Lucene search
K

269 matches found

osv
osv
added 2025/02/20 10:18 p.m.10 views

GHSA-PP9M-QF39-HXJC S3-Proxy allows Reflected Cross-site Scripting (XSS) in template implementation

Summary A Reflected Cross-site Scripting XSS vulnerability enables attackers to create malicious URLs that, when visited, inject scripts into the web application. This can lead to session hijacking or phishing attacks on a trusted domain, posing a high risk to all users. Details Give all details ...

8.4CVSS5.7AI score0.00459EPSS
Exploits1References6
nvd
nvd
added 2025/02/13 11:15 p.m.10 views

CVE-2024-57782

An issue in Docker-proxy v18.09.0 allows attackers to cause a denial of service...

6.8CVSS0.00222EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/02/13 12:0 a.m.4 views

CVE-2024-57782

An issue in Docker-proxy v18.09.0 allows attackers to cause a denial of service...

6.5AI score0.00222EPSS
Exploits0References1
astralinux
astralinux
added 2025/02/11 7:35 a.m.3 views

Astra Linux – Vulnerability in PHP 8.2

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, and 8.3. before 8.3.14, when using streams with a configured proxy and the “requestfulluri” option, the URI is not properly sanitized. This can lead to HTTP request smuggling, allowing attackers to use the proxy to send arbitrary HTTP reques...

7.2CVSS6.4AI score0.01132EPSS
Exploits1References3
nvd
nvd
added 2024/12/19 7:15 p.m.13 views

CVE-2024-56200

Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server on which this...

8.6CVSS0.00579EPSS
Exploits0References3
redhat
redhat
added 2024/11/05 5:49 p.m.3 views

grpc: client communicating with a HTTP/2 proxy can poison the HPACK table between the proxy and the backend

A flaw was found in Google gRPC due to HPACK table poisoning between the proxy and backend so that other clients see failed requests, resulting in a denial of service. This occurs because the error status for a misencoded header is not cleared between header reads, resulting in subsequent...

6.3CVSS5.7AI score0.00224EPSS
Exploits1References5
bdu_fstec
bdu_fstec
added 2024/10/04 12:0 a.m.6 views

The vulnerability of HTTP servers for Ruby/Rack applications developed with Puma allows attackers to access confidential information.

The vulnerability of HTTP servers for Ruby/Rack applications developed with Puma involves the proxy server sending a response back to another unknown client. Exploiting this vulnerability allows an attacker operating remotely to gain access to confidential information...

3.7CVSS6.2AI score0.01119EPSS
Exploits0References5Affected Software4
cve
cve
added 2024/09/25 2:42 p.m.43 views

CVE-2024-30128

The vulnerability affects the HCL Nomad server on Domino . It is an open proxy flaw that allows an unauthenticated attacker to mask their original source IP address, potentially deceiving users into exposing sensitive information. Product/vendor/version details in the connected PT-2024-23201 entr...

8.6CVSS8.6AI score0.00375EPSS
Exploits0References1Affected Software1
cnnvd
cnnvd
added 2024/09/25 12:0 a.m.19 views

HCL Nomad 安全漏洞

HCL Nomad is an application for using and managing the Domino application development platform in mobile devices from HCL Corporation, USA. A security vulnerability exists in HCL Nomad, which stems from being affected by an open proxy vulnerability...

8.6CVSS6.8AI score0.00375EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2024/09/25 12:0 a.m.5 views

PT-2024-23201 · Hcl · Hcl Nomad Server

Name of the Vulnerable Software and Affected Versions: HCL Nomad server on Domino versions up to 1.0.12 Description: The HCL Nomad server on Domino is affected by an open proxy vulnerability, allowing an unauthenticated attacker to mask their original source IP address. This may enable an attacke...

8.6CVSS7.1AI score0.00375EPSS
Exploits0References9
cnvd
cnvd
added 2024/07/30 12:0 a.m.7 views

Apache Traffic Server Input Validation Error Vulnerability (CNVD-2024-35169)

Apache Traffic Server ATS is the United States Apache Apache Foundation's set of scalable HTTP proxy and caching server. Apache Traffic Server suffers from an input validation error vulnerability that stems from accepting characters that are not allowed by the HTTP field name and forwarding a...

7.5CVSS6.5AI score0.00987EPSS
Exploits0References1
redhat
redhat
added 2024/07/23 8:57 a.m.11 views

httpd: NULL pointer dereference in mod_proxy

A flaw was found in the modproxy module of httpd. A NULL pointer dereference can be triggered when processing a specially crafted HTTP request, causing the httpd server to crash, and resulting in a denial of service...

7.5CVSS7AI score0.03153EPSS
Exploits0References5
osv
osv
added 2024/03/18 9:36 p.m.9 views

CVE-2024-28249 Cilium has possible unencrypted traffic between nodes when using IPsec and L7 policies

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.13.13, 1.14.8, and 1.15.2, in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, IPsec-eligible traffic between a node's Envoy proxy and pods on other nodes is sen...

6.1CVSS6AI score0.00271EPSS
Exploits0References6
nvd
nvd
added 2024/03/12 7:15 p.m.34 views

CVE-2022-34321

Improper Authentication vulnerability in Apache Pulsar Proxy allows an attacker to connect to the /proxy-stats endpoint without authentication. The vulnerable endpoint exposes detailed statistics about live connections, along with the capability to modify the logging level of proxied connections...

8.2CVSS8.2AI score0.01765EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2024/03/12 12:0 a.m.5 views

PT-2024-2610 · Apache · Apache Pulsar

Name of the Vulnerable Software and Affected Versions: Apache Pulsar versions 2.6.0 through 2.10.5 Apache Pulsar versions 2.11.0 through 2.11.2 Apache Pulsar versions 3.0.0 through 3.0.1 Apache Pulsar version 3.1.0 Description: The issue is related to an improper authentication vulnerability in t...

8.5CVSS7.1AI score0.01765EPSS
Exploits0References13
ptsecurity
ptsecurity
added 2024/03/05 12:0 a.m.5 views

PT-2024-2415 · Artica · Artica Proxy

Name of the Vulnerable Software and Affected Versions: Artica-Proxy affected versions not specified Description: The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. ...

10CVSS9.7AI score0.8126EPSS
Exploits9References14
cnnvd
cnnvd
added 2024/01/29 12:0 a.m.5 views

Trend Micro uiAirSupport Security Vulnerability

Trend Micro uiAirSupport is a Trend Micro support tool for Trend Micro customers who subscribe to our Premium Services. A security vulnerability exists in Trend Micro uiAirSupport 6.0.2092 and prior versions, which stems from vulnerability to a DLL hijacking/proxy vulnerability that could be...

7.8CVSS6.7AI score0.00636EPSS
Exploits1References5
vulnrichment
vulnrichment
added 2024/01/08 10:0 a.m.6 views

CVE-2024-0308 Inis Proxy.php server-side request forgery

A vulnerability was found in Inis up to 2.0.1. It has been rated as critical. This issue affects some unknown processing of the file app/api/controller/default/Proxy.php. The manipulation of the argument purl leads to server-side request forgery. The attack may be initiated remotely. The exploit...

6.5CVSS8.8AI score0.00482EPSS
Exploits0References3
osv
osv
added 2023/12/08 8:4 p.m.6 views

CVE-2023-49782 Cross-Site-Scripting vulnerability in error message passing in richdocumentscode

Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online - Built-in CODE Server app can be vulnerable to attack via proxy.php. The bug was fixed in Collabora Online - Built-in CODE Server richdocumentscode release 23.5.601...

7.1CVSS6.9AI score0.0041EPSS
Exploits0References4
osv
osv
added 2023/12/01 10:2 p.m.2 views

CVE-2023-48314 Unescaped passing of the request URL in Collabora Online

Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online - Built-in CODE Server richdocumentscode...

7.1CVSS6.9AI score0.00406EPSS
Exploits0References3
Rows per page
Query Builder