Lucene search
+L

32 matches found

cnnvd
cnnvd
added 2026/03/09 12:0 a.m.12 views

Shannon 信任管理问题漏洞

Shannon is an open-source white-box penetration testing tool developed by KeygraphHQ. Shannon has a vulnerability related to trust management, which stems from hardcoded API keys in router configurations. This vulnerability could allow unauthenticated attackers to make proxy requests and...

7.3CVSS5.8AI score0.00243EPSS
Exploits0References4
euvd
euvd
added 2026/01/19 9:16 p.m.28 views

EUVD-2026-3280

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.13.2, unauthenticated requests could be proxied to remote environment agents, allowing access to remote environment resources without authentication. The environment proxy middleware handled...

9.3CVSS5.6AI score0.00445EPSS
Exploits0References4
snyk
snyk
added 2025/10/01 9:20 p.m.3 views

Unintended Proxy or Intermediary ('Confused Deputy')

Overview marimo is an A library for making reactive notebooks and apps Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via the /mpl/port/ endpoint, which acts as an unauthenticated proxy. An attacker can access internal services and arbitrary...

6.9CVSS7.2AI score
Exploits0References3
osv
osv
added 2025/10/01 9:20 p.m.2 views

GHSA-XJV7-6W92-42R7 marimo vulnerable to proxy abuse of /mpl/{port}/

Summary The /mpl// endpoint, which is accessible without authentication on default Marimo installations allows for external attackers to reach internal services and arbitrary ports. Details From our understanding, this route is used internally to provide access to interactive matplotlib...

6.9CVSS7.5AI score
Exploits0References5
github
github
added 2025/10/01 9:20 p.m.15 views

marimo vulnerable to proxy abuse of /mpl/{port}/

Summary The /mpl// endpoint, which is accessible without authentication on default Marimo installations allows for external attackers to reach internal services and arbitrary ports. Details From our understanding, this route is used internally to provide access to interactive matplotlib...

7.7AI score
Exploits0References5Affected Software1
cnnvd
cnnvd
added 2024/08/12 12:0 a.m.5 views

openHAB 安全漏洞

openHAB is an open source home automation application from openHAB. A security vulnerability exists in versions prior to openHAB 4.2.1 that stems from a proxy endpoint that allows access to add-ons without authentication, which can be used as a server request forgery to induce GET HTTP requests t...

10CVSS5.9AI score0.01035EPSS
Exploits0References4
wpexploit
wpexploit
added 2023/10/09 12:0 a.m.167 views

Photos and Files Contest Gallery – Contact Form < 21.2.8.1 - Unauthenticated Stored XSS via HTTP Headers

Description The plugin does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers. 1. Use a proxy such as BurpSuite to add the following header to all requests: X-Forwarded-For: 11.11.11.11 2. Create a gallery...

6.1CVSS6.1AI score0.00501EPSS
Exploits2References1
osv
osv
added 2021/08/02 11:15 a.m.4 views

CVE-2021-24472

The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will have the web server fetch and display the content from any URI, this would allow for SSRF Server...

9.8CVSS5.8AI score0.56614EPSS
Exploits2References1
packetstorm
packetstorm
added 2021/04/22 12:0 a.m.435 views

Packed.Win32.Black.d Unauthenticated Open Proxy

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/17e3836682ffb0913459ece7c3f0786d.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Packed.Win32.Black.d Vulnerability: Unauthenticated Open Proxy Description: The malware listens on T...

0.2AI score
Exploits0
nvd
nvd
added 2017/09/03 7:29 p.m.20 views

CVE-2017-14117

The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remote attackers to establish arbitrary TCP connections to intranet hosts by sending \x2a\xce\x01...

5.9CVSS6AI score0.08024EPSS
Exploits1References3
osv
osv
added 2017/09/03 7:29 p.m.3 views

CVE-2017-14117

The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remote attackers to establish arbitrary TCP connections to intranet hosts by sending \x2a\xce\x01...

5.9CVSS5.9AI score0.08024EPSS
Exploits1References3
cvelist
cvelist
added 2017/09/03 7:0 p.m.22 views

CVE-2017-14117

The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remote attackers to establish arbitrary TCP connections to intranet hosts by sending \x2a\xce\x01...

6.7AI score0.08024EPSS
Exploits1References3
Rows per page
Query Builder