Lucene search
K

5290 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-44684

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpssimodule module. This vulnerability may exist when the Server-Side Includes SSI, proxypass, and proxybuffering off directives are configured. With this configuration, an unauthenticated attacker with man-in-the-middle MITM abili...

8.3CVSS6.1AI score
Exploits0References1
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-48125

A flaw was found in UAParser.js, a JavaScript library for detecting client information. A remote attacker can exploit this vulnerability by sending a specially crafted Sec-CH-UA-Model header when the application uses the Client Hints API. This can cause excessive CPU usage due to a regular...

5.3CVSS6AI score0.00371EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-47423

A flaw was found in DOMPurify, a DOM-only cross-site scripting XSS sanitizer. Due to the default allowance of selectedcontent, a remote attacker could craft a malicious payload that, after initial sanitization, could be re-cloned by browsers, leading to the execution of unsanitized markup. This...

8.2CVSS6.1AI score0.00278EPSS
Exploits0References6
NVD
NVD
added 2 days ago3 views

CVE-2026-14646

Nexus Repository 3 did not apply its existing Server-Side Request Forgery SSRF protections to HTTP redirect targets returned by proxy repository upstream servers. Any user with read access to a proxy repository backed by an attacker-controlled or compromised upstream server — including an anonymo...

4.9CVSS0.00265EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago23 views

CVE-2026-14646 Nexus Repository 3 - Server-Side Request Forgery (SSRF) via HTTP Redirect

Nexus Repository 3 did not apply its existing Server-Side Request Forgery SSRF protections to HTTP redirect targets returned by proxy repository upstream servers. Any user with read access to a proxy repository backed by an attacker-controlled or compromised upstream server — including an anonymo...

4.9CVSS0.00265EPSS
Exploits0References2
CVE
CVE
added 2 days ago3 views

CVE-2026-14646

Nexus Repository 3 contains an SSRF issue where existing SSRF protections are not applied to HTTP redirect targets from proxy upstreams. If a user with read access to a proxy repo backed by an attacker-controlled or compromised upstream server — including anonymous users when enabled — requests c...

4.9CVSS6.1AI score0.00265EPSS
Exploits0References2
OSV
OSV
added 3 days ago3 views

MAL-2026-10489 Malicious code in permcserver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf9fcdfd2e40ddb8c0aef4fa0fb93f2d0bcf3b0c00104057076f8013a70812d6 The package's main index.js is a 10-line FFI shim that spawns a worker, dlopens the bundled lib-linux.so via koffi, and immediately invokes the nativ...

6.3AI score
Exploits0References4
Oracle linux
Oracle linux
added 3 days ago5 views

kernel security, bug fix, and enhancement update

4.18.0-553.141.1 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

7.8CVSS7AI score0.0031EPSS
Exploits0
NVD
NVD
added 6 days ago14 views

CVE-2026-55233

OpenResty is a high performance web platform. From 1.29.2.1 to before 1.29.2.5, an out-of-bounds write vulnerability exists in the upstream PROXY protocol v2 implementation. When OpenResty is configured to send PROXY protocol version 2 headers to upstream servers, constructing the header in the...

7.5CVSS0.00343EPSS
Exploits0References2
CVE
CVE
added 6 days ago10 views

CVE-2026-55233

OpenResty vulnerable versions: 1.29.2.1–1.29.2.4. A PROXY protocol v2 header construction in the stream patch can cause an out-of-bounds write, crashing the worker and causing a denial of service. This affects only configurations that enable PROXY protocol v2 for upstream connections. The issue i...

7.5CVSS6.1AI score0.00343EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-55233 OpenResty: Buffer overflow when writing PROXY protocol v2 header to upstream

OpenResty is a high performance web platform. From 1.29.2.1 to before 1.29.2.5, an out-of-bounds write vulnerability exists in the upstream PROXY protocol v2 implementation. When OpenResty is configured to send PROXY protocol version 2 headers to upstream servers, constructing the header in the...

7.5CVSS0.00343EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 6 days ago4 views

undici: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding

A flaw was found in undici. The cookie parser in the parseSetCookie function incorrectly decodes cookie values, which is contrary to standard specifications. This vulnerability allows an attacker-controlled upstream to inject arbitrary HTTP response headers, such as Set-Cookie, Location, or...

5.9CVSS6.1AI score0.00257EPSS
Exploits0References6
NVD
NVD
added 6 days ago7 views

CVE-2026-55638

9Router is an AI router & token saver. Prior to 0.5.2, 9router protects /v1, /v1beta, /api/v1, and /api/v1beta in src/dashboardGuard.js but omits /codex before next.config.mjs rewrites /codex/ to /api/v1/responses. A remote unauthenticated attacker can send requests to /codex/ to bypass the API-k...

8.6CVSS0.00372EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago29 views

CVE-2026-56675 9router: Reverse proxy locality collapse allows unauthenticated access to 9router /v1 APIs

9Router is an AI router & token saver. Prior to 0.5.2, 9router treats loopback requests as trusted and allows /v1/ access without an API key, so a same-host reverse proxy that forwards public traffic to the backend through 127.0.0.1 causes src/dashboardGuard.js to misclassify external requests as...

8.3CVSS0.00315EPSS
Exploits0References3
CVE
CVE
added 6 days ago7 views

CVE-2026-55638

9router prior to version 0.5.2 exposed an unauthenticated access path via /codex that bypassed the API-key gate due to an incomplete rewrite handling. An attacker could send requests to /codex/* and trigger upstream provider calls using operator-stored LLM provider credentials. The vulnerability ...

8.6CVSS6.1AI score0.00372EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago29 views

CVE-2026-55638 9router: Unauthenticated LLM proxy access via /codex rewrite authorization bypass

9Router is an AI router & token saver. Prior to 0.5.2, 9router protects /v1, /v1beta, /api/v1, and /api/v1beta in src/dashboardGuard.js but omits /codex before next.config.mjs rewrites /codex/ to /api/v1/responses. A remote unauthenticated attacker can send requests to /codex/ to bypass the API-k...

8.6CVSS0.00372EPSS
Exploits0References3
CVE
CVE
added 6 days ago9 views

CVE-2026-55641

9router (affected component: /v1 LLM proxy logic) had an unauthenticated bypass due to client-controlled Host header processing before version 0.5.2. This allowed a remote attacker to craft Host: localhost to bypass API-key checks, potentially enabling upstream provider calls with stored credenti...

8.2CVSS6.1AI score0.00246EPSS
Exploits0References3
Veracode
Veracode
added 6 days ago6 views

Improper Certificate Validation

Coder is vulnerable to Improper Certificate Validation. The vulnerability is due to the AI Bridge Proxy aibridgeproxyd creating a default HTTPS transport with InsecureSkipVerify enabled when no upstream proxy is configured, which allows an on-path man-in-the-middle attacker to present a forged TL...

7.4CVSS6.1AI score0.00258EPSS
Exploits0References8Affected Software2
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-42721

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on MX Series allows adjacent subscribers to bypass configured firewall filters. On MX Series devices with MPC10/11, LC4800/9600, and MX304 with subscribers...

5.3CVSS6AI score0.00238EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 6 days ago9 views

Coder 2.30.x < 2.32.7 / 2.33.x < 2.33.8 / 2.34.x < 2.34.2 AI Bridge Proxy TLS Verification Bypass

The version of Coder installed on the remote host is 2.30.x prior to 2.32.7, 2.33.x prior to 2.33.8, or 2.34.x prior to 2.34.2. It is, therefore, affected by a vulnerability. The AI Bridge Proxy skips TLS certificate verification in the default configuration. The proxy created a goproxy server...

7.4CVSS6.1AI score0.00258EPSS
Exploits0References2
Rows per page
Query Builder