Lucene search
K

1017 matches found

Nuclei
Nuclei
added 10 hours ago79 views

Traefik - Open Redirect

Traefik before 1.7.26, 2.2.8, and 2.3.0-rc3 contains an open redirect vulnerability in the X-Forwarded-Prefix header. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2020-15129 info: name:...

6.1CVSS6.2AI score0.08011EPSS
Exploits0References5
Chainguard
Chainguard
added 4 days ago6 views

GHSA-XCGV-8MV7-V8C7 vulnerabilities

Vulnerabilities for packages: istio-fips, dataplaneapi-fips, azuredisk-csi, gitlab-rails-ce, docker-cli-buildx-fips, glab, reports-server, apm-server-fips, chainloop-cli-fips, argo-cd-fips, vexctl, cilium-cli, terraform, kube-conformance, timestamp-authority, k8s-device-plugin,...

6.1AI score
Exploits0
NVD
NVD
added last week5 views

CVE-2026-54765

Traefik is an open source HTTP reverse proxy and load balancer. From v3.7.0 prior to v3.7.6, Traefik's Kubernetes Gateway API provider may resolve two accepted HTTPRoutes that target the same backend Service:port but configure different backendRef filters to the same child service and apply only...

8.5CVSS0.00346EPSS
Exploits0References4
NVD
NVD
added last week8 views

CVE-2026-54764

Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's ForwardAuth middleware, even when configured with trustForwardHeader: false, derives the X-Forwarded-Port header sent to the authentication service from the original incoming request instead of t...

6.9CVSS0.0029EPSS
Exploits0References3
NVD
NVD
added last week7 views

CVE-2026-54763

Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's BasicAuth, DigestAuth, and ForwardAuth middlewares strip canonical-cased spoofed identity headers before writing Traefik's own value, but do not account for underscore-variant header names, which...

10CVSS0.00256EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added last week4 views

CVE-2026-54763

Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's BasicAuth, DigestAuth, and ForwardAuth middlewares strip canonical-cased spoofed identity headers before writing Traefik's own value, but do not account for underscore-variant header names, which...

7.8CVSS6AI score0.00256EPSS
Exploits0References4Affected Software1
CVE
CVE
added last week36 views

CVE-2026-54763

Traefik (HTTP reverse proxy/load balancer) before versions v2.11.51, v3.6.22, and v3.7.6 allows underscore-variant identity spoofing via BasicAuth, DigestAuth, and ForwardAuth middlewares. These middlewares strip canonical header names but don’t account for underscore-variant headers, letting an ...

10CVSS6AI score0.00256EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added last week38 views

CVE-2026-54763 Traefik: headerField underscore-variant identity spoofing in BasicAuth / DigestAuth / ForwardAuth

Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's BasicAuth, DigestAuth, and ForwardAuth middlewares strip canonical-cased spoofed identity headers before writing Traefik's own value, but do not account for underscore-variant header names, which...

7.8CVSS0.00256EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added last week6 views

CVE-2026-54763

Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's BasicAuth, DigestAuth, and ForwardAuth middlewares strip canonical-cased spoofed identity headers before writing Traefik's own value, but do not account for underscore-variant header names, which...

10CVSS6AI score0.00256EPSS
Exploits0References3
Cvelist
Cvelist
added last week34 views

CVE-2026-54765 Traefik: Gateway HTTPRoute backendRef filters can leak backend context across routes sharing a Service:port

Traefik is an open source HTTP reverse proxy and load balancer. From v3.7.0 prior to v3.7.6, Traefik's Kubernetes Gateway API provider may resolve two accepted HTTPRoutes that target the same backend Service:port but configure different backendRef filters to the same child service and apply only...

6.3CVSS0.00346EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added last week4 views

CVE-2026-54765

Traefik is an open source HTTP reverse proxy and load balancer. From v3.7.0 prior to v3.7.6, Traefik's Kubernetes Gateway API provider may resolve two accepted HTTPRoutes that target the same backend Service:port but configure different backendRef filters to the same child service and apply only...

6.3CVSS5.9AI score0.00346EPSS
Exploits0References5Affected Software1
CVE
CVE
added last week23 views

CVE-2026-54765

CVE-2026-54765 affects Traefik v3.7.0 through v3.7.5, fixed in v3.7.6. In the Kubernetes Gateway API provider, two accepted HTTPRoutes targeting the same backend Service:port can have different backendRef filters, with only one route’s filter set applied to all requests. This can allow a route’s ...

8.5CVSS5.9AI score0.00346EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-54764

Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's ForwardAuth middleware, even when configured with trustForwardHeader: false, derives the X-Forwarded-Port header sent to the authentication service from the original incoming request instead of t...

6.9CVSS6AI score0.0029EPSS
Exploits0References4Affected Software1
CVE
CVE
added last week20 views

CVE-2026-54764

Summary of CVE-2026-54764 : Traefik’s ForwardAuth middleware can leak spoofed port information due to incorrect header handling when trustForwardHeader is false. Before fixes, the middleware derived X-Forwarded-Port from the original incoming request rather than the sanitized forwarded request, a...

6.9CVSS6AI score0.0029EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added last week47 views

CVE-2026-54764 ForwardAuth middleware leaks X-Forwarded-Port spoofing via untrusted X-Forwarded-Proto when trustForwardHeader=false

Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's ForwardAuth middleware, even when configured with trustForwardHeader: false, derives the X-Forwarded-Port header sent to the authentication service from the original incoming request instead of t...

6.9CVSS0.0029EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.16 views

PT-2026-56012

Name of the Vulnerable Software and Affected Versions Traefik versions 3.7.0 through 3.7.5 Description Traefik's Kubernetes Gateway API provider may incorrectly resolve two accepted HTTPRoutes that target the same backend Service:port but use different backendRef filters for the same child servic...

8.5CVSS5.9AI score0.00346EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.8 views

PT-2026-55998

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.51 Traefik versions prior to 3.6.22 Traefik versions prior to 3.7.6 Description The ForwardAuth middleware in this HTTP reverse proxy and load balancer incorrectly derives the X-Forwarded-Port header sent to the...

6.9CVSS6AI score0.0029EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-56011

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.51 Traefik versions prior to 3.6.22 Traefik versions prior to 3.7.6 Description Traefik's BasicAuth, DigestAuth, and ForwardAuth middlewares fail to account for underscore-variant header names when stripping...

10CVSS5.9AI score0.00256EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2026/07/06 12:0 a.m.5 views

FreeBSD : traefik -- Multiple vulnerabilities (803b9816-77af-11f1-ba71-5404a68ad561)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 803b9816-77af-11f1-ba71-5404a68ad561 advisory. The traefik project releases a new version addressing multiple CVEs: Tenable has extracted the...

10CVSS6AI score0.00346EPSS
Exploits0References5
Chainguard
Chainguard
added 2026/07/02 2:17 p.m.13 views

GHSA-3G6V-2R68-PRFC vulnerabilities

Vulnerabilities for packages: traefik-fips, traefik...

6.1AI score
Exploits0
Rows per page
Query Builder