Tag

Proxy

10 briefs RSS

CVE-2026-55203 HAProxy Integer Overflow in FastCGI Handling

An integer overflow vulnerability (CVE-2026-55203) in HAProxy through version 3.4.0 allows malicious FastCGI backends to desynchronize the FCGI framing parser, leading to request routing errors, response smuggling, or memory safety issues.

HAProxy vulnerability fastcgi integer-overflow webserver proxy

2r 3t 2d ago

high threat

Heimdall Proxy Forwarded Header Injection via Unsanitized Host Header

1 rule 1 TTP

Attackers can exploit Heimdall proxy versions <= 0.17.16 operating in proxy mode by injecting malicious values into the `Host` HTTP header, leading to the construction of a manipulated `Forwarded` header that can spoof client IP addresses for upstream services, potentially bypassing IP-based access controls.

exploited Heimdall header-injection proxy access-control-bypass ip-spoofing vulnerability web

1r 1t 2d ago

medium advisory

Squid Vulnerability Allows Security Bypass and Information Disclosure

2 rules 2 TTPs

A remote, anonymous attacker can exploit a vulnerability in Squid to bypass security precautions and disclose information, potentially leading to unauthorized access or data leakage.

Squid defense-evasion discovery proxy

2r 2t May 20, 2026

high advisory

Caddy Defender Client IP Bypass Vulnerability (CVE-2026-46415)

2 rules 1 TTP

Caddy Defender versions before v0.10.1 are vulnerable to a client IP bypass (CVE-2026-46415) when deployed behind a trusted proxy, allowing blocked clients to bypass Defender's IP-based restrictions.

caddy-defender cve defender proxy bypass ghsa

2r 1t May 19, 2026

medium advisory

CVE-2026-7168 Cross-Proxy Digest Authentication State Leak

2 rules 1 CVE

Microsoft published information regarding CVE-2026-7168, a cross-proxy Digest authentication state leak.

authentication state-leak proxy cve

2r 1c May 19, 2026

medium advisory

Goobi Viewer Unauthenticated Solr Streaming Expression Proxy Vulnerability

2 rules 1 TTP

The Goobi viewer REST endpoint accepted an arbitrary Solr streaming expression from unauthenticated network clients, enabling attackers to read, modify, or delete the complete Solr index; this was resolved by removing the affected API endpoint.

Goobi viewer solr proxy unauthenticated CVE-2026-45083 critical

2r 1t May 13, 2026

medium advisory

Potential Protocol Tunneling via Cloudflared

2 rules 2 TTPs 1 IOC

Adversaries may abuse Cloudflare Tunnel (cloudflared) on Windows systems to proxy command and control traffic or exfiltrate data through Cloudflare's edge, evading direct connection blocking.

M365 Defender +1 cloudflare tunneling command and control proxy

2r 2t 1i May 5, 2026

high advisory

Mirax RAT Targeting Android Users in Europe

2 rules 4 TTPs

Mirax RAT, a new Android RAT distributed as MaaS, is targeting European users by turning infected devices into residential proxy nodes and enabling credential theft via overlay and notification injection.

android rat mirax malware-as-a-service proxy

2r 4t Apr 16, 2026

medium advisory

Potential Protocol Tunneling via Yuze

2 rules 3 TTPs

This alert detects potential protocol tunneling activity via the execution of Yuze, a lightweight open-source tunneling tool often used by threat actors for intranet penetration via forward and reverse SOCKS5 proxy tunneling.

Defender XDR +2 command-and-control tunneling yuze proxy

2r 3t Jan 2, 2024

high advisory

Okta User Session Start via Anonymizing Proxy Service

2 rules 1 TTP

Detection of Okta user sessions initiated through anonymizing proxy services, potentially indicating malicious activity or attempts to evade security controls.

Okta identity proxy defense-evasion

2r 1t Jan 2, 2024