CVE-2025-4366 – Pingora Pingora-proxy Request Smuggling Vulnerability

May 22, 2025

CVE ID : CVE-2025-4366

Published : May 22, 2025, 4:15 p.m. | 31 minutes ago

Description : A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning.

Fixed in: https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff

Impact: The issue could lead to request smuggling in cases where Pingora’s proxying framework, pingora-proxy, is used for caching allowing an attacker to manipulate headers and URLs in subsequent requests made on the same HTTP/1.1 connection.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5081 – Campcodes Cybercafe Management System SQL Injection Vulnerability

Next Article CVE-2025-45468 – FC Stable Diffusion Plus Privilege Escalation Vulnerability

Highlights

CVE-2025-1975 – Ollama Server Array Index Access Denial of Service Vulnerability

May 16, 2025

CVE ID : CVE-2025-1975

Published : May 16, 2025, 9:15 a.m. | 3 hours, 7 minutes ago

Description : A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can lead to a server crash.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

A Week In The Life Of An AI-Augmented Designer

This week in AI updates: Gemini Code Assist Agent Mode, GitHub’s Agents panel, and more (August 22, 2025)

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

Blackstone portfolio company R Systems Acquires Novigo Solutions, Strengthening its Product Engineering and Full-Stack Agentic-AI Capabilities

The best AirTag alternative for Samsung users is currently 30% off

One of the biggest new features on the Google Pixel 10 is also one of the most overlooked

I tested these viral ‘crush-proof’ Bluetooth speakers, and they’re not your average portables

I compared the best smartwatches from Google and Apple – and there’s a clear winner

MongoDB Data Types

MongoDB Data Types

Building Cross-Platform Alerts with Laravel’s Notification Framework

Add Notes Functionality to Eloquent Models With the Notable Package

Microsoft Teams updated with a feature you probably thought already existed — “Can you hear me?” is now a thing of the past

Microsoft Teams updated with a feature you probably thought already existed — “Can you hear me?” is now a thing of the past

Xbox Game Pass gets Gears of War: Reloaded, Dragon Age: The Veilguard, and more — here’s what is coming through the rest of August

Resident Evil ‘9’ Requiem has some of the most incredible lighting I’ve seen in a game — and Capcom uses it as a weapon

CVE-2025-4366 – Pingora Pingora-proxy Request Smuggling Vulnerability

Blue Locker ransomware hits critical infrastructure – is your organisation ready?

GeoServer Exploits, PolarEdge, and Gayfemboy Push Cybercrime Beyond Traditional Botnets

Simple to do app with ng-repeat

CVE-2025-52584 – Ashlar-Vellum Cobalt Heap-Based Buffer Overflow Vulnerability

CVE-2025-48367 – Redis Denial of Service Vulnerability

Pompelmi – File-upload malware scanning for Node.js

CVE-2025-1975 – Ollama Server Array Index Access Denial of Service Vulnerability

CodeSOD: A Dropped Down DataSet

Grow A Garden Calculator

CVE-2025-45487 – Linksys E5600 Command Injection Vulnerability

CVE-2025-4366 – Pingora Pingora-proxy Request Smuggling Vulnerability

Related Posts