CVE-2026-44652

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, corsProxyMiddleware forwards req.params.url directly into fetchurl, .... It only blocks circular...

capstone-poc

Capstone Proof of Concept 1. Create the UI using the run fu...

EUVD-2026-4809

A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF Carriage Return Line Feed Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing ...

EUVD-2023-43661

Malicious code in bioql PyPI...

CVE-2025-47910

CVE-2025-47910 — Normal (detailed) The connected sources confirm a vulnerability in Go’s net/http CrossOriginProtection: the AddInsecureBypassPattern can bypass more requests than intended, causing CrossOriginProtection to skip validation while forwarding the original request path. This may allow...

CVE-2025-47910 CrossOriginProtection insecure bypass patterns not limited to exact matches in net/http

When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections...

Google Go 安全漏洞

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google USA. A security vulnerability exists in Google Go that stems from the AddInsecureBypassPattern method that may accidentally bypass more requests, resulting in skipping authenticati...

SUSE CVE-2025-47910

When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections...

CVE-2023-39967

WireMock is a tool for mocking HTTP services. When certain request URLs like “@127.0.0.1:1234" are used in WireMock Studio configuration fields, the request might be forwarded to an arbitrary service reachable from WireMock’s instance. There are 3 identified potential attack vectors: via...

Ubuntu: Security Advisory (USN-7161-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Incorrect Input Validation

Apache Traffic Server is vulnerable to Incorrect Input Validation. The vulnerability is caused due to Invalid Accept-Encoding header. This can lead to fail cache lookup and force forwarding requests...

CVE-2024-35296 Apache Traffic Server: Invalid Accept-Encoding can force forwarding requests

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue...

CVE-2024-0387

The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious requests...

WireMock Code Issue Vulnerability

WireMock is a popular open source tool for API mock testing open source by WireMock. A code issue vulnerability exists in WireMock that stems from the fact that when certain request URLs are used in WireMock Studio configuration fields, the request may be forwarded to an arbitrary service...

CVE-2022-2880

CVE-2022-2880 affects golang under the net/http/httputil ReverseProxy: requests forwarded may include raw/unparsable inbound query parameters, enabling query parameter smuggling if the proxy forwards such values. The issue is mitigated by the fix that sanitizes forwarded query parameters when the...

Apache Shiro 授权问题漏洞

Apache Shiro is a Java security framework with authentication, access authorization, data encryption, session management, etc. An authentication bypass vulnerability exists in Apache Shiro, which is caused when requests are forwarded or requests are included via the RequestDispatcher interface, a...

IBM TRIRIGA Application Platform HTTP Request Forwarding Vulnerability

The IBM TRIRIGA Application Platform is a set of technology platforms for deploying TRIRIGA applications from IBM in the United States. The platform provides a set of design-time and run-time components for building and running its enterprise applications, respectively, and supports...