15 matches found
CVE-2026-59221
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.6 before 0.10.0, sanitizeproxypath in backend/openwebui/routers/terminals.py decoded proxy paths only eight times, allowing a nine-times percent-encoded ../ traversal value to pass normalization checks...
EUVD-2026-42650
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.6 before 0.10.0, sanitizeproxypath in backend/openwebui/routers/terminals.py decoded proxy paths only eight times, allowing a nine-times percent-encoded ../ traversal value to pass normalization checks...
CVE-2026-59221
Open WebUI before 0.10.0 is affected by a path traversal guard bypass in sanitize_proxy_path (backend/open_webui/routers/terminals.py). The function decodes proxy paths only eight times, allowing a nine-times percent-encoded ../ traversal to bypass normalization and be decoded by the upstream ter...
PT-2026-50589
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description The terminal-server reverse proxy in backend/open webui/routers/terminals.py fails to properly confine the user-controlled path segment before forwarding it to an admin-configured terminal server...
CVE-2026-40155
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In versions 4.12.0 through 4.17.1, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Users are affected if...
CVE-2026-31804
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /pmsimageproxy endpoint accepts a user-supplied img parameter and forwards it to Plex Media Server's /photo/:/ transcode transcoder without authentication and without restricting the scheme...
CVE-2026-33242 Salvo has a Path Traversal in salvo-proxy::encode_url_path allows API Gateway Bypass
Salvo is a Rust web framework. Versions 0.39.0 through 0.89.2 have a Path Traversal and Access Control Bypass vulnerability in the salvo-proxy component. The vulnerability allows an unauthenticated external attacker to bypass proxy routing constraints and access unintended backend paths e.g.,...
CVE-2021-35483
The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an...
PT-2025-44084
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak where the /admin path can be accessed via a proxy, such as ha-proxy, by using relative or non-normalized paths. Keycloak documentation advises against exposing the...
CVE-2025-54468
CVE-2025-54468 affects Rancher Rancher Manager. It describes that Impersonate-Extra-* headers are sent to external services via the /meta/proxy endpoint, potentially exposing identifiers such as email addresses. Connected records reference Rancher-related advisories (GO-2025-3982) noting that the...
CVE-2025-47952 Traefik allows path traversal using url encoding
Traefik pronounced traffic is an HTTP reverse proxy and load balancer. Prior to versions 2.11.25 and 3.4.1, there is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a...
Nuxt 安全漏洞
Nuxt is a free open source framework from Nuxt Open Source. A security vulnerability exists in Nuxt versions prior to 1.4.5, which stems from incorrect proxy request path parsing, allowing an attacker to change the requested scheme and host, potentially leading to sensitive data disclosure...
GHSA-V6F3-GH5H-MQWX DIRAC: Unauthorized users can read proxy contents during generation
Impact During the proxy generation process e.g., when using dirac-proxy-init it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then perform any action that is possible with the original proxy. This vulnerability only exists for a...
USN-5090-2 apache2 vulnerabilities
USN-5090-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that the Apache HTTP Server incorrectly handled certain malformed requests. A remote attacker could possibly us...
hawtio: server side request forgery via initial /proxy/ substring of a URI
Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI...