5489 matches found
CVE-2026-55602
A flaw was found in http-proxy-middleware before 2.0.10, 3.0.6, and 4.1.0. Router proxy-table host+path matching uses unanchored substring comparison on the Host header, so a crafted Host value that superstring-matches a configured key can route requests to an unintended backend. Mitigation Upgra...
CVE-2026-52926
A flaw was found in the Linux kernel's batman-adv module, which is responsible for managing mesh networks. When a mesh network is being shut down, the system fails to properly clear the active gateway information. This leaves outdated network configuration data, which can prevent the mesh network...
CVE-2026-52925
A flaw was found in the Linux kernel's Virtual Routing and Forwarding VRF functionality. When a network device is removed from a VRF, a lack of proper synchronization can lead to a Null Pointer Dereference NPD. This issue can be triggered by a local user, potentially causing the system to crash,...
EUVD-2026-38728
In the Linux kernel, the following vulnerability has been resolved: vrf: Fix a potential NPD when removing a port from a VRF RCU readers that identified a net device as a VRF port using netifisl3slave assume that a subsequent call to netdevmasterupperdevgetrcu will return a VRF device. They then...
CVE-2026-55602
CVE-2026-55602 affects http-proxy-middleware where host+path router keys use unanchored substring matching, enabling Host header-based routing bypass. From 0.16.0 through 2.0.10, 3.0.6, and 4.1.0 only, a crafted Host header that forms a superstring with a configured host+path key can route to an ...
CVE-2026-55602
http-proxy-middleware is node.js http-proxy middleware. From 0.16.0 until 2.0.10, 3.0.6, and 4.1.0, http-proxy-middleware documents router proxy-table entries as host, path, or host+path selectors, but the host+path implementation uses unanchored substring matching on attacker-controlled request...
CVE-2026-55602 http-proxy-middleware `router` host+path substring matching allows Host-header-driven backend routing bypass
http-proxy-middleware is node.js http-proxy middleware. From 0.16.0 until 2.0.10, 3.0.6, and 4.1.0, http-proxy-middleware documents router proxy-table entries as host, path, or host+path selectors, but the host+path implementation uses unanchored substring matching on attacker-controlled request...
CVE-2026-48772
A flaw was found in ProxySQL, a proxy for MySQL and its forks, as well as PostgreSQL. A remote attacker can exploit this vulnerability by sending a specially crafted PROXY protocol version 1 PP1 header with an 'UNKNOWN' protocol token. Despite the specification requiring these address fields to b...
kernel: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows
A flaw was found in the Linux kernel. A local attacker can exploit an out-of-bounds write vulnerability when the kernel recomputes an IPv6 Source Routing Header SRH. This issue occurs because insufficient headroom is reserved during the recompression process, leading to memory corruption...
kernel: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows
A flaw was found in the Linux kernel. A local attacker can exploit an out-of-bounds write vulnerability when the kernel recomputes an IPv6 Source Routing Header SRH. This issue occurs because insufficient headroom is reserved during the recompression process, leading to memory corruption...
Improper Request Routing
http-proxy-middleware is vulnerable to improper request routing. The vulnerability is due to unanchored substring matching in the host+path router selector logic, where configured host+path entries are matched against attacker-controlled request metadata using partial string comparisons instead o...
SUSE CVE-2026-55203
HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record...
CVE-2026-48772
ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 2.0.0 through 3.0.8, the ProxySQL MySQL frontend accepts the PROXY UNKNOWN \r\n PP1 frame as a well-formed PROXY protocol header. The HAProxy PROXY protocol v1 specification says that when the protocol token is UNKNOW...
EUVD-2026-37760
undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse...
GHSA-HM92-R4W5-C3MJ undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse
Impact When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination. This cause...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fixed an invalid unregistererrorpath path. The error path of seg6init is incorrect when the CONFIGIPV6SEG6LWTUNNEL configuration option is not defined. In such cases, if seg6hmacinit fails, the genlunregisterfamily...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: Fixed soft lockups in fib6selectpath under high next hop changes. Soft lockups were observed on a cluster of Linux-based edge routers located in a highly dynamic environment. Using the bird service, these routers continuous...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: Net: Marvell: Pestera: Fixed handling of IPv4 routes with nhid. Fixed the handling of IPv4 routes that reference a nexthop via its id by replacing calls to fibinfonh with fibinfonhc. When attempting to add an IPv4 route that...
EUVD-2026-37905
HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record...
CVE-2026-55203
HAProxy