CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8218 matches found

Snyk•added 2026/05/04 7:26 p.m.•6 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the errors middleware process. An attacker can obtain sensitive authentication headers, such as Authorization and Cookie, by triggering a backend response that matches the configured...

6.9CVSS5.8AI score0.00445EPSS

Exploits1References2

Snyk•added 2026/05/04 7:26 p.m.•6 views

Insertion of Sensitive Information Into Sent Data

6.9CVSS5.8AI score0.00445EPSS

Exploits1References2

RedhatCVE•added 2026/05/04 10:13 a.m.•4 views

CVE-2026-41174

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. When the Kubernetes Custom Resource Definition CRD provider's allowCrossNamespace setting is false, Traefik incorrectly processes nested middleware references. An attacker with permissions to create or update Traefik CRDs in...

6.4CVSS5.5AI score0.00254EPSS

Exploits1References8

GithubExploit•added 2026/05/04 1:17 a.m.•69 views

Exploit for Authentication Bypass Using an Alternate Path or Channel in Frangoteam Fuxa

CVE-2025-69985: Exploit para Autenticación Bypass a RCE en FUX...

9.8CVSS5.8AI score0.05633EPSS

Exploits7

Positive Technologies•added 2026/05/04 12:0 a.m.•6 views

PT-2026-37111

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.44 Traefik versions prior to 3.6.15 Traefik versions prior to 3.7.0-rc.3 Description An information disclosure issue exists in the errors custom error pages middleware. When a backend returns a response matching...

6.9CVSS5.8AI score0.00445EPSS

Exploits1References10

Positive Technologies•added 2026/05/04 12:0 a.m.•7 views

PT-2026-37205

Name of the Vulnerable Software and Affected Versions AzuraCast versions prior to 0.23.6 Description The ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header without a trusted proxy allowlist. An unauthenticated attacker can exploit this by injecting...

8.8CVSS5.8AI score0.00476EPSS

Exploits1References10

Cvelist•added 2026/04/30 8:39 p.m.•33 views

CVE-2026-41263 Traefik: BasicAuth middleware: timing side-channel vulnerability

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a timing side-channel vulnerability in Traefik's BasicAuth middleware that allows an attacker to enumerate valid usernames through response-time differences. The variable intended to ho...

6.3CVSS0.00369EPSS

Exploits0References4

Cvelist•added 2026/04/30 8:20 p.m.•26 views

CVE-2026-41174 Traefik Kubernetes CRD allows unauthorized cross-namespace middleware binding

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCrossNamespace=false, Traefik correctly rejects...

4.8CVSS0.00254EPSS

Exploits1References5

ATTACKERKB•added 2026/04/30 8:20 p.m.•2 views

CVE-2026-41174

4.8CVSS5.2AI score0.00254EPSS

Exploits1References6Affected Software1

CVE•added 2026/04/30 8:20 p.m.•48 views

CVE-2026-41174

Summary: CVE-2026-41174 affects Traefik’s Kubernetes CRD provider where cross-namespace isolation is breached for nested Chain middlewares, allowing an actor with CRD permissions in their own namespace to cause Traefik to apply middleware from another namespace. The issue occurs when providers.ku...

6.4CVSS5.2AI score0.00254EPSS

Exploits1References5Affected Software1

Vulnrichment•added 2026/04/30 8:20 p.m.•3 views

CVE-2026-41174 Traefik Kubernetes CRD allows unauthorized cross-namespace middleware binding

4.8CVSS5.7AI score0.00254EPSS

Exploits1References5

AlpineLinux•added 2026/04/30 8:20 p.m.•3 views

CVE-2026-41174

6.4CVSS5.7AI score0.00254EPSS

Exploits1References5

EUVD•added 2026/04/30 8:20 p.m.•6 views

EUVD-2026-26432

4.8CVSS5.2AI score0.00254EPSS

Exploits1References5

RedhatCVE•added 2026/04/30 1:18 p.m.•8 views

CVE-2026-7381

A flaw was found in Plack::Middleware::XSendfile. A remote attacker can exploit this vulnerability by manipulating HTTP headers, specifically X-Sendfile-Type and X-Accel-Mapping, when the application is deployed behind an nginx reverse proxy. This client-controlled path rewriting could allow the...

9.1CVSS5.7AI score0.00442EPSS

Exploits0References2

Tenable Nessus•added 2026/04/30 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-7381

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation...

9.1CVSS5.9AI score0.00442EPSS

Exploits0References3

CNNVD•added 2026/04/30 12:0 a.m.•10 views

Traefik 安全漏洞

Traefik is an open-source reverse proxy and load balancing tool developed by Traefik. Vulnerabilities exist in versions prior to Traefik 2.11.43, 3.6.14, and 3.7.0-rc.2. These vulnerabilities stem from incomplete isolation of Kubernetes CRD-provided programs across namespaces, and lack restrictio...

6.4CVSS5.8AI score0.00254EPSS

Exploits1References1

OSV•added 2026/04/29 11:16 p.m.•6 views

DEBIAN-CVE-2026-7381

Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting sendfile type to be set by the client via the X-Sendfile-Type header, if it is not considered in the middleware constructor or the...

9.1CVSS5.6AI score0.00442EPSS

Exploits0References1