Search Vulnerabilities

Unisys WebPerfect Image Suite 3.0 NTLMv2 Hash Leakage via .NET Remoting

Aiven Operator has cross-namespace secret exfiltration via ClickhouseUser connInfoSecretSource

Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF

FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities

Astro: Unauthenticated Path Override via `x-astro-path` / `x_astro_path`

OliveTin: RestartAction always runs actions as guest

Coturn: IPv4-mapped IPv6 (::ffff:0:0/96) bypasses denied-peer-ip ACL

An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to send malformed messages to the...

Improper Validation in Conduit-derived homeservers resulting in Unintended Proxy or Intermediary ('Confused Deputy')

Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName

Nuvation Energy nCloud Client-to-Client Communication

Nuvation Energy Multi-Stack Controller Proxy service allows arbitrary BMS access

Gitea before 1

Conduit-derived homeservers are affected by a Confused Deputy and Improper Input Validation issue

Insights-runtimes-tech-preview/runtimes-inventory-rhel8-operator: improper proxy configuration allows unauthorized administrative commands

fastify-reply-from bypass of reply forwarding

Rack has Possible Information Disclosure Vulnerability

kro (Kube Resource Orchestrator) 0

code-server session cookie can be extracted by having user visit specially crafted proxy URL

Unintended proxy or intermediary ('Confused Deputy') issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unaut...