Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
proxy vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-23596
jc21 NGINX Proxy Manager up to and including 2.9.19 allows OS command injection. When creating an access list, the backend builds an htpasswd file with crafted username and/or password input that is concatenated without any validation, and is directly passed to the exec command, ...
Jc21 Nginx Proxy Manager
2.1
CVSSv2
CVE-2018-1000150
An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealm#authContext that allows attackers with local file system access to obtain a list of authorities for logged in users.
Jenkins Reverse Proxy Auth
4.9
CVSSv2
CVE-2021-41130
Extensible Service Proxy, a.k.a. ESP is a proxy which enables API management capabilities for JSON/REST or gRPC API services. ESPv1 can be configured to authenticate a JWT token. Its verified JWT claim is passed to the application by HTTP header "X-Endpoint-API-UserInfo"...
Google Extensible Service Proxy
3.5
CVSSv2
CVE-2022-28379
jc21.com Nginx Proxy Manager prior to 2.9.17 allows XSS during item deletion.
Nginxproxymanager Nginx Proxy Manager
3.6
CVSSv2
CVE-2021-3456
An improper authorization handling flaw was found in Foreman. The Salt plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local malicious user to access and delete limited resources ...
Theforeman Smart Proxy Salt
NA
CVE-2022-37153
An issue exists in Artica Proxy 4.30.000000. There is a XSS vulnerability via the password parameter in /fw.login.php.
Articatech Artica Proxy 4.30.000000
1 Github repository
NA
CVE-2023-32987
A cross-site request forgery (CSRF) vulnerability in Jenkins Reverse Proxy Auth Plugin 1.7.4 and previous versions allows malicious users to connect to an attacker-specified LDAP server using attacker-specified credentials.
Jenkins Reverse Proxy Auth
5.5
CVSSv2
CVE-2021-40680
There is a Directory Traversal vulnerability in Artica Proxy (4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273) via the filename parameter to /cgi-bin/main.cgi.
Articatech Web Proxy 4.30.000000
5.5
CVSSv2
CVE-2022-21697
Jupyter Server Proxy is a Jupyter notebook server extension to proxy web services. Versions of Jupyter Server Proxy before 3.2.1 are vulnerable to Server-Side Request Forgery (SSRF). Any user deploying Jupyter Server or Notebook with jupyter-proxy-server extension enabled is affe...
Jupyter Jupyter Server Proxy
NA
CVE-2023-32111
In SAP PowerDesigner (Proxy) - version 16.7, an attacker can send a crafted request from a remote host to the proxy machine and crash the proxy server, due to faulty implementation of memory management causing a memory corruption. This leads to a high impact on availability of th...
Sap Powerdesigner Proxy 16.7
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »