CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

181 matches found

CVE-2026-54665 Apache NiFi: Missing Validation for Proxy Host Headers

Apache NiFi 0.0.1 through 2.9.0 support building qualified URLs from one of several HTTP request headers that provide an alternative to the standard Host header without validating the values provided. Apache NiFi 1.6.0 introduced a configurable application property to restrict values provided in...

6.3CVSS

Exploits0References1

Cvelist•added 2026/06/15 7:34 p.m.•25 views

CVE-2026-47825 Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies in certain situations

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers. Affected versions: Spring Cloud Gateway 3.1.x fix 3.1.13. Spring Cloud Gateway 4.1.x fix 4.1.13. Spri...

8.6CVSS0.00186EPSS

Exploits0References1

Snyk•added 2026/06/11 12:0 a.m.•3 views

Use of Less Trusted Source

Overview Affected versions of this package are vulnerable to Use of Less Trusted Source. Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded request headers it receives from untrusted proxies to downstream services. Both the WebFlux and WebMVC Gateway Servers process these...

8.6CVSS5.4AI score0.00186EPSS

Exploits0References2

Snyk•added 2026/06/11 12:0 a.m.•5 views

Use of Less Trusted Source

8.6CVSS5.4AI score0.00186EPSS

Exploits0References2

Veracode•added 2026/05/14 5:21 p.m.•10 views

Authentication Bypass

github.com/traefik/traefik is vulnerable to an authentication bypass. The vulnerability is due to improper sanitization of forwarded header alias variants using underscores instead of dashes, which allows an attacker to inject spoofed trusted headers and bypass authentication on protected routes...

10CVSS5.8AI score0.00515EPSS

Exploits1References5Affected Software1

Github Security Blog•added 2026/05/14 1:18 p.m.•12 views

Fleet: IP spoofing allows bypassing API rate limiting

Summary A vulnerability in Fleet's IP extraction logic allows unauthenticated attackers to bypass API rate limiting by spoofing client IP headers. This may allow brute-force login attempts or other abuse against Fleet instances exposed to the public internet. Impact Fleet extracted client IP...

7.5CVSS5.8AI score0.00276EPSS

Exploits0References4Affected Software1

AstraLinux•added 2026/05/03 11:59 p.m.•6 views

Astra Linux – Vulnerability in Apache2

Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded- headers to the origin server based on the client-side Connection header hop-by-hop mechanism. This could be used to bypass IP-based authentication on the origin server/application...

9.8CVSS8AI score0.0314EPSS

Exploits1References2

Snyk•added 2026/04/24 4:32 p.m.•3 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the ServeHTTP function, which does not sufficiently sanitize X- alias headers. An attacker can gain unauthenticated access to protected endpoints by injecting spoofed trust context with...

10CVSS5.5AI score0.00515EPSS

Exploits1References2

Snyk•added 2026/04/24 4:32 p.m.•4 views

Missing Authentication for Critical Function

10CVSS5.5AI score0.00515EPSS

Exploits1References2

Snyk•added 2026/04/24 4:32 p.m.•2 views

Missing Authentication for Critical Function

10CVSS5.5AI score0.00515EPSS

Exploits1References2

Veracode•added 2026/04/08 3:42 p.m.•4 views

Improper Input Validation

OAuth2-Proxy is vulnerable to improper input validation. The vulnerability is due to inconsistent normalization of underscores and dashes in X-Forwarded- headers, which allows an attacker to inject crafted header variants to bypass proxy filtering and potentially escalate privileges in upstream...

8.5CVSS5.8AI score0.00611EPSS

Exploits0References7Affected Software2

SUSE CVE•added 2026/03/28 12:25 a.m.•3 views

SUSE CVE-2026-33495

ORY Oathkeeper is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Ory Oathkeeper is often deployed behind other components like CDNs, WAFs, or reverse proxies. Depending on the setup, another component might forward the...

6.5CVSS5.9AI score0.00233EPSS

Exploits0References3

RedhatCVE•added 2026/03/27 10:51 p.m.•8 views

CVE-2026-33495

6.5CVSS5.9AI score0.00233EPSS

Exploits0References1

Vulnrichment•added 2026/03/26 8:42 p.m.•1 views

CVE-2026-33621 PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.7.7 through v0.8.4 contain incomplete request-throttling protections for auth-checkable endpoints. In v0.7.7 through v0.8.3, a fully implemented RateLimitMiddleware existed in...

4.8CVSS5.8AI score0.00308EPSS

Exploits1References3

Cvelist•added 2026/03/26 8:42 p.m.•24 views

CVE-2026-33621 PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token

4.8CVSS0.00308EPSS

Exploits1References3

ATTACKERKB•added 2026/03/26 5:26 p.m.•2 views

CVE-2026-33495

6.5CVSS5.8AI score0.00233EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/03/26 5:26 p.m.•1 views

CVE-2026-33495 Ory Oathkeeper has an authentication bypass by usage of untrusted header

6.5CVSS5.8AI score0.00233EPSS

Exploits0References2

CVE•added 2026/03/26 5:26 p.m.•11 views

CVE-2026-33495

CVE-2026-33495 affects ORY Oathkeeper. Prior to version 26.2.0, Oathkeeper could incorrectly trust the X-Forwarded-* headers when evaluating access rules, due to the serve.proxy.trust_forwarded_headers setting being ignored. This could allow an attacker with distinct HTTP/HTTPS rules to trigger t...

6.5CVSS5.8AI score0.00233EPSS

Exploits0References2Affected Software1