Lucene search
K

91 matches found

ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-54764

Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's ForwardAuth middleware, even when configured with trustForwardHeader: false, derives the X-Forwarded-Port header sent to the authentication service from the original incoming request instead of t...

6.9CVSS6AI score
Exploits0References4Affected Software1
CVE
CVE
added yesterday14 views

CVE-2026-54764

Summary of CVE-2026-54764 : Traefik’s ForwardAuth middleware can leak spoofed port information due to incorrect header handling when trustForwardHeader is false. Before fixes, the middleware derived X-Forwarded-Port from the original incoming request rather than the sanitized forwarded request, a...

6.9CVSS6AI score
Exploits0References3
Snyk
Snyk
added 4 days ago5 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the handling of the forwarded-proto header when generating public URLs. An attacker can cause the application to generate spoofed canonical URLs by injecting or manipulating the forwarded-proto header value...

7.5CVSS6AI score0.00166EPSS
Exploits0References2
CVE
CVE
added 4 days ago7 views

CVE-2026-27779

Gitea up to version 1.25.4 is affected by a vulnerability in forwarded-proto handling when generating public URLs, allowing spoofed canonical URLs via malformed or injected forwarded-proto values. The issue is documented across multiple sources (NVD/NVD CVE entry and Snyk). Affected area: the Git...

7.5CVSS5.9AI score0.00166EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Tomcat9

When using RemoteIpFilter with requests received from a reverse proxy via HTTP that includes the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71, and 8.5.0 to 8.5.85 did not include the secure...

4.3CVSS6.8AI score0.01831EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.10 views

CVE-2026-40594

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev98, the setsessioncookiesecure beforerequest handler in src/pyload/webui/app/init.py reads the X-Forwarded-Proto header from any HTTP request without validating that the request originates from a trusted prox...

4.8CVSS5.5AI score0.00171EPSS
Exploits1References1
NVD
NVD
added 2026/04/21 6:16 p.m.8 views

CVE-2026-40594

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev98, the setsessioncookiesecure beforerequest handler in src/pyload/webui/app/init.py reads the X-Forwarded-Proto header from any HTTP request without validating that the request originates from a trusted prox...

4.8CVSS0.00171EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/21 5:14 p.m.30 views

CVE-2026-40594 pyLoad: Session Cookie Security Downgrade via Untrusted X-Forwarded-Proto Header Spoofing (Global State Race Condition)

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev98, the setsessioncookiesecure beforerequest handler in src/pyload/webui/app/init.py reads the X-Forwarded-Proto header from any HTTP request without validating that the request originates from a trusted prox...

4.8CVSS0.00171EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/21 5:14 p.m.5 views

CVE-2026-40594 pyLoad: Session Cookie Security Downgrade via Untrusted X-Forwarded-Proto Header Spoofing (Global State Race Condition)

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev98, the setsessioncookiesecure beforerequest handler in src/pyload/webui/app/init.py reads the X-Forwarded-Proto header from any HTTP request without validating that the request originates from a trusted prox...

4.8CVSS5.8AI score0.00171EPSS
Exploits1References1
CVE
CVE
added 2026/04/21 5:14 p.m.26 views

CVE-2026-40594

CVE-2026-40594 affects pyLoad: the set_session_cookie_secure before_request in pyload/webui/app/init .py reads X-Forwarded-Proto without origin validation and mutates the global Flask SESSION_COOKIE_SECURE on every request. With Cheroot’s multi-threaded server (request_queue_size=512), this creat...

4.8CVSS5.8AI score0.00171EPSS
Exploits1References1Affected Software1
Snyk
Snyk
added 2026/04/16 1:20 a.m.4 views

Origin Validation Error

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Origin Validation Error via the setsessioncookiesecure function. An attacker can cause session cookies to be issued without the Secure flag or disrupt user...

6.3CVSS5.4AI score0.00171EPSS
Exploits1References2
OSV
OSV
added 2026/04/16 1:20 a.m.6 views

GHSA-MP82-FMJ6-F22V pyLoad has a Session Cookie Security Downgrade via Untrusted X-Forwarded-Proto Header Spoofing (Global State Race Condition)

Summary The setsessioncookiesecure beforerequest handler in src/pyload/webui/app/init.py reads the X-Forwarded-Proto header from any HTTP request without validating that the request originates from a trusted proxy, then mutates the global Flask configuration SESSIONCOOKIESECURE on every request...

4.8CVSS5.8AI score0.00171EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/03/28 12:25 a.m.4 views

SUSE CVE-2026-33495

ORY Oathkeeper is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Ory Oathkeeper is often deployed behind other components like CDNs, WAFs, or reverse proxies. Depending on the setup, another component might forward the...

6.5CVSS5.9AI score0.00233EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.11 views

CVE-2026-33495

ORY Oathkeeper is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Ory Oathkeeper is often deployed behind other components like CDNs, WAFs, or reverse proxies. Depending on the setup, another component might forward the...

6.5CVSS5.9AI score0.00233EPSS
Exploits0References1
NVD
NVD
added 2026/03/26 6:16 p.m.6 views

CVE-2026-33495

ORY Oathkeeper is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Ory Oathkeeper is often deployed behind other components like CDNs, WAFs, or reverse proxies. Depending on the setup, another component might forward the...

6.5CVSS0.00233EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/26 5:26 p.m.5 views

CVE-2026-33495

ORY Oathkeeper is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Ory Oathkeeper is often deployed behind other components like CDNs, WAFs, or reverse proxies. Depending on the setup, another component might forward the...

6.5CVSS5.8AI score0.00233EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/26 5:26 p.m.24 views

CVE-2026-33495 Ory Oathkeeper has an authentication bypass by usage of untrusted header

ORY Oathkeeper is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Ory Oathkeeper is often deployed behind other components like CDNs, WAFs, or reverse proxies. Depending on the setup, another component might forward the...

6.5CVSS0.00233EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.7 views

Ory Oathkeeper 安全漏洞

Ory Oathkeeper is an access control decision-making software developed by Ory OpenSource. Versions of Ory Oathkeeper prior to 26.2.0 contained security vulnerabilities. These vulnerabilities stemmed from incorrect configuration settings, where the header X-Forwarded-Proto was trusted indefinitely...

6.5CVSS6.4AI score0.00233EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/25 7:32 p.m.5 views

fastify: request.protocol and request.host Spoofable via X-Forwarded-Proto/Host from Untrusted Connections

Summary When trustProxy is configured with a restrictive trust function e.g., a specific IP like trustProxy: '10.0.0.1', a subnet, a hop count, or a custom function, the request.protocol and request.host getters read X-Forwarded-Proto and X-Forwarded-Host headers from any connection — including...

6.1CVSS5.8AI score0.0012EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/23 5:10 p.m.4 views

CVE-2026-3635

A flaw was found in fastify. When the trustProxy option is configured with a restrictive trust function, such as a specific IP, a subnet, a hop count or a custom function, the request.protocol and request.host getters read X-Forwarded-Proto and X-Forwarded-Host headers from any connection,...

6.1CVSS5.6AI score0.0012EPSS
Exploits0References5
Rows per page
Query Builder