13 matches found
CVE-2026-48020
Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.48, 3.6.19, and 3.7.3, there is a high severity vulnerability in Traefik's StripPrefix middleware that allows an unauthenticated attacker to bypass route-level authentication and authorization. When a public router matches on a...
CVE-2026-48020
Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.48, 3.6.19, and 3.7.3, there is a high severity vulnerability in Traefik's StripPrefix middleware that allows an unauthenticated attacker to bypass route-level authentication and authorization. When a public router matches on a...
CVE-2026-48020
Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.48, 3.6.19, and 3.7.3, there is a high severity vulnerability in Traefik's StripPrefix middleware that allows an unauthenticated attacker to bypass route-level authentication and authorization. When a public router matches on a...
Traefik has a StripPrefix Route-Level Auth Bypass via Path Normalization
Summary There is a high severity vulnerability in Traefik's StripPrefix middleware that allows an unauthenticated attacker to bypass route-level authentication and authorization. When a public router matches on a PathPrefix rule and applies the StripPrefix middleware, a request path containing...
GHSA-XF64-8MW2-4GR2 Traefik has a StripPrefix Route-Level Auth Bypass via Path Normalization
Summary There is a high severity vulnerability in Traefik's StripPrefix middleware that allows an unauthenticated attacker to bypass route-level authentication and authorization. When a public router matches on a PathPrefix rule and applies the StripPrefix middleware, a request path containing...
PT-2026-48684
Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.48 Traefik versions prior to 3.6.19 Traefik versions prior to 3.7.3 Description An unauthenticated attacker can bypass route-level authentication and authorization in Traefik when PathPrefix-based public routes a...
Path Normalization Bypass in Traefik Router + Middleware Rules
Impact There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path; if the request path contains an encoded restricted character from the followin...
EUVD-2025-16447
Malicious code in bioql PyPI...
CVE-2025-32431
Traefik pronounced traffic is an HTTP reverse proxy and load balancer. In versions prior to 2.11.24, 3.3.6, and 3.4.0-rc2. There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backe...
CVE-2025-32431
Traefik pronounced traffic is an HTTP reverse proxy and load balancer. In versions prior to 2.11.24, 3.3.6, and 3.4.0-rc2. There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backe...
CVE-2025-32431 Traefik has a possible vulnerability with the path matchers
Traefik pronounced traffic is an HTTP reverse proxy and load balancer. In versions prior to 2.11.24, 3.3.6, and 3.4.0-rc2. There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backe...
webERP 4.08.1 - LocalRemote File Inclusion
webERP 4.08.1 - LocalRemote File Inclusion :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ posdubatgmail.com 2012-06-27 webERP = 4.08.1 Local/Remote File Inclusion Vulnerability Script:...
PT-2007-5319 · Php · Phpwebfilemanager
Name of the Vulnerable Software and Affected Versions: phpWebFileManager version 0.5 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the PN PathPrefix parameter in the index.php file. However, this issue is disputed by a reliable third party, who...