72 matches found
PT-2026-3247
Name of the Vulnerable Software and Affected Versions The Librarian affected versions not specified Description The Librarian software has an information leakage issue stemming from the web fetch tool. This allows an attacker to retrieve arbitrary external content, potentially using The Librarian...
CVE-2025-60534
CVE-2025-60534 affects Blue Access Cobalt v02.000.195. The issue is an authentication bypass that lets an attacker selectively proxy requests to operate functionality in the web application without valid credentials. Primary impact is high (CVSS: 9.8, Network attacker, no privileges required, no ...
PT-2026-1461
Name of the Vulnerable Software and Affected Versions Blue Access Cobalt version 02.000.195 Description Blue Access Cobalt version 02.000.195 is subject to an authentication bypass. This allows an attacker to selectively proxy requests to operate functionality within the web application without...
EulerOS Virtualization 2.13.0 : httpd (EulerOS-SA-2025-2578)
According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of...
EUVD-2021-26863
Malware in sbrugna...
EUVD-2023-51019
Malicious code in bioql PyPI...
EUVD-2024-54774
Malicious code in bioql PyPI...
K000152924: Apache HTTP Server vulnerability CVE-2024-43204
Security Advisory Description SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where modheaders is configured to modify the Content-Type request or response header with a valu...
USN-7639-1: Apache HTTP Server vulnerabilities
It was discovered that the Apache HTTP Server incorrectly handled certain Content-Type response headers. A remote attacker could possibly use this issue to perform HTTP response splitting attacks. CVE-2024-42516 xiaojunjie discovered that the Apache HTTP Server modproxy module incorrectly handled...
USN-7639-1 apache2 vulnerabilities
It was discovered that the Apache HTTP Server incorrectly handled certain Content-Type response headers. A remote attacker could possibly use this issue to perform HTTP response splitting attacks. CVE-2024-42516 xiaojunjie discovered that the Apache HTTP Server modproxy module incorrectly handled...
CVE-2024-43204
SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where modheaders is configured to modify the Content-Type request or response header with a value provided in the HTTP request...
CVE-2024-43204
SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where modheaders is configured to modify the Content-Type request or response header with a value provided in the HTTP request...
ALPINE-CVE-2024-43204
SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where modheaders is configured to modify the Content-Type request or response header with a value provided in the HTTP request...
CVE-2024-43204 Apache HTTP Server: SSRF with mod_headers setting Content-Type header
SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where modheaders is configured to modify the Content-Type request or response header with a value provided in the HTTP request...
CVE-2024-43204
CVE-2024-43204 affects Apache HTTP Server when mod_proxy is loaded. The vulnerability permits SSRF by sending outbound proxy requests to a URL controlled by the attacker, requiring an unlikely configuration in which mod_headers modifies the Content-Type header with a value provided in the HTTP re...
CVE-2025-47791
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 28.0.13, 29.0.10, and 30.0.3 and Nextcloud Enterprise Server prior to 28.0.13, 29.0.10, and 30.0.3, a currently unused endpoint to verify a share recipient was not protected correctly, allowing to proxy requests...
CVE-2025-47791
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 28.0.13, 29.0.10, and 30.0.3 and Nextcloud Enterprise Server prior to 28.0.13, 29.0.10, and 30.0.3, a currently unused endpoint to verify a share recipient was not protected correctly, allowing to proxy requests...
CVE-2025-47791 Nextcloud Server's test remote endpoint is not rate limited
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 28.0.13, 29.0.10, and 30.0.3 and Nextcloud Enterprise Server prior to 28.0.13, 29.0.10, and 30.0.3, a currently unused endpoint to verify a share recipient was not protected correctly, allowing to proxy requests...
Nextcloud 代码问题漏洞
Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A code issue vulnerability exists in Nextcloud versions prior to 28.0.13, prior to 29.0.10, and prior to 30.0.3, which stems from not properly securing a...
CVE-2025-24472
An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote unauthenticated attacker with prior knowledge of upstream and downstream devices serial numbers to...