5 matches found
CVE-2026-45568 zrok Python ProxyShare can be used as an SSRF proxy through absolute URL paths
zrok is software for sharing web services, files, and network resources. Prior to 2.0.3, zrok's Python SDK ProxyShare Flask proxy route accepts an absolute URL in the request path and passes it to urllib.parse.urljoin, allowing the requested path to replace the configured target host and causing...
PT-2026-41957
Name of the Vulnerable Software and Affected Versions zrok versions 0.4.47 through 1.1.11 Description The ProxyShare feature in the Python SDK is susceptible to Server-Side Request Forgery SSRF, a flaw where a server is tricked into making requests to an unintended destination. This occurs becaus...
CVE-2025-67485
mad-proxy is a Python-based HTTP/HTTPS proxy server for detection and blocking of malicious web activity using custom security policies. Versions 0.3 and below allow attackers to bypass HTTP/HTTPS traffic interception rules, potentially exposing sensitive traffic. This issue does not have a fix a...
CVE-2025-67485 HTTP/HTTPS Traffic Interception Bypass in mad-proxy
mad-proxy is a Python-based HTTP/HTTPS proxy server for detection and blocking of malicious web activity using custom security policies. Versions 0.3 and below allow attackers to bypass HTTP/HTTPS traffic interception rules, potentially exposing sensitive traffic. This issue does not have a fix a...
PT-2025-50296
Name of the Vulnerable Software and Affected Versions mad-proxy versions 0.3 and below Description mad-proxy is a Python-based HTTP/HTTPS proxy server designed for detecting and blocking malicious web activity through custom security policies. Versions 0.3 and below permit attackers to circumvent...