Lucene search
K

268 matches found

Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.5 views

PT-2026-27471

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, Wallos endpoints/logos/search.php accepts HTTP PROXY and HTTPS PROXY environment variables without validation, enabling SSRF via proxy hijacking. The server performs DNS resolution on user-supplied sear...

8.3CVSS5.8AI score0.00369EPSS
Exploits1References3
OSV
OSV
added 2026/03/23 7:18 p.m.3 views

CVE-2026-30886 New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.11.4-alpha.2, an Insecure Direct Object Reference IDOR vulnerability in the video proxy endpoint GET /v1/videos/:taskid/content allows any authenticated user to access video...

6.5CVSS6.4AI score0.00274EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/13 8:48 p.m.33 views

CVE-2026-32627 cpp-httplib has a Silent TLS Certificate Verification Bypass on HTTPS Redirect via Proxy

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-httplib client is configured with a proxy and setfollowlocationtrue, any HTTPS redirect it follows will have TLS certificate and hostname verification silently disabled on the new...

8.7CVSS0.00179EPSS
Exploits1References1
Snyk
Snyk
added 2026/03/05 8:53 p.m.2 views

Unintended Proxy or Intermediary ('Confused Deputy')

Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' due to improper preservation of authentication context in the RestartAction function. An attacker can gain unauthorized access to execute privileged shell actions by exploiting the...

6.3CVSS5.9AI score0.00414EPSS
Exploits1References3
OSV
OSV
added 2026/03/05 12:31 a.m.5 views

GHSA-F9V3-J2M7-4HPG Duplicate Advisory: HTTP Request Smuggling via Premature Upgrade

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xq2h-p299-vjwv. This link is maintained to preserve external references. Original Description An HTTP request smuggling vulnerability CWE-444 was found in Pingora's handling of HTTP/1.1 connection upgrades. The...

9.3CVSS5.8AI score0.00666EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.9 views

WorldQuant Alpha Generator 代码问题漏洞

WorldQuant Alpha Generator is a mining software developed by zhutoutoutousan. Versions of WorldQuant Alpha Generator 1.0.9 and earlier have code vulnerabilities. These vulnerabilities stem from incorrect operations with the parameter makerequest in the file...

6.3CVSS6.3AI score0.00354EPSS
Exploits0References6
OSV
OSV
added 2026/02/04 3:16 p.m.5 views

UBUNTU-CVE-2026-1642

A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security TLS servers. An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data in...

8.2CVSS5.8AI score0.00339EPSS
Exploits0References6
Snyk
Snyk
added 2026/01/27 12:0 a.m.5 views

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the Host header processing when an HTTP proxy is configured. An attacker can cause unintended or unauthorized HTTP requests to be forwarded by injecting additional HTTP headers or request bodies by supplying specially...

6.1CVSS6AI score0.00312EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/19 12:0 a.m.19 views

PT-2026-3510

Name of the Vulnerable Software and Affected Versions Arcane versions prior to 1.13.2 Description Arcane, an interface for managing Docker containers, images, networks, and volumes, had a flaw where unauthenticated requests could be forwarded to remote environment agents, granting access to remot...

9.8CVSS5.8AI score0.00445EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

MiracleLinux 7 : curl-7.29.0-25.0.1.el7.AXS7 (AXSA:2015-843:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-843:01 advisory. curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FIL...

5CVSS7.7AI score0.17942EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/03 10:4 p.m.24 views

CVE-2025-64123

Unintended Proxy or Intermediary vulnerability in Nuvation Energy Multi-Stack Controller MSC allows Network Boundary Bridging.This issue affects Multi-Stack Controller MSC: through and including release 2.5.1...

7.9CVSS7AI score0.00274EPSS
Exploits0References1
OSV
OSV
added 2026/01/02 10:15 p.m.5 views

CVE-2025-64123

Unintended Proxy or Intermediary vulnerability in Nuvation Energy Multi-Stack Controller MSC allows Network Boundary Bridging.This issue affects Multi-Stack Controller MSC: through and including release 2.5.1...

9.8CVSS5.8AI score0.0036EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/19 3:31 p.m.6 views

EUVD-2025-204534

igmpproxy 0.4 before commit 2b30c36 allows remote attackers to cause a denial of service application crash via a crafted IGMPv3 membership report packet with a malicious source address. Due to insufficient validation in the recvigmp function in src/igmpproxy.c, an invalid group record type can...

7.5CVSS6.2AI score0.0044EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/12/16 1:48 p.m.4 views

CVE-2025-67485

mad-proxy is a Python-based HTTP/HTTPS proxy server for detection and blocking of malicious web activity using custom security policies. Versions 0.3 and below allow attackers to bypass HTTP/HTTPS traffic interception rules, potentially exposing sensitive traffic. This issue does not have a fix a...

5.3CVSS6.5AI score0.00208EPSS
Exploits0References1
CVE
CVE
added 2025/11/24 6:32 a.m.16 views

CVE-2025-13588

The CVE-2025-13588 affects lKinderBueno Streamity Xtream IPTV Player up to version 2.8. The vulnerable element is an unknown function in public/proxy.php, leading to server-side request forgery (SSRF) that can be triggered remotely. Public exploitation exists, with CVSS-derived notes indicating n...

6.5CVSS6.5AI score0.00218EPSS
Exploits0References6
CVE
CVE
added 2025/10/14 3:23 p.m.20 views

CVE-2025-25255

The CVE-2025-25255 entry describes an Improperly Implemented Security Check for Standard vulnerability (CWE-358) in Fortinet FortiOS 7.6.0–7.6.3 and FortiProxy 7.6.0–7.6.3, FortiProxy 7.4.0–7.4.11, FortiProxy 7.2 all versions, and FortiProxy 7.0.1–7.0.22. The issue allows an unauthenticated proxy...

5.3CVSS6.2AI score0.00402EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-0997

Malware in sbrugna...

9.8CVSS9.3AI score0.02264EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-21072

Malware in sbrugna...

7.2CVSS7AI score0.01516EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-10374

Malware in sbrugna...

8.6CVSS8.2AI score0.01772EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2005-2730

Malware in sbrugna...

7.5CVSS6.4AI score0.06561EPSS
Exploits0References5
Rows per page
Query Builder