193 matches found
curl: CRLF Injection in HAProxy PROXY Protocol via CURLOPT_HAPROXY_CLIENT_IP allows IP spoofing and protocol injection
Summary: CURLOPTHAPROXYCLIENTIP introduced in curl 8.2.0 accepts arbitrary strings without any validation or sanitization before injecting them into the HAProxy PROXY protocol v1 header. An attacker who can influence the value passed to this option e.g., through a web application that proxies...
BIT-MONGODB-2026-1848 Connections received from the proxy port may not count towards total accepted connections
Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header...
CVE-2026-1848
Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header...
UBUNTU-CVE-2026-1848
Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header...
CVE-2026-1848
CVE-2026-1848 affects a MongoDB component where connections received via the proxy port are not counted toward the total accepted connections while the proxy protocol header is pending. This can allow the server to reach resource limits, potentially causing crashes when the total connections exce...
CVE-2026-1848 Connections received from the proxy port may not count towards total accepted connections
Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header...
CVE-2026-1848 Connections received from the proxy port may not count towards total accepted connections
Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header...
Connections received from the proxy port may not count towards total accepted connections
Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header...
PT-2026-7421
Name of the Vulnerable Software and Affected Versions Connections affected versions not specified Description The system may not accurately count connections received through the proxy port, specifically when a proxy protocol header is present. This can lead to the server exceeding its connection...
ap-proxy-client (>=0.3.0 <=0.8.0), ap-proxy-protocol (>=0.3.0 <=0.8.0) +2 more potentially affected by CVE-2026-24850 via ml-dsa (=0.0.4)
ml-dsa CARGO version =0.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on ml-dsa and may be impacted: - ap-proxy-client =0.3.0, =0.3.0, =0.1.0, =0.0.1-pre.0, =0.0.12 Source cves: CVE-2026-24850 Source advisory: OSV:GHSA-5X2R-HC65-25F9...
undertow: Improper State Management in Proxy Protocol parsing causes information leakage
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...
EUVD-2021-1065
Malware in sbrugna...
EUVD-2020-23142
Malware in sbrugna...
EUVD-2024-20840
Malicious code in bioql PyPI...
EUVD-2025-18750
Malicious code in bioql PyPI...
undertow: Improper State Management in Proxy Protocol parsing causes information leakage
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...
CVE-2025-6947 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in SIP Proxy Configuration
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the SIP Proxy module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox...
Linux Distros Unpatched Vulnerability : CVE-2024-7885
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs whe...
Linux Distros Unpatched Vulnerability : CVE-2021-23351
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service DoS via the parseVersion1 function. The reader in this package is a...
Linux Distros Unpatched Vulnerability : CVE-2025-31698
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ACL configured in ipallow.config or remap.config does not use IP addresses that are provided by PROXY protocol. Users can use a new setting...