1272 matches found
CVE-2025-66490
CVE-2025-66490 affects Traefik, where versions prior to 2.11.32 and 2.11.31–3.6.2 could bypass path normalization when using PathPrefix, Path, or PathRegex matchers. Under path-based routing, requests containing URL-encoded restricted characters (/, , Null, ;, ?, #) may bypass the middleware chai...
CVE-2025-66490 Traefik doesn't Prevent Path Normalization Bypass in Router + Middleware Rules
Traefik is an HTTP reverse proxy and load balancer. For versions prior to 2.11.32 and 2.11.31 through 3.6.2, requests using PathPrefix, Path or PathRegex matchers can bypass path normalization. When Traefik uses path-based routing, requests containing URL-encoded restricted characters /, , Null,...
EUVD-2025-201731
Traefik is an HTTP reverse proxy and load balancer. For versions prior to 2.11.32 and 2.11.31 through 3.6.2, requests using PathPrefix, Path or PathRegex matchers can bypass path normalization. When Traefik uses path-based routing, requests containing URL-encoded restricted characters /, , Null,...
CVE-2025-66490
Traefik is an HTTP reverse proxy and load balancer. For versions prior to 2.11.32 and 2.11.31 through 3.6.2, requests using PathPrefix, Path or PathRegex matchers can bypass path normalization. When Traefik uses path-based routing, requests containing URL-encoded restricted characters /, , Null,...
CVE-2025-66490 Traefik doesn't Prevent Path Normalization Bypass in Router + Middleware Rules
Traefik is an HTTP reverse proxy and load balancer. For versions prior to 2.11.32 and 2.11.31 through 3.6.2, requests using PathPrefix, Path or PathRegex matchers can bypass path normalization. When Traefik uses path-based routing, requests containing URL-encoded restricted characters /, , Null,...
CVE-2025-66490 Traefik doesn't Prevent Path Normalization Bypass in Router + Middleware Rules
Traefik is an HTTP reverse proxy and load balancer. For versions prior to 2.11.32 and 2.11.31 through 3.6.2, requests using PathPrefix, Path or PathRegex matchers can bypass path normalization. When Traefik uses path-based routing, requests containing URL-encoded restricted characters /, , Null,...
PT-2025-49684
Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.32 and 2.11.31 through 3.6.2 Description Traefik is an HTTP reverse proxy and load balancer. Requests using PathPrefix, Path, or PathRegex matchers can bypass path normalization. When Traefik uses path-based...
Traefik 安全漏洞
Traefik is an open source reverse proxy and load balancing tool from Traefik Open Source. A security vulnerability exists in Traefik versions 2.11.31 through 3.6.2, which stems from a path normalization bypass that could result in requests bypassing security controls...
Xmlseclibs 安全漏洞
Xmlseclibs is a library written in PHP that handles XML encryption and signing. A security vulnerability exists in Xmlseclibs version 3.1.3, which stems from a flaw in the libxml2 normalization process that could lead to authentication bypass...
Ruby SAML 数据伪造问题漏洞
Ruby SAML is a SAML-Toolkits open source implementation of a SAML authorization client. Ruby SAML 1.12.4 and prior versions suffer from a Data Forgery Issue vulnerability that stems from a flaw in the libxml2 normalization process that could lead to authentication bypass...
Hesperus Is Phosphorus: Mapping Threat Actor Naming Taxonomies at Scale
This paper studies the problem of Threat Actor TA naming convention inconsistency across leading Cyber Threat Intelligence CTI vendors. The current decentralized and proprietary nomenclature creates confusion and significant obstacles for researchers, including difficulties in integrating and...
CVE-2025-12414
An attacker could take over a Looker account in a Looker instance configured with OIDC authentication, due to email address string normalization.Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for Looker-hosted. Self-hosted instances must be upgrad...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
MAL-2025-190874 Malicious code in @posthog/currency-normalization-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9c408cabd7de49cf79956eda3f74bde72c000069ac4d356f6a410f02cfa155f The package @posthog/currency-normalization-plugin was found to contain malicious code. Source: google-open-source-security...
EUVD-2025-198951
Malicious code in @posthog/currency-normalization-plugin npm...
Malicious code in @posthog/currency-normalization-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9c408cabd7de49cf79956eda3f74bde72c000069ac4d356f6a410f02cfa155f The package @posthog/currency-normalization-plugin was found to contain malicious code. Source: google-open-source-security...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
EUVD-2025-198285
An attacker could take over a Looker account in a Looker instance configured with OIDC authentication, due to email address string normalization.Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for Looker-hosted. Self-hosted instances must be upgrad...
CVE-2025-12414
An attacker could take over a Looker account in a Looker instance configured with OIDC authentication, due to email address string normalization.Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for Looker-hosted. Self-hosted instances must be upgrad...
CVE-2025-12414 Looker account compromise via punycode homograph attack
An attacker could take over a Looker account in a Looker instance configured with OIDC authentication, due to email address string normalization.Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for Looker-hosted. Self-hosted instances must be upgrad...