Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-441

CWE-441

Unintended Proxy or Intermediary ('Confused Deputy')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product's control sphere. This causes the product to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor.

92 vulnerabilities with CWE-441

CVE-2026-27624 HIGH

coturn < 4.9.0 - Improper Access Control via IPv4-Mapped IPv6 Bypass

CVE-2026-24471 CRITICAL

Continuwuity and Conduit Matrix Homeservers - Arbitrary Event Signing

CVE-2026-24470 HIGH

Skipper <0.24.0 - Privilege Escalation

CVE-2025-48570 HIGH

Android 14 PipTaskOrganizer - Background Activity Launch Privilege Escalation

CVE-2025-62718 CRITICAL

Axios <1.15.0 and <0.31.0 NO_PROXY - Server-Side Request Forgery

CVE-2025-48646 HIGH

ActivityStarter.java - Privilege Escalation

CVE-2025-48579 HIGH

MediaProvider.java - Privilege Escalation

CVE-2025-64125 CRITICAL

Nuvation Energy nCloud VPN Service - Info Disclosure

CVE-2025-64123 CRITICAL

Nuvation Energy Multi-Stack Controller <=2.5.1 - Network Boundary Bridging

CVE-2025-68944 MEDIUM

Gitea < 1.22.2 - Unintended Proxy or Intermediary via Token Scope Mishandling

CVE-2025-68667 CRITICAL

Conduit Matrix Homeservers - Forged Membership Event Signing

CVE-2025-11393 HIGH

Runtimes-Inventory-Rhel8-Operator - Privilege Escalation

CVE-2025-36889 MEDIUM

Android - Local Information Disclosure via CameraActivity Confused Deputy

CVE-2025-48628 HIGH

PrintManagerService - Privilege Escalation

CVE-2025-48598 MEDIUM

Face Unlock Settings - Privilege Escalation

CVE-2025-48586 HIGH

EditFdnContactScreen - Info Disclosure

CVE-2025-48555 HIGH

NotificationStation - Info Disclosure

CVE-2025-48536 HIGH

SettingsSliceProvider - Privilege Escalation

CVE-2025-22420 HIGH

Multiple Locations - Info Disclosure

CVE-2025-66415 MEDIUM

fastify/reply-from < 12.5.0 - Unintended Proxy Access via Malicious URL

CVE-2025-61780 MEDIUM

Rack < 2.2.20 - Proxy Request Redirection via Untrusted x-sendfile Headers

CVE-2025-32320 HIGH

Android System UI - Unintended Proxy or Intermediary

CVE-2025-32317 MEDIUM

Android - Information Disclosure via App Widget Confused Deputy

CVE-2025-48560 MEDIUM

AndroidManifest.xml - Info Disclosure

CVE-2025-48551 MEDIUM

Android - Local Information Disclosure via Confused Deputy

Previous Page 2 of 4 Next

Details

Vulnerabilities 92

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy