174 matches found
Emby Server - Authentication Bypass
Emby Server is a user-installable home media server which stores and organizes a user's media files of virtually any format and makes them available for viewing at home and abroad on a broad range of client devices. This vulnerability may allow administrative access to an Emby Server system,...
CVE-2026-25119 Gogs: Authentication Bypass via Unvalidated Reverse Proxy Headers
Gogs is an open source self-hosted Git service. Prior to 0.14.3, when ENABLEREVERSEPROXYAUTHENTICATION is enabled, Gogs accepts the configured authentication header default: X-WEBAUTH-USER directly from client requests without validating that the request originated from a trusted reverse proxy. A...
CVE-2026-25119
Gogs vulnerability CVE-2026-25119: When ENABLE_REVERSE_PROXY_AUTHENTICATION is enabled, Gogs accepts the header (default X-WEBAUTH-USER) from client requests without validating the request came through a trusted reverse proxy, allowing an attacker to impersonate any user or auto-register. Affecte...
Astra Linux – Vulnerability in Puma
Puma is a Ruby/Rack web server designed for parallelism. In affected versions, clients could manipulate values set by intermediate proxies such as X-Forwarded-For by providing a version of the header with an underscore . Any users who rely on proxy-defined headers are affected. Versions...
PT-2026-49036
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.18 Description An identity header validation issue allows local same-host callers to forge trusted-proxy identity headers. Attackers with access to the proxy-facing Gateway port can supply these forged headers...
SUSE SLES15 Security Update : python312 (SUSE-SU-2026:2055-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2055-1 advisory. This update for python312 fixes the following issues - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF...
TencentOS Server 3: python3.12 (TSSA-2026:0389)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0389 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
SUSE-SU-2026:2055-1 Security update for python312
This update for python312 fixes the following issues - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969. - CVE-2026-4786: Incomplete mitigation of %action expansion for command injection to webbrowser.open bsc1262319. - CVE-2026-6019: BaseCookie.jsoutput does not...
Astra Linux - уязвимость в golang-1.19, golang-1.23
Proxy-Authorization and Proxy-Authenticate headers remain after cross-origin redirections, potentially exposing sensitive information...
SUSE SLES12 Security Update : python3 (SUSE-SU-2026:1937-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1937-1 advisory. This update for python3 fixes the following issue: - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969. -...
SUSE SLES15 Security Update : python310 (SUSE-SU-2026:1947-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1947-1 advisory. This update for python310 fixes the following issues Security issues: - CVE-2026-1502: HTTP client proxy tunnel headers not validat...
ALSA-2026:19176 Important: python3.14 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Important: python3.12 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Security update for python310
This update for python310 fixes the following issues Security issues: CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969. CVE-2026-3446: base64 decoding stops at first padded quad by default bsc1261970. CVE-2026-4786: incomplete mitigation of , %action expansion fo...
SUSE-SU-2026:1947-1 Security update for python310
This update for python310 fixes the following issues Security issues: - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969. - CVE-2026-3446: base64 decoding stops at first padded quad by default bsc1261970. - CVE-2026-4786: incomplete mitigation of , %action...
Security update for python3
This update for python3 fixes the following issue: CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969. CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed bsc1261970. CVE-2026-4786: URLs prefixe...
SUSE-SU-2026:1937-1 Security update for python3
This update for python3 fixes the following issue: - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969. - CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed bsc1261970. - CVE-2026-4786: URLs...
CVE-2026-44437
Summary: CVE-2026-44437 affects Angular SSR before fixed versions 19.2.25, 20.3.25, 21.2.9, and 22.0.0-next.7. The vulnerability lies in the X-Forwarded-Prefix header processing: the internal validation does not properly account for URL-encoded characters (notably dots like %2e%2e), enabling enco...
SUSE-SU-2026:1818-1 Security update for python39
This update for python39 fixes the following issues: Security issues fixed: - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969. - CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed bsc1261970...
Security update for python3
This update for python3 fixes the following issues: CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives bsc1259611. CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969...