AnythingLLM SQL Injection Vulnerability

AnythingLLM is an all-in-one AI application open-sourced by Mintplex. AnythingLLM SQL injection vulnerability , the vulnerability stems from the built-in SQL proxy plug-in getTableSchemaSql method of the tablename parameter lack of validation of external input SQL statements , an attacker can use...

Security update for coredns (important)

openSUSE Security Update: Security update for coredns Announcement ID: openSUSE-SU-2026:0032-1 Rating: important References: 1255345 Cross-References: CVE-2025-61726 CVE-2025-61728 CVE-2025-61731 CVE-2025-68119 CVE-2025-68121 CVE-2025-68156 CVSS scores: CVE-2025-61726 SUSE: 6.9...

CVE-2026-21962

Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware component: Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server Proxy Plug-in for IIS. Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0...

CVE-2025-53950

An Exposure of Private Personal Information 'Privacy Violation' vulnerability CWE-359 in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS and Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1. through 11.1.2 and 11.0.1 and 10.5.1 and...

CVE-2025-53951

The CVE-2025-53951 entry documents a Path Traversal in Fortinet FortiDLP Agent’s Outlookproxy plugin for Windows, affecting multiple versions from 10.3.1 up through 11.5.1. The root cause is improper limitation of a pathname to a restricted directory, allowing an authenticated attacker to escalat...

EUVD-2003-1210

Malware in sbrugna...

CVE-2024-56026 WordPress Simple Proxy plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Greg Priday Simple Proxy allows Reflected XSS.This issue affects Simple Proxy: from n/a through 1.0...

GHSA-G9PH-J5VJ-F8WM Potential access to sensitive URLs via CKAN extensions (SSRF)

Impact There are a number of CKAN plugins, including XLoader, DataPusher, Resource proxy and ckanext-archiver, that work by downloading the contents of local or remote files in order to perform some actions with their contents e.g. pushing to the DataStore, streaming contents or saving a local...

CVE-2024-43371 Potential access to sensitive URLs via CKAN extensions (SSRF)

CKAN is an open-source data management system for powering data hubs and data portals. There are a number of CKAN plugins, including XLoader, DataPusher, Resource proxy and ckanext-archiver, that work by downloading the contents of local or remote files in order to perform some actions with their...

MAL-2024-1553 Malicious code in @ing-caf/cdn-proxy-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 24ccbe0b13f81d2fe8d285bab144167d33f7b4e167833ebf615411db6d318eb6 The OpenSSF Package Analysis project identified '@ing-caf/cdn-proxy-plugin' @ 200.0.2 npm as malicious. It is considered malicious because: - Th...

CVE-2021-21322

fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is /pub/, a user expect that accessin...

Code injection

Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service web server crash via a crafted URL...

CVE-2008-0903

Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service web server crash via a crafted URL...

CVE-2008-0903

CVE-2008-0903 affects BEA WebLogic Server and Express proxy plugin. A visible, unspecified vulnerability in these components (pre-November 2007, and pre-9.2 MP3/10.0 MP2) could be exploited remotely to cause a denial of service (web server crash) via a crafted URL. The connected records confirm t...

Solaris 5.9 (sparc) : 117875-05

Application Server 7.1: Proxy Plugin Patch. Date this patch was last updated by Sun : Feb/27/06 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security, Inc. if !...

Solaris 8 (sparc) : 116292-14

Sun One Application Server 7.0: Proxy Plugin Patch. Date this patch was last updated by Sun : Oct/08/04 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'...

CVE-2003-1220

BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service proxy plugin crash via a malformed URL...

CVE-2003-1220

BEA WebLogic Server proxy plugin for BEA WebLogic Express and WebLogic Server 6.1–8.1 SP1 is affected by a DoS vulnerability where a malformed URL can crash the proxy plugin. Product/versions: BEA WebLogic Server proxy plugin for WebLogic Express and Server 6.1 through 8.1 SP1. Root cause: handli...

CVE-2003-1220

BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service proxy plugin crash via a malformed URL...