CVE-2026-10107

MoviePilot v2 is affected by an SSRF flaw in the image proxy endpoint /api/v1/system/img/{proxy}. Authentication is required, and an attacker can supply a resource_token cookie and a URL whose domain matches the allowlist to fetch arbitrary URLs. The root cause is that Safe URL checking (Security...

Security Bulletin: Multiple Vulnerabilities in watsonx.data

Summary Multiple vulnerabilities were addressed in watsonx.data 2.3.1 patch 2 version, which was present in different version from watson.data 2.2.2 to watsonx.dat 2.3.1 Patch 2 Vulnerability Details CVEID:CVE-2026-26007 DESCRIPTION: cryptography is a package designed to expose cryptographic...

SUSE CVE-2026-6297

Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged network position to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

Node.js Module axios < 1.15.0 Multiple Vulnerabilities

The version of the axios Node.js module installed on the remote host is prior to 1.15.0. It is, therefore, affected by multiple vulnerabilities: - Axios does not correctly handle hostname normalization when checking NOPROXY rules. Requests to loopback addresses like localhost. with a trailing dot...

PT-2026-27197

Name of the Vulnerable Software and Affected Versions New API versions prior to 0.11.4-alpha.2 Description The software features an Insecure Direct Object Reference IDOR in the video proxy endpoint. Any authenticated user can access video content belonging to other users by exploiting a missing...

CVE-2025-32355

CVE-2025-32355 affects Rocket TRUfusion Enterprise up to version 7.10.4.0, where the built-in reverse proxy can be misconfigured to accept absolute URLs in the HTTP request line. This enables server-side requests to load arbitrary resources via the proxy, constituting a server-side request forger...

CVE-2025-32355

Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource...

TencentOS Server 3: mod_http2 (TSSA-2022:0259)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0259 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

php: Configuring a proxy in a stream context might allow for CRLF injection in URIs

A flaw was found in PHP. In affected versions of PHP, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized, which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the...

Google Android 安全漏洞

Google Android is a free and open source mobile operating system based on the Linux kernel, developed by Google Inc. and the Open Handset Alliance, and is mainly used for smartphones, tablets and other devices. Google Android suffers from an obfuscated proxy vulnerability that can be exploited by...

Linux Distros Unpatched Vulnerability : CVE-2023-30847

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the reverse proxy handler tries to processes a certain type of invalid HTTP request, it tries to...

Linux Distros Unpatched Vulnerability : CVE-2024-38473

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially...

CVE-2025-20222 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Buffer Vulnerability

A vulnerability in the RADIUS proxy feature for the IPsec VPN feature of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. This...

Bosch Rexroth ctrlX OS 安全漏洞

Bosch Rexroth ctrlX OS is a Linux-based real-time operating system from Bosch Rexroth, an open control platform designed for industrial automation equipment. A security vulnerability exists in Bosch Rexroth ctrlX OS, which stems from improper Proxy functionality that could lead to tampering with...

Fortinet FortiWeb Confused deputy issue on SERVER_NAME causes open proxy flaw (FG-IR-21-123)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-123 advisory. - A unintended proxy or intermediary 'confused deputy' in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows a...

TxtDot 安全漏洞

TxtDot is an HTTP proxy from TxtDot Open Source. A security vulnerability exists in TxtDot versions prior to 1.7.0. A remote attacker exploited the vulnerability to send an HTTP GET request to an arbitrary target using the server as a proxy and retrieve information in an internal network...

VulnCheck KEV: CVE-2020-17505

Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via servicecmdspeform...

golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working

A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality...

SUSE CVE-2005-0147

Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials...

Grafana 安全漏洞

Grafana is a set of open source monitoring tools from Grafana Labs that provide a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. A security vulnerability exists in Grafana versions prior to 9.1.6 and prior to 8.5.13...