5 matches found
CVE-2026-12566
The CVE describes a vulnerability in the docker_pull module where the realm parameter from a Docker registry’s WWW-Authenticate header is used as the authentication endpoint without validation. This enables a man-in-the-middle between bb ot and a Docker registry to alter the header and redirect t...
CVE-2026-32695
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 3.6.11 and 3.7.0-ea.2, Traefik's Knative provider builds router rules by interpolating user-controlled values into backtick-delimited rule expressions without escaping. In live cluster validation, Knative rules.hosts was...
PT-2025-40795
Name of the Vulnerable Software and Affected Versions Zytec Dalian Zhuoyun Technology Central Authentication Service version 3 Description A security issue exists in Zytec Dalian Zhuoyun Technology Central Authentication Service version 3 related to the HTTP Header Handler component. The issue...
xdg-utils: improper parse of mailto URIs allows bypass of Thunderbird security mechanism for attachments
When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attac...
EC-CUBE 安全漏洞
Ec-cube is an open source e-commerce system from the Japanese company Ec-cube. A security vulnerability exists in EC-CUBE due to the application improperly handling HTTP Host header values. A remote attacker could exploit this vulnerability to send an email with a forged redistribution password U...