64 matches found
EUVD-2025-9667
Malicious code in bioql PyPI...
EUVD-2023-35199
Malicious code in bioql PyPI...
EUVD-2023-31254
Malicious code in bioql PyPI...
EUVD-2024-1427
Malicious code in bioql PyPI...
EUVD-2023-40420
Malicious code in bioql PyPI...
EUVD-2023-2624
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-2053
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When a POST request comes through AJP and the request exceeds the max-post-size limit maxEntitySize, Undertow's AjpServerRequestConduit implementation closes a...
Debian dla-4270 : apache2 - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4270 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4270-1 [email protected]...
Security Bulletin: PrismMatching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component which affects IBM watsonx.data
Summary PrismMatching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied. These can affect...
TencentOS Server 2: curl (TSSA-2023:0311)
The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0311 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...
CVE-2022-1337
The image proxy component in Mattermost version 6.4.1 and earlier allocates memory for multiple copies of a proxied image, which allows an authenticated attacker to crash the server via links to very large image files...
CVE-2021-29416
An issue was discovered in PortSwigger Burp Suite before 2021.2. During viewing of a malicious request, it can be manipulated into issuing a request that does not respect its upstream proxy configuration. This could leak NetNTLM hashes on Windows systems that fail to block outbound SMB...
CVE-2020-27664
admin/src/containers/InputModalStepperProvider/index.js in Strapi before 3.2.5 has unwanted /proxy?url= functionality...
CVE-2025-0130
A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this...
CVE-2025-25061
CVE-2025-25061 affects JTEKT/HMI ViewJet C-more and HMI GC-A2 series. Description: an unintended proxy/intermediary (Confused Deputy) vulnerability could allow a remote unauthenticated attacker to use the product as an intermediary for an FTP bounce attack. Impact: attacker may misuse the product...
JTEKT ELECTRONICS HMI ViewJet C-more 安全漏洞
JTEKT ELECTRONICS HMI ViewJet C-more is a series of human-machine interfaces from JTEKT ELECTRONICS, Japan. A security vulnerability exists in JTEKT ELECTRONICS HMI ViewJet C-more that stems from a proxy issue that could lead to an FTP bounce attack...
PT-2025-14826 · Unknown · Hmi Gc-A2 Series +1
Name of the Vulnerable Software and Affected Versions: HMI ViewJet C-more series affected versions not specified HMI GC-A2 series affected versions not specified Description: The issue is related to an unintended proxy or intermediary problem, also known as 'Confused Deputy', which may allow a...
CVE-2025-30157 Envoy crashes when HTTP ext_proc processes local replies
Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy's extproc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A known situation is the failure of a websocket...
CVE-2025-22870
CVE-2025-22870 has concrete details across connected docs: it impacts multiple Go-related packages (notably golang) and related ecosystems via a proxy matching bug. The flaw arises when IPv6 zone IDs are misinterpreted as hostname components in NO_PROXY, causing requests to [::1%25.example.com] t...
Linux Distros Unpatched Vulnerability : CVE-2022-35957
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server adm...