Lucene search
K

77 matches found

OSV
OSV
added 2026/06/25 6:43 p.m.4 views

GO-2026-5199 HashiCorp Vault May Expose Tokens to Auth Plugins Due to Incorrect Header Sanitization in github.com/hashicorp/vault

HashiCorp Vault May Expose Tokens to Auth Plugins Due to Incorrect Header Sanitization in github.com/hashicorp/vault...

8.8CVSS5.8AI score0.00406EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/23 7:53 p.m.8 views

CVE-2026-9073 Foreman-mcp-server: mcp server: insecure sensitive http header sanitization

A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and authentication data. One mechanism logs session identifiers, which are treated as authentication credentials, at an informational level. The other, when debug...

6.2CVSS5.8AI score0.00152EPSS
Exploits0References3
OSV
OSV
added 2026/06/18 5:22 p.m.8 views

GHSA-GFJ5-979R-92PW @acastellon/auth: Authentication bypass via spoofable headers in validateToken()

@acastellon/auth v2.2.0 appears to allow an unauthenticated authentication bypass in validateToken through spoofable auth-user and Host request headers. The validateToken middleware contains a service-to-service bypass for auth-user: service-brother when req.get'host'.startsWithgetHostName. Both...

9.3CVSS5.5AI score0.00543EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/18 5:22 p.m.18 views

@acastellon/auth: Authentication bypass via spoofable headers in validateToken()

@acastellon/auth v2.2.0 appears to allow an unauthenticated authentication bypass in validateToken through spoofable auth-user and Host request headers. The validateToken middleware contains a service-to-service bypass for auth-user: service-brother when req.get'host'.startsWithgetHostName. Both...

8.7CVSS5.5AI score0.00543EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/18 2:24 p.m.8 views

GHSA-4JGR-PG2M-M988 Heimdall: Forwarded Header Injection via Unsanitized Host Header in Proxy Mode

Summary When Heimdall operates in proxy mode, it constructs the Forwarded HTTP header after executing the matched rule pipeline by inserting the incoming request's Host header value directly into the header string without sanitizing commas or semicolons. This allows an attacker to inject addition...

7CVSS5.4AI score
Exploits0References2
GitLab Advisory Database
GitLab Advisory Database
added 2026/06/18 12:0 a.m.40 views

@acastellon/auth: Authentication bypass via spoofable headers in validateToken()

@acastellon/auth v2.2.0 appears to allow an unauthenticated authentication bypass in validateToken through spoofable auth-user and Host request headers. The validateToken middleware contains a service-to-service bypass for auth-user: service-brother when req.get'host'.startsWithgetHostName. Both...

8.7CVSS5.5AI score0.00543EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/05/07 12:11 a.m.20 views

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection in the newInitialMessage function of HttpProxyHandler when header validation is explicitly disabled and user-influenced outboundHeaders are added without sanitization. An attacker can inject arbitrary HTTP headers into...

7.5CVSS6.9AI score0.00952EPSS
Exploits2References2
Github Security Blog
Github Security Blog
added 2026/05/06 11:42 p.m.13 views

Angular SSR has Open Redirect and Request Steering via Encoded X-Forwarded-Prefix

Description A vulnerability exists in the X-Forwarded-Prefix header processing logic within Angular SSR. The internal validation mechanism fails to properly account for URL-encoded characters, specifically dots %2e%2e. This allows an attacker to bypass security filters by injecting encoded path...

6.9CVSS5.8AI score0.00203EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/04/30 8:26 p.m.9 views

EUVD-2026-26427

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's ForwardAuth and snippet-based authentication middleware. Traefik's forwarded-header sanitization logic targets only...

7.8CVSS5.3AI score0.00479EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/30 8:26 p.m.51 views

CVE-2026-39858 Traefik: Forwarded alias spoofing top pre-auth decision bypass

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's ForwardAuth and snippet-based authentication middleware. Traefik's forwarded-header sanitization logic targets only...

7.8CVSS0.00479EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.5 views

PT-2026-36178

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.43 Traefik versions prior to 3.6.14 Traefik versions prior to 3.7.0-rc.2 Description An authentication bypass exists in the ForwardAuth and snippet-based authentication middleware. The forwarded-header sanitizati...

10CVSS5.8AI score0.00479EPSS
Exploits1References28
Github Security Blog
Github Security Blog
added 2026/04/17 6:31 a.m.8 views

HashiCorp Vault May Expose Tokens to Auth Plugins Due to Incorrect Header Sanitization

If a Vault auth mount is configured to pass through the "Authorization" header, and the "Authorization" header is used to authenticate to Vault, Vault forwarded the Vault token to the auth plugin backend. Fixed in 2.0.0, 1.21.5, 1.20.10, and 1.19.16...

8.8CVSS5.7AI score0.00406EPSS
Exploits0References3Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2026/04/17 2:58 a.m.7 views

Vault May Expose Tokens to Auth Plugins Due to Incorrect Header Sanitization

Summary If a Vault auth mount is configured to pass through the “Authorization” header, and the “Authorization” header is used to authenticate to Vault, Vault forwarded the Vault token to the auth plugin backend. This issue, CVE-2026-4525, is fixed in Vault Community Edition 2.0.0 and Vault...

8.8CVSS7AI score0.00406EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/27 5:9 p.m.5 views

CVE-2026-33397

The Angular SSR is a server-rise rendering tool for Angular applications. Versions on the 22.x branch prior to 22.0.0-next.2, the 21.x branch prior to 21.2.3, and the 20.x branch prior to 20.3.21 have an Open Redirect vulnerability in @angular/ssr due to an incomplete fix for CVE-2026-27738. Whil...

6.9CVSS5.9AI score0.00302EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/26 1:46 p.m.27 views

CVE-2026-33397 Angular SSR Vulnerable to Protocol-Relative URL Injection via Single Backslash Bypass

The Angular SSR is a server-rise rendering tool for Angular applications. Versions on the 22.x branch prior to 22.0.0-next.2, the 21.x branch prior to 21.2.3, and the 20.x branch prior to 20.3.21 have an Open Redirect vulnerability in @angular/ssr due to an incomplete fix for CVE-2026-27738. Whil...

6.9CVSS0.00255EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/04 9:31 a.m.6 views

EUVD-2026-9379

SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers...

8.2CVSS5.9AI score0.00217EPSS
Exploits0References2
OSV
OSV
added 2026/03/04 9:15 a.m.5 views

CVE-2026-27443

SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers...

7.5CVSS5.8AI score0.00217EPSS
Exploits0References1
CVE
CVE
added 2026/03/04 8:45 a.m.21 views

CVE-2026-27443

CVE-2026-27443 affects SEPPmail Secure Email Gateway prior to version 15.0.1. The issue is that headers from S/MIME protected MIME entities are not properly sanitized, enabling an attacker to control trusted headers. According to the connected CVE record, the vulnerability is exploitable over net...

8.2CVSS5.9AI score0.00217EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/04 8:45 a.m.34 views

CVE-2026-27443 S/MIME Decryption Tag Sanitization Bypass

SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers...

8.2CVSS0.00217EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/04 8:45 a.m.5 views

CVE-2026-27443 S/MIME Decryption Tag Sanitization Bypass

SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers...

8.2CVSS5.9AI score0.00217EPSS
Exploits0References1
Rows per page
Query Builder