Lucene search
K

35 matches found

Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-55884 Tilt: Missing authentication on the network-exposed Tilt HUD server

Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.20.8 through 0.37.3, the Tilt HUD HTTP server registers handlers on a gorilla/mux router with no authenticating middleware. When the HUD is bound to a non-loopback address, an unauthenticated network caller can...

9.2CVSS0.00397EPSS
Exploits0References4
CVE
CVE
added 5 days ago26 views

CVE-2026-55884

Tilt HUD server in github.com/tilt-dev/tilt is affected in versions 0.20.8–0.37.3 where the HUD HTTP server registers handlers on a gorilla/mux router without authentication. When bound to a non-loopback address, an unauthenticated network caller can trigger developer-defined Tiltfile resources, ...

9.2CVSS6.2AI score0.00397EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 6 days ago5 views

netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation

A flaw was found in Netty. The HttpProxyHandler component, which handles HTTP CONNECT requests, does not properly validate user-provided outbound headers. This allows an attacker to inject arbitrary HTTP headers into the CONNECT request sent to the proxy server. This could lead to unexpected...

7.5CVSS6.9AI score0.00952EPSS
Exploits1References5
OSV
OSV
added 2026/05/19 3:53 p.m.7 views

GHSA-W4VJ-R5PG-3722 Mailpit: Concurrent map read & write in proxy CSS rewriter - remote unauth crash (fatal error: concurrent map read and map write)

Summary The screenshot/print proxy /proxy?data=… maintains a package-level assets mapstringMessageAssets cache, but reads the map without holding assetsMutex while a long-running cleanup goroutine and re-entrant CSS-rewriting code path concurrently write to it under the lock. When the...

5.9CVSS5.9AI score0.00091EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/18 11:41 a.m.15 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of netty-handler-proxy

Summary Due to use of netty-handler-proxy, DevOps Test Performance and Rational Performance Tester contain a potential header injection vulnerability. Vulnerability Details CVEID:CVE-2026-42578 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Fina...

7.5CVSS5.9AI score0.00952EPSS
Exploits1Affected Software1
UbuntuCve
UbuntuCve
added 2026/05/13 7:17 p.m.9 views

CVE-2026-42578

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's HttpProxyHandler constructs HTTP CONNECT requests with header validation explicitly disabled. The newInitialMessage method creates headers using...

7.5CVSS5.9AI score0.00952EPSS
Exploits1References2
OSV
OSV
added 2026/05/13 7:17 p.m.8 views

UBUNTU-CVE-2026-42578

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's HttpProxyHandler constructs HTTP CONNECT requests with header validation explicitly disabled. The newInitialMessage method creates headers using...

7.5CVSS6AI score0.00952EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/05/13 5:57 p.m.14 views

CVE-2026-42578 Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's HttpProxyHandler constructs HTTP CONNECT requests with header validation explicitly disabled. The newInitialMessage method creates headers using...

6.3CVSS6.9AI score0.00952EPSS
Exploits1References1
OSV
OSV
added 2026/05/07 12:11 a.m.4 views

GHSA-45Q3-82M4-75JR Netty has HTTP Header Injection via HttpProxyHandler Disabled Validation (Incomplete Fix CVE-2025-67735)

Security Vulnerability Report: HTTP Header Injection via HttpProxyHandler Disabled Validation in Netty 1. Vulnerability Summary | Field | Value | |-------|-------| | Product | Netty | | Version | 4.2.12.Final and all prior versions | | Component | io.netty.handler.proxy.HttpProxyHandler | |...

6.3CVSS6.1AI score0.00952EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/05/07 12:11 a.m.23 views

Netty has HTTP Header Injection via HttpProxyHandler Disabled Validation (Incomplete Fix CVE-2025-67735)

Security Vulnerability Report: HTTP Header Injection via HttpProxyHandler Disabled Validation in Netty 1. Vulnerability Summary | Field | Value | |-------|-------| | Product | Netty | | Version | 4.2.12.Final and all prior versions | | Component | io.netty.handler.proxy.HttpProxyHandler | |...

7.5CVSS7AI score0.00952EPSS
Exploits2References4Affected Software1
NVD
NVD
added 2026/04/27 10:16 p.m.12 views

CVE-2026-7177

A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/provider/...path/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been...

7.5CVSS0.00356EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/04/27 9:45 p.m.4 views

CVE-2026-7177

A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/provider/...path/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been...

7.5CVSS5AI score0.00356EPSS
Exploits1References6Affected Software1
EUVD
EUVD
added 2026/04/27 9:45 p.m.8 views

EUVD-2026-25928

A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/provider/...path/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been...

7.5CVSS7AI score0.00356EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/04/27 9:45 p.m.32 views

CVE-2026-7177 ChatGPTNextWeb NextChat route.ts proxyHandler server-side request forgery

A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/provider/...path/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been...

7.5CVSS0.00356EPSS
Exploits1References6
OSV
OSV
added 2026/04/27 9:45 p.m.2 views

CVE-2026-7177 ChatGPTNextWeb NextChat route.ts proxyHandler server-side request forgery

A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/provider/...path/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been...

6.9CVSS6.5AI score0.00356EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.13 views

PT-2026-35534

A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/provider/...path/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been...

7.5CVSS7AI score0.00356EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.11 views

NextChat 代码问题漏洞

NextChat is an open-source project developed by NextChat for quickly deploying private ChatGPT web applications. Versions of NextChat 2.16.1 and earlier have code vulnerabilities. These vulnerabilities stem from improper handling of the proxyHandler function in the file...

7.5CVSS7.2AI score0.00356EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/17 8:54 p.m.2 views

CVE-2026-40155 Auth0 Next.js SDK has Improper Proxy Cache Lookup

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In versions 4.12.0 through 4.17.1, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Users are affected if...

5.4CVSS5.7AI score0.00214EPSS
Exploits0References3
NVD
NVD
added 2026/03/24 6:16 p.m.10 views

CVE-2026-32854

LibVNCServer versions 0.9.15 and prior fixed in commit dc78dee contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit...

7.5CVSS0.05322EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.10 views

LibVNCServer 代码问题漏洞

LibVNCServer is a cross-platform C language library that enables the implementation of VNC Virtual Network Computing server or client functions in programs. Versions of LibVNCServer prior to 0.9.15 have code vulnerabilities due to a null pointer dereferencing issue in the HTTP proxy handler, whic...

7.5CVSS5.9AI score0.05322EPSS
Exploits1References4
Rows per page
Query Builder