Lucene search
+L

193 matches found

hackerone
hackerone
added 2026/03/28 9:39 a.m.38 views

curl: CRLF Injection in HAProxy PROXY Protocol via CURLOPT_HAPROXY_CLIENT_IP allows IP spoofing and protocol injection

Summary: CURLOPTHAPROXYCLIENTIP introduced in curl 8.2.0 accepts arbitrary strings without any validation or sanitization before injecting them into the HAProxy PROXY protocol v1 header. An attacker who can influence the value passed to this option e.g., through a web application that proxies...

6.1AI score
Exploits0
osv
osv
added 2026/02/26 8:47 a.m.5 views

BIT-MONGODB-2026-1848 Connections received from the proxy port may not count towards total accepted connections

Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header...

8.2CVSS5.5AI score0.00263EPSS
Exploits0References2
nvd
nvd
added 2026/02/10 7:15 p.m.6 views

CVE-2026-1848

Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header...

8.2CVSS0.00263EPSS
Exploits0References1
osv
osv
added 2026/02/10 7:15 p.m.12 views

UBUNTU-CVE-2026-1848

Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header...

8.2CVSS5.8AI score0.00263EPSS
Exploits0References3
cve
cve
added 2026/02/10 6:22 p.m.27 views

CVE-2026-1848

CVE-2026-1848 affects a MongoDB component where connections received via the proxy port are not counted toward the total accepted connections while the proxy protocol header is pending. This can allow the server to reach resource limits, potentially causing crashes when the total connections exce...

8.2CVSS5.5AI score0.00263EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2026/02/10 6:22 p.m.29 views

CVE-2026-1848 Connections received from the proxy port may not count towards total accepted connections

Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header...

8.2CVSS0.00263EPSS
Exploits0References1
osv
osv
added 2026/02/10 6:22 p.m.4 views

CVE-2026-1848 Connections received from the proxy port may not count towards total accepted connections

Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header...

8.2CVSS7AI score0.00263EPSS
Exploits0References3
mongodb
mongodb
added 2026/02/10 6:22 p.m.12 views

Connections received from the proxy port may not count towards total accepted connections

Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header...

8.2CVSS5.5AI score0.00263EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2026/02/10 12:0 a.m.10 views

PT-2026-7421

Name of the Vulnerable Software and Affected Versions Connections affected versions not specified Description The system may not accurately count connections received through the proxy port, specifically when a proxy protocol header is present. This can lead to the server exceeding its connection...

8.2CVSS5.4AI score0.00263EPSS
Exploits0References8
vulnersosv
vulnersosv
added 2026/01/28 4:44 p.m.4 views

ap-proxy-client (>=0.3.0 <=0.8.0), ap-proxy-protocol (>=0.3.0 <=0.8.0) +2 more potentially affected by CVE-2026-24850 via ml-dsa (=0.0.4)

ml-dsa CARGO version =0.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on ml-dsa and may be impacted: - ap-proxy-client =0.3.0, =0.3.0, =0.1.0, =0.0.1-pre.0, =0.0.12 Source cves: CVE-2026-24850 Source advisory: OSV:GHSA-5X2R-HC65-25F9...

5.3CVSS5.4AI score0.00299EPSS
Exploits0
redhat
redhat
added 2026/01/19 12:18 a.m.5 views

undertow: Improper State Management in Proxy Protocol parsing causes information leakage

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...

7.5CVSS5.7AI score0.02644EPSS
Exploits0References4
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-1065

Malware in sbrugna...

4.9CVSS4.8AI score0.01871EPSS
Exploits0References12
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-23142

Malware in sbrugna...

8.8CVSS8.7AI score0.00974EPSS
Exploits0References5
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-20840

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00751EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-18750

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00448EPSS
Exploits0References1
redhat
redhat
added 2025/09/25 12:9 a.m.10 views

undertow: Improper State Management in Proxy Protocol parsing causes information leakage

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...

7.5CVSS5.7AI score0.02644EPSS
Exploits0References4
cvelist
cvelist
added 2025/09/15 9:18 p.m.14 views

CVE-2025-6947 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in SIP Proxy Configuration

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the SIP Proxy module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox...

4.8CVSS0.00341EPSS
Exploits0References1
nessus
nessus
added 2025/08/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2024-7885

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs whe...

7.5CVSS6.9AI score0.02644EPSS
Exploits0References2
nessus
nessus
added 2025/08/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2021-23351

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service DoS via the parseVersion1 function. The reader in this package is a...

4.9CVSS5.4AI score0.01871EPSS
Exploits0References2
nessus
nessus
added 2025/08/05 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-31698

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ACL configured in ipallow.config or remap.config does not use IP addresses that are provided by PROXY protocol. Users can use a new setting...

7.5CVSS5.8AI score0.00448EPSS
Exploits0References3
Rows per page
Query Builder