Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Github Security Blog
Github Security Blogadded 6 days ago12 views

http-proxy-middleware `router` host+path substring matching allows Host-header-driven backend routing bypass

Summary http-proxy-middleware documents router proxy-table entries as host, path, or host+path selectors, but the host+path implementation uses unanchored substring matching on attacker-controlled request metadata. As a result, a crafted Host header that is only a superstring match for a configur...

6.9CVSS5.6AI score0.00395EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologiesadded 6 days ago11 views

PT-2026-50734

Name of the Vulnerable Software and Affected Versions http-proxy-middleware versions 0.16.0 through 2.0.9 http-proxy-middleware versions 3.0.0 through 3.0.5 http-proxy-middleware versions 4.0.0 through 4.0.9 Description An issue exists in the router proxy-table implementation where host+path...

6.9CVSS5.9AI score0.00395EPSS
Exploits0References4
CNNVD
CNNVDadded 2025/03/31 12:0 a.m.2 views

NETGEAR WNR854T 安全漏洞

The NETGEAR WNR854T is a wireless router from NETGEAR. A command execution vulnerability exists in the NETGEAR WNR854T version 1.5.2, which stems from the nvram parameter of wanhostname failing to properly filter constructed command special characters, commands, and so on. An attacker can exploit...

9.8CVSS7.3AI score0.01579EPSS
Exploits1References1
Exploit DB
Exploit DBadded 2023/04/01 12:0 a.m.162 views

Nexxt Router Firmware 42.103.1.5095 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Nexxt Router Firmware 42.103.1.5095 - Remote Code Executio= n RCE Authenticated Date: 19/10/2022 Exploit Author: Yerodin Richards Vendor Homepage: https://www.nexxtsolutions.com/ Version: 42.103.1.5095 Tested on: ARN02304U8 CVE : CVE-2022-44149 import requests import base64...

8.8CVSS8.9AI score0.64354EPSS
Exploits5
0day.today
0day.todayadded 2018/03/23 12:0 a.m.53 views

TL-WR720N 150Mbps Wireless N Router - Cross-Site Request Forgery Vulnerability

Exploit for hardware platform in category web applications / Exploit Title: TL-WR720N 150Mbps Wireless N Router - CSRF Date: 21-3-2018 Exploit Author: Mans van Someren Vendor Homepage: https://www.tp-link.com/ Software Link: https://static.tp-link.com/resources/software/TL-WR720NV1130719.zip...

0.2AI score
Exploits0
OpenVAS
OpenVASadded 2017/03/23 12:0 a.m.23 views

Cisco Application-Hosting Framework Directory Traversal Vulnerability

A vulnerability in the web framework code of the Cisco application-hosting framework CAF component of the Cisco IOx application environment could allow an unauthenticated, remote attacker to read any file from the CAF in the virtual instance running on the affected device. SPDX-FileCopyrightText:...

7.5CVSS7.6AI score0.05207EPSS
Exploits0References1
Rows per page
Query Builder