70 matches found
CRLF Injection
Overview Affected versions of this package are vulnerable to CRLF Injection in the newInitialMessage function of HttpProxyHandler when header validation is explicitly disabled and user-influenced outboundHeaders are added without sanitization. An attacker can inject arbitrary HTTP headers into...
Angular SSR has Open Redirect and Request Steering via Encoded X-Forwarded-Prefix
Description A vulnerability exists in the X-Forwarded-Prefix header processing logic within Angular SSR. The internal validation mechanism fails to properly account for URL-encoded characters, specifically dots %2e%2e. This allows an attacker to bypass security filters by injecting encoded path...
CVE-2026-39858 Traefik: Forwarded alias spoofing top pre-auth decision bypass
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's ForwardAuth and snippet-based authentication middleware. Traefik's forwarded-header sanitization logic targets only...
EUVD-2026-26427
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's ForwardAuth and snippet-based authentication middleware. Traefik's forwarded-header sanitization logic targets only...
PT-2026-36178
Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.43 Traefik versions prior to 3.6.14 Traefik versions prior to 3.7.0-rc.2 Description An authentication bypass exists in the ForwardAuth and snippet-based authentication middleware. The forwarded-header sanitizati...
HashiCorp Vault May Expose Tokens to Auth Plugins Due to Incorrect Header Sanitization
If a Vault auth mount is configured to pass through the "Authorization" header, and the "Authorization" header is used to authenticate to Vault, Vault forwarded the Vault token to the auth plugin backend. Fixed in 2.0.0, 1.21.5, 1.20.10, and 1.19.16...
CVE-2026-33397
The Angular SSR is a server-rise rendering tool for Angular applications. Versions on the 22.x branch prior to 22.0.0-next.2, the 21.x branch prior to 21.2.3, and the 20.x branch prior to 20.3.21 have an Open Redirect vulnerability in @angular/ssr due to an incomplete fix for CVE-2026-27738. Whil...
CVE-2026-33397 Angular SSR Vulnerable to Protocol-Relative URL Injection via Single Backslash Bypass
The Angular SSR is a server-rise rendering tool for Angular applications. Versions on the 22.x branch prior to 22.0.0-next.2, the 21.x branch prior to 21.2.3, and the 20.x branch prior to 20.3.21 have an Open Redirect vulnerability in @angular/ssr due to an incomplete fix for CVE-2026-27738. Whil...
EUVD-2026-9379
SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers...
CVE-2026-27443
SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers...
CVE-2026-27443 S/MIME Decryption Tag Sanitization Bypass
SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers...
CVE-2026-27443
CVE-2026-27443 affects SEPPmail Secure Email Gateway prior to version 15.0.1. The issue is that headers from S/MIME protected MIME entities are not properly sanitized, enabling an attacker to control trusted headers. According to the connected CVE record, the vulnerability is exploitable over net...
CVE-2026-27443 S/MIME Decryption Tag Sanitization Bypass
SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers...
PT-2026-22889
SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers...
Open Redirect
Overview @angular/ssr is a the Angular server side rendering utilities. Affected versions of this package are vulnerable to Open Redirect via the internal URL processing logic when handling the X-Forwarded-Prefix header. An attacker can cause users to be redirected to arbitrary external domains b...
CVE-2026-27738 Angular SSR has an Open Redirect via X-Forwarded-Prefix
The Angular SSR is a server-rise rendering tool for Angular applications. An Open Redirect vulnerability exists in the internal URL processing logic in versions on the 19.x branch prior to 19.2.21, the 20.x branch prior to 20.3.17, and the 21.x branch prior to 21.1.5 and 21.2.0-rc.1. The logic...
CVE-2026-27738
CVE-2026-27738 describes an open redirect in Angular SSR’s internal URL processing. In affected Angular SSR versions on the 19.x branch prior to 19.2.21, 20.x prior to 20.3.17, and 21.x prior to 21.1.5 and 21.2.0-rc.1, the logic that normalizes URL segments by stripping a single leading slash can...
CVE-2026-27738 Angular SSR has an Open Redirect via X-Forwarded-Prefix
The Angular SSR is a server-rise rendering tool for Angular applications. An Open Redirect vulnerability exists in the internal URL processing logic in versions on the 19.x branch prior to 19.2.21, the 20.x branch prior to 20.3.17, and the 21.x branch prior to 21.1.5 and 21.2.0-rc.1. The logic...
CVE-2026-24489
Gakido is a Python HTTP client focused on browser impersonation and anti-bot evasion. A vulnerability was discovered in Gakido prior to version 0.1.1 that allowed HTTP header injection through CRLF Carriage Return Line Feed sequences in user-supplied header values and names. When making HTTP...
CVE-2026-24489
Gakido is a Python HTTP client vulnerable to HTTP header injection (CRLF/NULL) in versions prior to 0.1.1. The vulnerability arises from user-controlled header names/values not being sanitized, allowing an attacker to inject arbitrary headers into requests. The fix added in 0.1.1 provides a dedic...