Lucene search
K

124 matches found

SUSE CVE
SUSE CVE
added 2026/07/07 3:21 p.m.8 views

SUSE CVE-2026-9697

Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servernam...

7.4CVSS6AI score0.00476EPSS
Exploits0References4
OSV
OSV
added 2026/07/06 12:0 a.m.5 views

ALSA-2026:35891 Important: nodejs:24 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-42338 undici: undici: Denial of Service due to...

9.8CVSS6.5AI score0.02806EPSS
Exploits1References32
OSV
OSV
added 2026/06/25 5:17 p.m.3 views

DEBIAN-CVE-2026-56123

socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allows a malicious SOCKS5 proxy server to overwrite adjacent heap memory by exploiting a sign-extension flaw in the DOMAINNAME reply parser. During connection setup, the domain name length byte is read...

9.8CVSS6AI score0.00308EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 2:20 p.m.11 views

EUVD-2026-37760

undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse...

7.5CVSS6.4AI score0.00358EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/19 2:20 p.m.11 views

undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse

Impact When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination. This cause...

8.8CVSS6.4AI score0.00358EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/19 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-6734

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the...

8.8CVSS6.7AI score0.00358EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/17 6:21 p.m.8 views

Origin Validation Error

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Origin Validation Error in the Socks5ProxyAgent. An attacker can intercept or redirect sensitive data, including credentials and request payloads, to unintended origins b...

8.8CVSS6.4AI score0.00358EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 6:18 p.m.18 views

CVE-2026-9697

Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servernam...

7.4CVSS0.00476EPSS
Exploits0References14
NVD
NVD
added 2026/06/17 6:18 p.m.13 views

CVE-2026-6734

Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination. This caus...

8.8CVSS0.00358EPSS
Exploits0References14
OSV
OSV
added 2026/06/17 6:18 p.m.4 views

UBUNTU-CVE-2026-6734

Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination. This caus...

8.8CVSS6.4AI score0.00358EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/17 4:36 p.m.8 views

CVE-2026-6734

Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination. This caus...

8.8CVSS5.9AI score0.00358EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/17 4:36 p.m.30 views

CVE-2026-6734 undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse

Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination. This caus...

7.5CVSS0.00358EPSS
Exploits0References2
OSV
OSV
added 2026/05/25 2:0 p.m.15 views

EEF-CVE-2026-47071 SOCKS5 TLS upgrade ignores caller timeout in hackney

Summary Uncontrolled Resource Consumption vulnerability in benoitc hackney allows Flooding. The SOCKS5 transport in src/hackney\socks5.erl correctly applies the caller-supplied timeout to the SOCKS5 negotiation phase, but then upgrades the connection to TLS using the two-argument form...

8.2CVSS6AI score0.00703EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2026/05/18 12:0 a.m.75 views

📄 Bichon 1.0.2 SOCKS5 Proxy Topology Disclosure

Bichon version 1.0.2 suffers from a SOCKS5 proxy topology disclosure vulnerability via /list-proxy. Bichon 1.0.2 SOCKS5 Proxy Topology Disclosure via /list-proxy ============================================================= Vendor: rustmailer Product: Bichon - self-hosted email archiving server...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.4 views

Siemens SIMATIC S7-1500 Heap-based Buffer Overflow (CVE-2023-38545)

This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the hostname to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that hostname can be is 255 bytes. If the hostname ...

9.8CVSS7.1AI score0.78483EPSS
Exploits6References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2009-2465

Malware in sbrugna...

5CVSS9.3AI score0.01991EPSS
Exploits0References21
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-23192

Malicious code in bioql PyPI...

7.5CVSS6.4AI score0.00541EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-32624

Malicious code in bioql PyPI...

7.8CVSS8.1AI score0.00381EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2025/10/02 1:7 p.m.9 views

Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown

Cybersecurity researchers have flagged a malicious package on the Python Package Index PyPI repository that claims to offer the ability to create a SOCKS5 proxy service, while also providing a stealthy backdoor-like functionality to drop additional payloads on Windows systems. The deceptive...

6.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/07/30 12:0 a.m.12 views

PT-2025-31441 · Vproxy · Vproxy

Name of the Vulnerable Software and Affected Versions: vproxy versions 2.3.3 and below Description: vproxy is an HTTP/HTTPS/SOCKS5 proxy server. Untrusted data from the user-controlled HTTP Proxy-Authorization header is passed to Extension::try from and then to parse ttl extension where it is...

7.5CVSS6.3AI score0.00541EPSS
Exploits0References10
Rows per page
Query Builder