Lucene search
K

15 matches found

NVD
NVD
added yesterday9 views

CVE-2026-59221

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.6 before 0.10.0, sanitizeproxypath in backend/openwebui/routers/terminals.py decoded proxy paths only eight times, allowing a nine-times percent-encoded ../ traversal value to pass normalization checks...

7.7CVSS
Exploits0References4
EUVD
EUVD
added yesterday5 views

EUVD-2026-42650

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.6 before 0.10.0, sanitizeproxypath in backend/openwebui/routers/terminals.py decoded proxy paths only eight times, allowing a nine-times percent-encoded ../ traversal value to pass normalization checks...

7.7CVSS5.9AI score
Exploits0References4
CVE
CVE
added yesterday7 views

CVE-2026-59221

Open WebUI before 0.10.0 is affected by a path traversal guard bypass in sanitize_proxy_path (backend/open_webui/routers/terminals.py). The function decodes proxy paths only eight times, allowing a nine-times percent-encoded ../ traversal to bypass normalization and be decoded by the upstream ter...

7.7CVSS5.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.17 views

PT-2026-50589

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description The terminal-server reverse proxy in backend/open webui/routers/terminals.py fails to properly confine the user-controlled path segment before forwarding it to an admin-configured terminal server...

7.7CVSS5.9AI score0.00349EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/04/20 7:22 p.m.4 views

CVE-2026-40155

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In versions 4.12.0 through 4.17.1, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Users are affected if...

5.4CVSS5.7AI score0.00214EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/30 7:42 p.m.4 views

CVE-2026-31804

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /pmsimageproxy endpoint accepts a user-supplied img parameter and forwards it to Plex Media Server's /photo/:/ transcode transcoder without authentication and without restricting the scheme...

4CVSS5.8AI score0.00277EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/23 11:40 p.m.25 views

CVE-2026-33242 Salvo has a Path Traversal in salvo-proxy::encode_url_path allows API Gateway Bypass

Salvo is a Rust web framework. Versions 0.39.0 through 0.89.2 have a Path Traversal and Access Control Bypass vulnerability in the salvo-proxy component. The vulnerability allows an unauthenticated external attacker to bypass proxy routing constraints and access unintended backend paths e.g.,...

7.5CVSS0.00565EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/04 1:57 a.m.6 views

CVE-2021-35483

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an...

4.1CVSS6AI score0.00221EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.8 views

PT-2025-44084

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak where the /admin path can be accessed via a proxy, such as ha-proxy, by using relative or non-normalized paths. Keycloak documentation advises against exposing the...

3.7CVSS6.5AI score0.00386EPSS
Exploits0References16
CVE
CVE
added 2025/10/02 10:0 a.m.18 views

CVE-2025-54468

CVE-2025-54468 affects Rancher Rancher Manager. It describes that Impersonate-Extra-* headers are sent to external services via the /meta/proxy endpoint, potentially exposing identifiers such as email addresses. Connected records reference Rancher-related advisories (GO-2025-3982) noting that the...

4.7CVSS6.3AI score0.00334EPSS
Exploits0References2
OSV
OSV
added 2025/05/30 3:37 a.m.3 views

CVE-2025-47952 Traefik allows path traversal using url encoding

Traefik pronounced traffic is an HTTP reverse proxy and load balancer. Prior to versions 2.11.25 and 3.4.1, there is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a...

6.3CVSS6.4AI score0.00784EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/08/05 12:0 a.m.5 views

Nuxt 安全漏洞

Nuxt is a free open source framework from Nuxt Open Source. A security vulnerability exists in Nuxt versions prior to 1.4.5, which stems from incorrect proxy request path parsing, allowing an attacker to change the requested scheme and host, potentially leading to sensitive data disclosure...

8.6CVSS6.4AI score0.00648EPSS
Exploits0References2
OSV
OSV
added 2024/04/09 3:52 p.m.3 views

GHSA-V6F3-GH5H-MQWX DIRAC: Unauthorized users can read proxy contents during generation

Impact During the proxy generation process e.g., when using dirac-proxy-init it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then perform any action that is possible with the original proxy. This vulnerability only exists for a...

8.1CVSS5.7AI score0.00317EPSS
Exploits0References4
OSV
OSV
added 2021/09/27 4:46 p.m.4 views

USN-5090-2 apache2 vulnerabilities

USN-5090-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that the Apache HTTP Server incorrectly handled certain malformed requests. A remote attacker could possibly us...

9.8CVSS7.2AI score0.99999EPSS
Exploits5References4
RedHat Linux
RedHat Linux
added 2020/10/01 11:38 a.m.5 views

hawtio: server side request forgery via initial /proxy/ substring of a URI

Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI...

9.8CVSS5.9AI score0.26803EPSS
Exploits3References4
Rows per page
Query Builder