CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

335 matches found

Github Security Blog•added 5 days ago•7 views

guzzlehttp/guzzle: Silent HTTPS-Proxy Downgrade to Cleartext

Impact The built-in cURL handlers GuzzleHttp\Handler\CurlHandler and GuzzleHttp\Handler\CurlMultiHandler, used by default whenever the PHP cURL extension is available accept an https:// proxy — a proxy reached over a TLS-encrypted connection — through the proxy request option, client-level proxy...

5.9CVSS5.9AI score

Exploits0References2Affected Software1

Friends Of PHP•added 6 days ago•6 views

Silent HTTPS proxy downgrade to cleartext

5.9CVSS5.9AI score

Exploits0Affected Software1

Tenable Nessus•added 2026/05/11 12:0 a.m.•6 views

Unity Linux 20.1060e / 20.1070e Security Update: curl (UTSA-2026-017535)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017535 advisory. curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets...

4.3CVSS6.7AI score0.03141EPSS

Exploits1References4

IBM Security Bulletins•added 2026/05/01 7:38 a.m.•4 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to denial-of-service due to Jetty

Summary A security vulnerability in Jetty's ThreadLimitHandler.getRemote can be exploited by unauthorized users to cause remote denial-of-service DoS attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory. IBM Sterling Secure Proxy...

6.5CVSS6.7AI score0.01037EPSS

Exploits1Affected Software1

Fedora•added 2026/04/25 1:56 a.m.•3 views

[SECURITY] Fedora 44 Update: tinyproxy-1.11.2-7.fc44

tinyproxy is a small, efficient HTTP/SSL proxy daemon that is very useful in a small network setting, where a larger proxy like Squid would either be too resource intensive, or a security risk...

8.7CVSS5.2AI score0.00899EPSS

Exploits1

Fedora•added 2026/04/22 11:42 a.m.•7 views

[SECURITY] Fedora 42 Update: tinyproxy-1.11.2-7.fc42

tinyproxy is a small, efficient HTTP/SSL proxy daemon that is very useful in a small network setting, where a larger proxy like Squid would either be too resource intensive, or a security risk...

8.7CVSS5.2AI score0.00899EPSS

Exploits1

Fedora•added 2026/04/22 7:50 a.m.•7 views

[SECURITY] Fedora 43 Update: tinyproxy-1.11.2-7.fc43

tinyproxy is a small, efficient HTTP/SSL proxy daemon that is very useful in a small network setting, where a larger proxy like Squid would either be too resource intensive, or a security risk...

8.7CVSS5.2AI score0.00899EPSS

Exploits1

IBM Security Bulletins•added 2026/03/09 10:10 a.m.•6 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to bypass of Trust Restrictions due to Eclipse Jersey

Summary A race condition in Eclipse Jersey can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. IBM Sterling Secure Proxy has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-12383 DESCRIPTION: I...

9.4CVSS5.8AI score0.00271EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/02/26 3:4 a.m.•10 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2025-64756 DESCRIPTION: Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the...

9.8CVSS6.7AI score0.03026EPSS

Exploits4Affected Software1

GithubExploit•added 2026/02/15 5:40 p.m.•171 views

Exploit for Missing Authentication for Critical Function in Paloaltonetworks Pan-Os

PAN-OS Stored XSS — Incomplete Sanitization of a Known-Bad Var...

9.8CVSS5.8AI score0.99698EPSS

Exploits16

IBM Security Bulletins•added 2026/02/11 4:43 a.m.•8 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to denial-of-service due to IBM Java Runtime

Summary A buffer-overflow flaw in the OMR component of the OpenJ9 JVM may allow a local attacker to inflict a denial-of-service by inducing a JVM crash. IBM Sterling Secure Proxy has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTION: In the Eclipse OMR port libra...

9.8CVSS6AI score0.00491EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/02/10 5:7 p.m.•15 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to uncontrolled recursion due to Apache Commons Lang.

Summary The methods ClassUtils.getClass... in Apache Commons Lang can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. IBM Sterling Secure Proxy has addressed the applicabl...

5.3CVSS5.5AI score0.02164EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/11/17 5:14 p.m.•6 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest fixpack Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D...

9.4CVSS6AI score0.01735EPSS

Exploits2Affected Software1