5290 matches found
EUVD-2026-44684
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpssimodule module. This vulnerability may exist when the Server-Side Includes SSI, proxypass, and proxybuffering off directives are configured. With this configuration, an unauthenticated attacker with man-in-the-middle MITM abili...
CVE-2026-48125
A flaw was found in UAParser.js, a JavaScript library for detecting client information. A remote attacker can exploit this vulnerability by sending a specially crafted Sec-CH-UA-Model header when the application uses the Client Hints API. This can cause excessive CPU usage due to a regular...
CVE-2026-47423
A flaw was found in DOMPurify, a DOM-only cross-site scripting XSS sanitizer. Due to the default allowance of selectedcontent, a remote attacker could craft a malicious payload that, after initial sanitization, could be re-cloned by browsers, leading to the execution of unsanitized markup. This...
CVE-2026-14646
Nexus Repository 3 did not apply its existing Server-Side Request Forgery SSRF protections to HTTP redirect targets returned by proxy repository upstream servers. Any user with read access to a proxy repository backed by an attacker-controlled or compromised upstream server — including an anonymo...
CVE-2026-14646 Nexus Repository 3 - Server-Side Request Forgery (SSRF) via HTTP Redirect
Nexus Repository 3 did not apply its existing Server-Side Request Forgery SSRF protections to HTTP redirect targets returned by proxy repository upstream servers. Any user with read access to a proxy repository backed by an attacker-controlled or compromised upstream server — including an anonymo...
CVE-2026-14646
Nexus Repository 3 contains an SSRF issue where existing SSRF protections are not applied to HTTP redirect targets from proxy upstreams. If a user with read access to a proxy repo backed by an attacker-controlled or compromised upstream server — including anonymous users when enabled — requests c...
MAL-2026-10489 Malicious code in permcserver (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf9fcdfd2e40ddb8c0aef4fa0fb93f2d0bcf3b0c00104057076f8013a70812d6 The package's main index.js is a 10-line FFI shim that spawns a worker, dlopens the bundled lib-linux.so via koffi, and immediately invokes the nativ...
kernel security, bug fix, and enhancement update
4.18.0-553.141.1 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...
CVE-2026-55233
OpenResty is a high performance web platform. From 1.29.2.1 to before 1.29.2.5, an out-of-bounds write vulnerability exists in the upstream PROXY protocol v2 implementation. When OpenResty is configured to send PROXY protocol version 2 headers to upstream servers, constructing the header in the...
CVE-2026-55233
OpenResty vulnerable versions: 1.29.2.1–1.29.2.4. A PROXY protocol v2 header construction in the stream patch can cause an out-of-bounds write, crashing the worker and causing a denial of service. This affects only configurations that enable PROXY protocol v2 for upstream connections. The issue i...
CVE-2026-55233 OpenResty: Buffer overflow when writing PROXY protocol v2 header to upstream
OpenResty is a high performance web platform. From 1.29.2.1 to before 1.29.2.5, an out-of-bounds write vulnerability exists in the upstream PROXY protocol v2 implementation. When OpenResty is configured to send PROXY protocol version 2 headers to upstream servers, constructing the header in the...
undici: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding
A flaw was found in undici. The cookie parser in the parseSetCookie function incorrectly decodes cookie values, which is contrary to standard specifications. This vulnerability allows an attacker-controlled upstream to inject arbitrary HTTP response headers, such as Set-Cookie, Location, or...
CVE-2026-55638
9Router is an AI router & token saver. Prior to 0.5.2, 9router protects /v1, /v1beta, /api/v1, and /api/v1beta in src/dashboardGuard.js but omits /codex before next.config.mjs rewrites /codex/ to /api/v1/responses. A remote unauthenticated attacker can send requests to /codex/ to bypass the API-k...
CVE-2026-56675 9router: Reverse proxy locality collapse allows unauthenticated access to 9router /v1 APIs
9Router is an AI router & token saver. Prior to 0.5.2, 9router treats loopback requests as trusted and allows /v1/ access without an API key, so a same-host reverse proxy that forwards public traffic to the backend through 127.0.0.1 causes src/dashboardGuard.js to misclassify external requests as...
CVE-2026-55638
9router prior to version 0.5.2 exposed an unauthenticated access path via /codex that bypassed the API-key gate due to an incomplete rewrite handling. An attacker could send requests to /codex/* and trigger upstream provider calls using operator-stored LLM provider credentials. The vulnerability ...
CVE-2026-55638 9router: Unauthenticated LLM proxy access via /codex rewrite authorization bypass
9Router is an AI router & token saver. Prior to 0.5.2, 9router protects /v1, /v1beta, /api/v1, and /api/v1beta in src/dashboardGuard.js but omits /codex before next.config.mjs rewrites /codex/ to /api/v1/responses. A remote unauthenticated attacker can send requests to /codex/ to bypass the API-k...
CVE-2026-55641
9router (affected component: /v1 LLM proxy logic) had an unauthenticated bypass due to client-controlled Host header processing before version 0.5.2. This allowed a remote attacker to craft Host: localhost to bypass API-key checks, potentially enabling upstream provider calls with stored credenti...
Improper Certificate Validation
Coder is vulnerable to Improper Certificate Validation. The vulnerability is due to the AI Bridge Proxy aibridgeproxyd creating a default HTTPS transport with InsecureSkipVerify enabled when no upstream proxy is configured, which allows an on-path man-in-the-middle attacker to present a forged TL...
EUVD-2026-42721
An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on MX Series allows adjacent subscribers to bypass configured firewall filters. On MX Series devices with MPC10/11, LC4800/9600, and MX304 with subscribers...
Coder 2.30.x < 2.32.7 / 2.33.x < 2.33.8 / 2.34.x < 2.34.2 AI Bridge Proxy TLS Verification Bypass
The version of Coder installed on the remote host is 2.30.x prior to 2.32.7, 2.33.x prior to 2.33.8, or 2.34.x prior to 2.34.2. It is, therefore, affected by a vulnerability. The AI Bridge Proxy skips TLS certificate verification in the default configuration. The proxy created a goproxy server...