details Impact Malicious actor can front run any attempts to initialize the implementation contract of tokenomics and self destruct the contract. This makes us to re-deploy proxy as the upgradable logic is within the proxy as well. Proof of Concept 1. Implementation is...
Launching ICA file failure in ICA proxy deployment integrated with Sangfor LB
Launching ICA file failure in ICA proxy deployment integrated with Sangfor LB...
Update Rollup 22 for Exchange Server 2010 Service Pack 3
Update Rollup 22 for Exchange Server 2010 Service Pack 3 Update Rollup 22 for Microsoft Exchange Server 2010 Service Pack 3 SP3 was released on June 19, 2018. Before you install this update, you must remove all interim updates for Exchange Server 2010 SP3. Also, see this important information abo...
CVE-2015-4334
The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers OCS when used in an explicit proxy deployment, which makes it easier for remote attackers to obtain sensitive...
Default configuration
The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers OCS when used in an explicit proxy deployment, which makes it easier for remote attackers to obtain sensitive...
Security update 1970-01-01
...