268 matches found
PT-2026-27471
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, Wallos endpoints/logos/search.php accepts HTTP PROXY and HTTPS PROXY environment variables without validation, enabling SSRF via proxy hijacking. The server performs DNS resolution on user-supplied sear...
CVE-2026-30886 New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.11.4-alpha.2, an Insecure Direct Object Reference IDOR vulnerability in the video proxy endpoint GET /v1/videos/:taskid/content allows any authenticated user to access video...
CVE-2026-32627 cpp-httplib has a Silent TLS Certificate Verification Bypass on HTTPS Redirect via Proxy
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-httplib client is configured with a proxy and setfollowlocationtrue, any HTTPS redirect it follows will have TLS certificate and hostname verification silently disabled on the new...
Unintended Proxy or Intermediary ('Confused Deputy')
Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' due to improper preservation of authentication context in the RestartAction function. An attacker can gain unauthorized access to execute privileged shell actions by exploiting the...
GHSA-F9V3-J2M7-4HPG Duplicate Advisory: HTTP Request Smuggling via Premature Upgrade
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xq2h-p299-vjwv. This link is maintained to preserve external references. Original Description An HTTP request smuggling vulnerability CWE-444 was found in Pingora's handling of HTTP/1.1 connection upgrades. The...
WorldQuant Alpha Generator 代码问题漏洞
WorldQuant Alpha Generator is a mining software developed by zhutoutoutousan. Versions of WorldQuant Alpha Generator 1.0.9 and earlier have code vulnerabilities. These vulnerabilities stem from incorrect operations with the parameter makerequest in the file...
UBUNTU-CVE-2026-1642
A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security TLS servers. An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data in...
CRLF Injection
Overview Affected versions of this package are vulnerable to CRLF Injection via the Host header processing when an HTTP proxy is configured. An attacker can cause unintended or unauthorized HTTP requests to be forwarded by injecting additional HTTP headers or request bodies by supplying specially...
PT-2026-3510
Name of the Vulnerable Software and Affected Versions Arcane versions prior to 1.13.2 Description Arcane, an interface for managing Docker containers, images, networks, and volumes, had a flaw where unauthenticated requests could be forwarded to remote environment agents, granting access to remot...
MiracleLinux 7 : curl-7.29.0-25.0.1.el7.AXS7 (AXSA:2015-843:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-843:01 advisory. curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FIL...
CVE-2025-64123
Unintended Proxy or Intermediary vulnerability in Nuvation Energy Multi-Stack Controller MSC allows Network Boundary Bridging.This issue affects Multi-Stack Controller MSC: through and including release 2.5.1...
CVE-2025-64123
Unintended Proxy or Intermediary vulnerability in Nuvation Energy Multi-Stack Controller MSC allows Network Boundary Bridging.This issue affects Multi-Stack Controller MSC: through and including release 2.5.1...
EUVD-2025-204534
igmpproxy 0.4 before commit 2b30c36 allows remote attackers to cause a denial of service application crash via a crafted IGMPv3 membership report packet with a malicious source address. Due to insufficient validation in the recvigmp function in src/igmpproxy.c, an invalid group record type can...
CVE-2025-67485
mad-proxy is a Python-based HTTP/HTTPS proxy server for detection and blocking of malicious web activity using custom security policies. Versions 0.3 and below allow attackers to bypass HTTP/HTTPS traffic interception rules, potentially exposing sensitive traffic. This issue does not have a fix a...
CVE-2025-13588
The CVE-2025-13588 affects lKinderBueno Streamity Xtream IPTV Player up to version 2.8. The vulnerable element is an unknown function in public/proxy.php, leading to server-side request forgery (SSRF) that can be triggered remotely. Public exploitation exists, with CVSS-derived notes indicating n...
CVE-2025-25255
The CVE-2025-25255 entry describes an Improperly Implemented Security Check for Standard vulnerability (CWE-358) in Fortinet FortiOS 7.6.0–7.6.3 and FortiProxy 7.6.0–7.6.3, FortiProxy 7.4.0–7.4.11, FortiProxy 7.2 all versions, and FortiProxy 7.0.1–7.0.22. The issue allows an unauthenticated proxy...
EUVD-2021-0997
Malware in sbrugna...
EUVD-2021-21072
Malware in sbrugna...
EUVD-2019-10374
Malware in sbrugna...
EUVD-2005-2730
Malware in sbrugna...