Lucene search
+L

683 matches found

nuclei
nuclei
added 9 hours ago64 views

Artica Web Proxy 4.30 - OS Command Injection

Artica Web Proxy 4.30 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via servicecmdspeform. id: CVE-2020-17505 info: name: Artica Web Proxy 4.30 - OS Command Injection author: dwisiswant0...

9CVSS7.1AI score0.82165EPSS
Exploits4References5
nvd
nvd
added 2 days ago3 views

CVE-2026-49800

Integer overflow or wraparound in Windows Web Proxy Auto-Discovery Protocol WPAD allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00245EPSS
Exploits0References1
cve
cve
added 2 days ago5 views

CVE-2026-50480

Windows Web Proxy Auto-Discovery Protocol (WPAD) has a heap-based buffer overflow vulnerability (CVE-2026-50480) that can be exploited by an authenticated local attacker to achieve privilege escalation. The issue affects WPAD in Windows, with the root cause described as a heap-based overflow in W...

7.8CVSS6.1AI score0.00245EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2 days ago2 views

CVE-2026-49800 Windows Web Proxy Auto-Discovery Protocol (WPAD) Elevation of Privilege Vulnerability

...

7.8CVSS6.1AI score0.00245EPSS
Exploits0References1
cvelist
cvelist
added 2 days ago22 views

CVE-2026-49800 Windows Web Proxy Auto-Discovery Protocol (WPAD) Elevation of Privilege Vulnerability

...

7.8CVSS0.00245EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2 days ago5 views

PT-2026-58455

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A heap-based buffer overflow exists in the Windows Web Proxy Auto-Discovery Protocol WPAD. This flaw allows an authorized attacker with local access to elevate their privileges on the system....

7.8CVSS6.2AI score0.00245EPSS
Exploits0References3
osv
osv
added 2026/06/30 11:16 a.m.4 views

UBUNTU-CVE-2026-13316

A flaw has been found in foreman when HTTP parameters are modified in httpproxiescontroller and httpproxy files. Attackers can perform an SSRF attack and steal cloud metadata service on AWS/GCP/Azure environment through foreman component...

4.4CVSS5.7AI score0.00105EPSS
Exploits0References4
cvelist
cvelist
added 2026/06/25 8:38 p.m.23 views

CVE-2026-12473 OHIF Viewers DICOM Server-Side request forgery

Two data sources DICOMWebProxy and DICOMJSON shipped in the default configuration fetch an arbitrary URL parameter without validation. A global authentication service in OHIF automatically injects the authenticated user's OIDC Bearer token into the resulting requests, sending it to the...

8.3CVSS0.00232EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/22 7:34 a.m.47 views

CVE-2026-54665 Apache NiFi: Missing Validation for Proxy Host Headers

Apache NiFi 0.0.1 through 2.9.0 support building qualified URLs from one of several HTTP request headers that provide an alternative to the standard Host header without validating the values provided. Apache NiFi 1.6.0 introduced a configurable application property to restrict values provided in...

6.3CVSS0.00268EPSS
Exploits0References1
euvd
euvd
added 2026/06/22 7:34 a.m.11 views

EUVD-2026-38216

Apache NiFi 0.0.1 through 2.9.0 support building qualified URLs from one of several HTTP request headers that provide an alternative to the standard Host header without validating the values provided. Apache NiFi 1.6.0 introduced a configurable application property to restrict values provided in...

6.3CVSS5.9AI score0.00268EPSS
Exploits0References1
osv
osv
added 2026/06/17 8:17 p.m.5 views

DEBIAN-CVE-2026-54387

Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbatim to the backend while using Content-Length to determine how many request body bytes to consume. Remote attackers can desynchronize the...

9.3CVSS5.6AI score0.00439EPSS
Exploits0References1
osv
osv
added 2026/06/16 11:43 p.m.7 views

MAL-2026-5937 Malicious code in abuden21 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4db5b16c4a10377beb73341758a26afed16a44d377dc03009601f610dd289b22 The tarball ships auto-publish.sh, which iterates a hardcoded list of 90 unrelated package names imillegal1..N, ishowfeet, nottuff, abuden,...

6.4AI score
Exploits0References4
ossf
ossf
added 2026/06/16 7:27 p.m.9 views

Malicious code in nottuff15 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea629a411d1555cb4dbc80aa218539333aefce15e110ad0a5eaa16e4a58ab5f3 nottuff15 is one entry in a coordinated npm namespace-spam campaign. The tarball ships auto-publish.sh, a bash script that copies the package content...

6.1AI score
Exploits0References4
nessus
nessus
added 2026/06/10 12:0 a.m.7 views

EulerOS 2.0 SP13 : libsoup (EulerOS-SA-2026-2341)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in...

8.2CVSS5.6AI score0.00254EPSS
Exploits1References2
snyk
snyk
added 2026/06/04 2:19 p.m.35 views

Insertion of Sensitive Information Into Sent Data

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the setProxy function. An attacker can obtain proxy credentials by inducing a redirect from an HTTP request sent...

8.2CVSS5.4AI score0.00664EPSS
Exploits1References2
osv
osv
added 2026/06/04 2:19 p.m.6 views

GHSA-P92Q-9VQR-4J8V Axios: Proxy-Authorization Credential Leak to Origin Server Across HTTP-to-HTTPS Redirect in Axios Node.js HTTP Adapter

Summary Axios’s Node.js HTTP adapter may forward a Proxy-Authorization header to a redirected origin during specific proxy-to-direct redirect flows. This affects Node.js usage, where an initial HTTP request is sent through an authenticated HTTP proxy, redirects are followed, and the redirected UR...

8.2CVSS5.8AI score0.00664EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2026/06/04 12:0 a.m.9 views

PT-2026-49120

Root has patched GHSA-6x33-pw7p-hmpq in the @rootio/http-proxy package for Root:npm. Multiple fixed versions available...

5.3AI score
Exploits0References1
redhat
redhat
added 2026/06/03 7:15 a.m.11 views

libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

8.2CVSS5.8AI score0.00254EPSS
Exploits1References5
snyk
snyk
added 2026/06/01 9:0 p.m.13 views

Malicious Package

Overview sixseven6 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
added 2026/06/01 9:0 p.m.13 views

Malicious Package

Overview nottuff10 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...

9.8CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder