736 matches found
EUVD-2026-10799
Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, the Envoy RBAC Role-Based Access Control filter contains a logic vulnerability in how it validates HTTP headers when multiple values are present for the same header name. Instead of validating eac...
Envoy has RBAC Header Validation Bypass via Multi-Value Header Concatenation
Summary The Envoy RBAC Role-Based Access Control filter contains a logic vulnerability in how it validates HTTP headers when multiple values are present for the same header name. Instead of validating each header value individually, Envoy concatenates all values into a single comma-separated...
EUVD-2026-10798
Envoy has RBAC Header Validation Bypass via Multi-Value Header Concatenation...
EUVD-2026-10341
Actual Sync Server has an Authenticated Path Traversal...
Directory Traversal
Overview @actual-app/sync-server is an actual syncing server Affected versions of this package are vulnerable to Directory Traversal in the POST /sync/upload-user-file endpoint due to improper validation of the x-actual-file-id header. An attacker can write files outside the intended directory by...
IBM Aspera Orchestrator 安全漏洞
IBM Aspera Orchestrator is a web-based application developed by IBM. It provides efficient file processing pipelines for data-driven businesses. Versions 3.0.0 to 4.1.2 of IBM Aspera Orchestrator have security vulnerabilities. These vulnerabilities stem from improper input validation of the HOST...
PT-2026-24377
Name of the Vulnerable Software and Affected Versions Envoy versions prior to 1.37.1 Envoy versions prior to 1.36.5 Envoy versions prior to 1.35.8 Envoy versions prior to 1.34.13 Description Envoy is a high-performance edge/middle/service proxy. The Envoy RBAC Role-Based Access Control filter has...
CVE-2026-3089
Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. In versions prior to 26.3.0, improper validation of the user-controlled x-actual-file-id header means that traversal segments ../ can escape the intended directory and write files outside...
CVE-2026-3089 Actual Sync Server 26.2.1 - Authenticated Path Traversal
Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. In versions prior to 26.3.0, improper validation of the user-controlled x-actual-file-id header means that traversal segments ../ can escape the intended directory and write files outside...
CVE-2026-3089
CVE-2026-3089 : The Actual Sync Server is vulnerable to a path-traversal via the authenticated file-upload path POST /sync/upload-user-file. In versions prior to 26.3.0, improper validation of the user-controlled x-actual-file-id header allows traversal segments (../) to escape the intended direc...
CVE-2026-3089
Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. In versions prior to 26.3.0, improper validation of the user-controlled x-actual-file-id header means that traversal segments ../ can escape the intended directory and write files outside...
CVE-2026-3089 Actual Sync Server 26.2.1 - Authenticated Path Traversal
Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. In versions prior to 26.3.0, improper validation of the user-controlled x-actual-file-id header means that traversal segments ../ can escape the intended directory and write files outside...
actual 安全漏洞
actual is a personal finance tool developed by Actual. Versions prior to 26.3.0 of actual contained security vulnerabilities. These vulnerabilities stemmed from improper validation of the x-actual-file-id header, which was controlled by users. This could lead to directory traversal and arbitrary...
PT-2026-27245
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.7 Description OpenClaw’s fetchWithSsrFGuard... function improperly validates headers during cross-origin redirects, allowing custom authorization headers like X-Api-Key and Private-Token to be forwarded to a...
CVE-2026-29613
OpenClaw versions prior to 2026.2.12 contain a vulnerability in the BlueBubbles optional plugin webhook handler in which it authenticates requests based solely on loopback remoteAddress without validating forwarding headers, allowing bypass of configured webhook passwords. When the gateway operat...
undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF
A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without...
undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF
A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without...
Denial Of Service (DoS)
github.com/hashicorp/consul is vulnerable to Denial Of Service DoS. The vulnerability is due to incorrect Content Length header validation, where an attacker can exploit this vulnerability to cause a denial of service...
CVE-2026-27824
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, the calibre Content Server's brute-force protection mechanism uses a ban key derived from both remoteaddr and the X-Forwarded-For header. Since the X-Forwarded-For header i...
EUVD-2026-9057
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, the calibre Content Server's brute-force protection mechanism uses a ban key derived from both remoteaddr and the X-Forwarded-For header. Since the X-Forwarded-For header i...