25 matches found
DEBIAN-CVE-2026-10532
Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection, albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer...
OpenTelemetry eBPF Instrumentation 路径遍历漏洞
OpenTelemetry eBPF Instrumentation is an open-source eBPF-based lightweight telemetry data collection tool developed by OpenTelemetry. In versions 0.4.0 to 0.8.0 of OpenTelemetry eBPF Instrumentation, there was a path traversal vulnerability. This vulnerability stemmed from defects in the Java...
GHSA-JMH7-G254-2CQ9 Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing
Summary A Server-Side Request Forgery SSRF vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victim application uses gr.load to load an attacker-controlled Space, the malicious proxyurl from the config is...
GHSA-MG7H-9QFX-4R83 ZendFramework Potential Proxy Injection Vulnerabilities
Zend\Session\Validator\RemoteAddr and Zend\View\Helper\ServerUrl were found to be improperly parsing HTTP headers for proxy information, which could potentially allow an attacker to spoof a proxied IP or host name. In Zend\Session\Validator\RemoteAddr, if the client is behind a proxy server, the...
ZendFramework Potential Proxy Injection Vulnerabilities
Zend\Session\Validator\RemoteAddr and Zend\View\Helper\ServerUrl were found to be improperly parsing HTTP headers for proxy information, which could potentially allow an attacker to spoof a proxied IP or host name. In Zend\Session\Validator\RemoteAddr, if the client is behind a proxy server, the...
yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection
Impact The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url, allowing the attacker to MITM the request made from yt-dlp's HTTP session. This could lead to cookie exfiltration in some cases. To pass extra control data between...
GHSA-3CH3-JHC6-5R8X yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection
Impact The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url, allowing the attacker to MITM the request made from yt-dlp's HTTP session. This could lead to cookie exfiltration in some cases. To pass extra control data between...
llhttp: HTTP Request Smuggling when parsing the body of chunked requests
An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. During the parsing of chunked messages, the chunk size parameter was not validated properly. In situations where HTTP conversations are being proxied such as proxy, reverse-proxy, load-balancer, an...
llhttp: HTTP Request Smuggling due to spaces in headers
An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. Spaces as part of the header names were accepted as valid. In situations where HTTP conversations are being proxied such as proxy, reverse-proxy, load-balancer, an attacker can use this flaw to inject...
llhttp: HTTP Request Smuggling due to spaces in headers
An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. Spaces as part of the header names were accepted as valid. In situations where HTTP conversations are being proxied such as proxy, reverse-proxy, load-balancer, an attacker can use this flaw to inject...
llhttp: HTTP Request Smuggling due to spaces in headers
An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. Spaces as part of the header names were accepted as valid. In situations where HTTP conversations are being proxied such as proxy, reverse-proxy, load-balancer, an attacker can use this flaw to inject...
llhttp: HTTP Request Smuggling when parsing the body of chunked requests
An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. During the parsing of chunked messages, the chunk size parameter was not validated properly. In situations where HTTP conversations are being proxied such as proxy, reverse-proxy, load-balancer, an...
llhttp: HTTP Request Smuggling when parsing the body of chunked requests
An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. During the parsing of chunked messages, the chunk size parameter was not validated properly. In situations where HTTP conversations are being proxied such as proxy, reverse-proxy, load-balancer, an...
llhttp: HTTP Request Smuggling due to spaces in headers
An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. Spaces as part of the header names were accepted as valid. In situations where HTTP conversations are being proxied such as proxy, reverse-proxy, load-balancer, an attacker can use this flaw to inject...
llhttp: HTTP Request Smuggling when parsing the body of chunked requests
An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. During the parsing of chunked messages, the chunk size parameter was not validated properly. In situations where HTTP conversations are being proxied such as proxy, reverse-proxy, load-balancer, an...
llhttp: HTTP Request Smuggling due to spaces in headers
An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. Spaces as part of the header names were accepted as valid. In situations where HTTP conversations are being proxied such as proxy, reverse-proxy, load-balancer, an attacker can use this flaw to inject...
llhttp: HTTP Request Smuggling due to spaces in headers
An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. Spaces as part of the header names were accepted as valid. In situations where HTTP conversations are being proxied such as proxy, reverse-proxy, load-balancer, an attacker can use this flaw to inject...
Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp
✍️ Description Reflected XSS in proxies.php when a user asked to add a proxy, resulting in XSS. 🕵️♂️ Proof of Concept https://drive.google.com/file/d/14uabBenjADBpzWbbYqiF8a9FU2fzhX/view?usp=sharing payload: ' onmouseover='alert1 💥 Impact This vulnerability is capable of doing Reflected XSS...
[ASA-202012-16] hostapd: proxy injection
Arch Linux Security Advisory ASA-202012-16 ========================================== Severity: Medium Date : 2020-12-09 CVE-ID : CVE-2020-12695 Package : hostapd Type : proxy injection Remote : Yes Link : https://security.archlinux.org/AVG-1322 Summary ======= The package hostapd before version...
[ASA-201611-6] tomcat6: proxy injection
Arch Linux Security Advisory ASA-201611-6 ========================================= Severity: Medium Date : 2016-11-02 CVE-ID : CVE-2016-5388 Package : tomcat6 Type : proxy injection Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package tomcat6 before version...