CVE-2025-49596 MCP Inspector proxy server lacks authentication between the Inspector client and proxy

The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio...

Metasploit Wrap-Up 05/30/2025

The internet is a series of Tube SOCKS Metasploit has supported SOCKS proxies for years now, being able to both act as both a client by setting the Proxies datastore option and a server by running the auxiliary/server/socksproxy module. While Metasploit has supported both SOCKS versions 4a and 5,...

CVE-2024-36038

Zoho ManageEngine ITOM products versions from 128234 to 128248 are affected by the stored cross-site scripting vulnerability in the proxy server option...

CVE-2023-32111

In SAP PowerDesigner Proxy - version 16.7, an attacker can send a crafted request from a remote host to the proxy machine and crash the proxy server, due to faulty implementation of memory management causing a memory corruption. This leads to a high impact on availability of the application...

CVE-2022-28815

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy server was discovered to contain a SQL injection vulnerability allowing an attacker to query other tables of the Sentilo service...

CVE-2019-9867

An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator...

CVE-2011-4661

A memory leak vulnerability exists in Cisco IOS before 15.21T due to a memory leak in the HTTP PROXY Server process aka CSCtu52820, when configured with Cisco ISR Web Security with Cisco ScanSafe and User Authenticaiton NTLM configured...

CVE-2007-6460

Multiple cross-site scripting XSS vulnerabilities in Anon Proxy Server before 0.101 allow remote attackers to inject arbitrary web script or HTML via the URI, which is later displayed by 1 log.php or 2 logerror.php, a different vulnerability than CVE-2007-6459...

CVE-2005-2868

ZipTorrent 1.3.7.3 stores sensitive information in plaintext in the pref.txt file, which allows local users to obtain sensitive information such as proxy server information and passwords...

CVE-1999-0471

The remote proxy server in Winroute allows a remote attacker to reconfigure the proxy without authentication through the "cancel" button...

The vulnerability in the implementation of the TACACS+ protocol for the proxy server used by FortiProxy, as well as the local management platform FortiSwitchManager and the operating system FortiOS, allows a perpetrator to bypass authentication procedures and gain access to the device.

The vulnerability of the TACACS+ protocol implementation of the proxy server used to protect FortiProxy against internet attacks, as well as the FortiSwitchManager local management platform and the FortiOS operating system, is related to the absence of authentication for a critical function...

Malicious code in ts-runtime-compat-check (npm)

The npm package ts-runtime-compat-check is a malicious package that functions as a key component in a remote code execution attack chain. This package: 1. Contains a postinstall script that executes lib/install.js 2. The install script makes HTTP requests to a server specified by an environment...

RLSA-2024:1375 Important: squid:4 security update

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: denial of service in HTTP header parser CVE-2024-25617 squid: Denial of Service in HTTP Chunked Decoding CVE-2024-25111 squid: denial of service in HTTP request...

The vulnerabilities of the FortiOS graphical interface, the FortiProxy proxy server for protecting against internet attacks, and the scalable cloud-based security system FortiSASE allow attackers to execute arbitrary code.

The vulnerability of the FortiOS graphical interface, the FortiProxy proxy server for protecting against internet attacks, and the scalable cloud-based security system FortiSASE are related to the failure to handle CRLF sequences in HTTP headers. Exploiting this vulnerability allows a remote...

Sensitive Information Disclosure

LiteLLM is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper error handling due to an issue in proxyserver.py that leaks Langfuse API keys when an error occurs while parsing team settings, potentially exposing full access to stored requests...

ALSA-2025:3261 Moderate: nginx:1.22 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: specially crafted MP4 file may cause denial of service CVE-2024-7347 For more details about the security issues, including the impact, a...

CVE-2025-0330

In berriai/litellm version v1.52.1, an issue in proxyserver.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information, including langfusesecret and langfusepublickey, which can provide full access to the Langfuse...

Exposure of Sensitive Information Through Metadata

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Metadata due to an issue in proxyserver.py. An attacker can obtain sensitive information, including API keys, by triggering error...

GHSA-879V-FGGM-VXW2 LiteLLM Has a Leakage of Langfuse API Keys

In berriai/litellm version v1.52.1, an issue in proxyserver.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information, including langfusesecret and langfusepublickey, which can provide full access to the Langfuse...

CVE-2024-10264

HTTP Request Smuggling vulnerability in netease-youdao/qanything version 1.4.1 allows attackers to exploit inconsistencies in the interpretation of HTTP requests between a proxy and a server. This can lead to unauthorized access, bypassing security controls, session hijacking, data leakage, and...