OAuth2 Proxy has an Authorization Bypass in Email Domain Validation via Malformed Multi-@ Email Claims

Impact An authorization bypass exists in OAuth2 Proxy as part of the emaildomain enforcement option. An attacker may be able to authenticate with an email claim such as [email protected]@company.com and satisfy an allowed domain check for company.com, even though the claim is not a valid email...

EUVD-2026-22293

Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains...

CVE-2026-27818

TerriaJS-Server (Node.js Express) has a validation bug in versions prior to 4.0.3 that allows proxying of domains not explicitly allowed in the proxyableDomains allowlist. The issue is fixed in version 4.0.3. Impact is that unapproved domains could be proxied; explicit exploit details or in‑the‑w...

CVE-2026-27818 TerriaJS-Server has a domain validation bypass vulnerability in its proxy allowlist

TerriaJS-Server is a NodeJS Express server for TerriaJS, a library for building web-based geospatial data explorers. A validation bug in versions prior to 4.0.3 allows an attacker to proxy domains not explicitly allowed in the proxyableDomains configuration. Version 4.0.3 fixes the issue...

GHSA-96PQ-HXPW-RGH8 Craft CMS: save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host

Summary - The saveimagesAsset graphql mutation allows a user to give a url of an image to download. Url must use a domain, not a raw IP. - Attacker sets up domain attacker.domain with an A record of something like 169.254.169.254 special AWS metadata IP - Attacker invokes saveimagesAsset with url...

CVE-2026-24052 Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains

Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith function to validate trusted domains e.g., docs.python.org,...

CVE-2026-24052 Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains

Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith function to validate trusted domains e.g., docs.python.org,...

GHSA-VHW5-3G5M-8GGF Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains

Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith function to validate trusted domains e.g., docs.python.org, modelcontextprotocol.io, this could have enabled attackers to register domains like...

Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains

Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith function to validate trusted domains e.g., docs.python.org, modelcontextprotocol.io, this could have enabled attackers to register domains like...

CVE-2025-59837

Astro is a web framework that includes an image proxy. In versions 5.13.4 and later before 5.13.10, the image proxy domain validation can be bypassed by using backslashes in the href parameter, allowing server-side requests to arbitrary URLs. This can lead to server-side request forgery SSRF and...

EUVD-2025-36542

Astro is a web framework that includes an image proxy. In versions 5.13.4 and later before 5.13.10, the image proxy domain validation can be bypassed by using backslashes in the href parameter, allowing server-side requests to arbitrary URLs. This can lead to server-side request forgery SSRF and...

GHSA-QCPR-679Q-RHM2 Astro's bypass of image proxy domain validation leads to SSRF and potential XSS

Summary This is a patch bypass of CVE-2025-58179 in commit 9ecf359. The fix blocks http://, https:// and //, but can be bypassed using backslashes \ - the endpoint still issues a server-side fetch. PoC...

CVE-2025-46408

An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.PushHttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOWALLHOSTNAMEVERIFIER, bypassing domain validation...

CVE-2025-46408

An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.PushHttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOWALLHOSTNAMEVERIFIER, bypassing domain validation...

CVE-2025-46408

CVE-2025-46408 affects AVTECH EagleEyes 2.0.0. The vulnerability arises in AVTECH’s code paths push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.Push_HttpService.getNewHttpClient, where the code calls ALLOW_ALL_HOSTNAME_VERIFIER, bypassing hostname/domain validation during ...

CVE-2025-46408

An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.PushHttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOWALLHOSTNAMEVERIFIER, bypassing domain validation...