Lucene search
K

211 matches found

OSV
OSV
added 2026/04/16 11:45 p.m.2 views

BIT-OAUTH2-PROXY-2026-34457 OAuth2 Proxy: Health Check User-Agent Matching Bypasses Authentication in auth_request Mode

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions prior to 7.15.2 contain a configuration-dependent authentication bypass in deployments where OAuth2 Proxy is used with an authrequest-style integration such as nginx authrequest and either...

9.1CVSS5.8AI score0.00475EPSS
Exploits0References3
NVD
NVD
added 2026/04/14 11:16 p.m.3 views

CVE-2026-34457

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions prior to 7.15.2 contain a configuration-dependent authentication bypass in deployments where OAuth2 Proxy is used with an authrequest-style integration such as nginx authrequest and either...

9.1CVSS0.00475EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 10:31 p.m.10 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the isHealthCheckRequest function in pkg/middleware/healthcheck.go. An attacker can reach protected endpoints by sending a request with a configured health-check User-Agent, causing the middleware to treat the...

9.3CVSS5.7AI score0.00475EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 10:31 p.m.6 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the isHealthCheckRequest function in pkg/middleware/healthcheck.go. An attacker can reach protected endpoints by sending a request with a configured health-check User-Agent, causing the middleware to treat the...

9.3CVSS5.7AI score0.00475EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/14 10:31 p.m.5 views

EUVD-2026-22761

OAuth2 Proxy's Health Check User-Agent Matching Bypasses Authentication in authrequest Mode...

9.1CVSS5.8AI score0.00475EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/14 10:31 p.m.14 views

OAuth2 Proxy's Health Check User-Agent Matching Bypasses Authentication in auth_request Mode

Impact A configuration-dependent authentication bypass exists in OAuth2 Proxy. Deployments are affected when all of the following are true: - OAuth2 Proxy is used with an authrequest-style integration for example, nginx authrequest - --ping-user-agent is set or --gcp-healthchecks is enabled In...

9.1CVSS5.9AI score0.00475EPSS
Exploits0References4Affected Software2
Vulnrichment
Vulnrichment
added 2026/04/14 10:14 p.m.2 views

CVE-2026-34457 OAuth2 Proxy: Health Check User-Agent Matching Bypasses Authentication in auth_request Mode

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions prior to 7.15.2 contain a configuration-dependent authentication bypass in deployments where OAuth2 Proxy is used with an authrequest-style integration such as nginx authrequest and either...

9.1CVSS5.8AI score0.00475EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/14 10:14 p.m.3 views

CVE-2026-34457

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions prior to 7.15.2 contain a configuration-dependent authentication bypass in deployments where OAuth2 Proxy is used with an authrequest-style integration such as nginx authrequest and either...

9.1CVSS5.8AI score0.00475EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/14 10:14 p.m.18 views

CVE-2026-34457

CVE-2026-34457 affects OAuth2 Proxy prior to 7.15.2. In deployments using an auth_request-style integration (e.g., nginx auth_request) with either --ping-user-agent or --gcp-healthchecks enabled, any request bearing the configured health-check User-Agent is treated as authenticated, bypassing log...

9.1CVSS5.8AI score0.00475EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/14 10:14 p.m.19 views

CVE-2026-34457 OAuth2 Proxy: Health Check User-Agent Matching Bypasses Authentication in auth_request Mode

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions prior to 7.15.2 contain a configuration-dependent authentication bypass in deployments where OAuth2 Proxy is used with an authrequest-style integration such as nginx authrequest and either...

9.1CVSS0.00475EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.4 views

PT-2026-32955

Name of the Vulnerable Software and Affected Versions OAuth2 Proxy versions prior to 7.15.2 Description A configuration-dependent authentication bypass exists in deployments using auth request-style integration, such as nginx auth request. The issue occurs when either the --ping-user-agent variab...

9.1CVSS5.8AI score0.00475EPSS
Exploits0References15
OSV
OSV
added 2026/04/10 8:59 p.m.3 views

GHSA-75HX-XJ24-MQRW n8n-mcp has unauthenticated session termination and information disclosure in HTTP transport

Summary Several HTTP transport endpoints in n8n-mcp lacked proper authentication, and the health check endpoint exposed sensitive operational metadata without credentials. Impact An unauthenticated attacker with network access to the n8n-mcp HTTP server could disrupt active MCP sessions and gathe...

8.2CVSS5.7AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/10 8:59 p.m.6 views

n8n-mcp has unauthenticated session termination and information disclosure in HTTP transport

Summary Several HTTP transport endpoints in n8n-mcp lacked proper authentication, and the health check endpoint exposed sensitive operational metadata without credentials. Impact An unauthenticated attacker with network access to the n8n-mcp HTTP server could disrupt active MCP sessions and gathe...

5.7AI score
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/08 7:21 p.m.4 views

GHSA-F292-66H9-FPMF PraisonAI Has Unauthenticated SSE Event Stream that Exposes All Agent Activity in A2U Server

The A2U Agent-to-User event stream server in PraisonAI exposes all agent activity without authentication. This is a separate component from the gateway server fixed in CVE-2026-34952. The createa2uroutes function registers the following endpoints with NO authentication checks: - GET /a2u/info —...

7.5CVSS5.8AI score0.00425EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/04 6:13 a.m.4 views

Allocation of Resources Without Limits or Throttling

Overview directus is a Directus is a real-time API and App dashboard for managing SQL database content. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the health check resolver process. An attacker can exhaust system resources, leading...

8.7CVSS6AI score
Exploits0References2
OSV
OSV
added 2026/04/04 6:13 a.m.2 views

GHSA-6Q22-G298-GRJH Directus: Unauthenticated Denial of Service via GraphQL Alias Amplification of Expensive Health Check Resolver

Summary The GraphQL specification permits a single query to repeat the same field multiple times using aliases, with each alias resolved independently by default. Directus did not deduplicate resolver invocations within a single request, meaning each alias triggered a full, independent execution ...

7.5CVSS6AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/04 6:13 a.m.12 views

Directus: Unauthenticated Denial of Service via GraphQL Alias Amplification of Expensive Health Check Resolver

Summary The GraphQL specification permits a single query to repeat the same field multiple times using aliases, with each alias resolved independently by default. Directus did not deduplicate resolver invocations within a single request, meaning each alias triggered a full, independent execution ...

6AI score
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/02 4:56 p.m.5 views

CVE-2026-4989

Improper input validation in the gateway health check feature in Devolutions Server allows a low-privileged authenticated user to perform server-side request forgery SSRF, potentially leading to information disclosure, via a crafted API request. This issue affects Server: from 2026.1.1 through...

4.3CVSS5.9AI score0.00162EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/01 6:36 p.m.4 views

EUVD-2026-17929

Improper input validation in the gateway health check feature in Devolutions Server allows a low-privileged authenticated user to perform server-side request forgery SSRF, potentially leading to information disclosure, via a crafted API request. This issue affects Server: from 2026.1.1 through...

4.3CVSS5.9AI score0.00162EPSS
Exploits0References2
NVD
NVD
added 2026/04/01 4:23 p.m.5 views

CVE-2026-4989

Improper input validation in the gateway health check feature in Devolutions Server allows a low-privileged authenticated user to perform server-side request forgery SSRF, potentially leading to information disclosure, via a crafted API request. This issue affects Server: from 2026.1.1 through...

4.3CVSS0.00162EPSS
Exploits0References1
Rows per page
Query Builder