Lucene search
K

30 matches found

NVD
NVD
added 21 hours ago3 views

CVE-2026-55430

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the workspace app proxy resolves the target app from httpapi.RequestHost which prefers the X-Forwarded-Host header over the real Host header. No middleware...

6.8CVSS
Exploits0References6
Veracode
Veracode
added 2026/06/17 9:46 a.m.8 views

IP Address Spoofing

Spring Cloud Gateway is vulnerable to IP Address Spoofing. The vulnerability is due to improper trust of X-Forwarded-For and Forwarded headers from untrusted proxies, allowing attackers to supply forged client IP information that may be used by downstream applications for security decisions,...

8.6CVSS5.2AI score0.00139EPSS
Exploits0References2Affected Software2
EUVD
EUVD
added 2026/06/15 9:30 p.m.7 views

EUVD-2026-37000

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers. Affected versions: Spring Cloud Gateway 3.1.x fix 3.1.13. Spring Cloud Gateway 4.1.x fix 4.1.13. Spri...

8.6CVSS5.2AI score0.00139EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/15 7:34 p.m.28 views

CVE-2026-47825 Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies in certain situations

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers. Affected versions: Spring Cloud Gateway 3.1.x fix 3.1.13. Spring Cloud Gateway 4.1.x fix 4.1.13. Spri...

8.6CVSS0.00139EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 7:34 p.m.69 views

CVE-2026-47825

The CVE affects Spring Cloud Gateway Server components (WebMVC and WebFlux gateways) where headers from untrusted proxies (X-Forwarded-For, Forwarded) are forwarded in certain configurations. Root cause: forwarded-header handling without a trusted-proxy basis allows forged headers to reach downst...

8.6CVSS5.2AI score0.00139EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.31 views

PT-2026-49468

Name of the Vulnerable Software and Affected Versions Spring Cloud Gateway versions prior to 3.1.13 Spring Cloud Gateway versions prior to 4.1.13 Spring Cloud Gateway versions prior to 4.2.9 Spring Cloud Gateway versions prior to 4.3.5 Spring Cloud Gateway versions prior to 5.0.2 Description Spri...

8.6CVSS5.8AI score0.00139EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/11 12:0 a.m.6 views

Use of Less Trusted Source

Overview Affected versions of this package are vulnerable to Use of Less Trusted Source. Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded request headers it receives from untrusted proxies to downstream services. Both the WebFlux and WebMVC Gateway Servers process these...

8.6CVSS5.4AI score0.00139EPSS
Exploits0References2
Spring Security Advisories
Spring Security Advisories
added 2026/06/11 12:0 a.m.7 views

CVE-2026-47825: Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies in certain situations

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers...

8.6CVSS5.2AI score0.00139EPSS
Exploits0References1Affected Software1
PyPA
PyPA
added 2026/04/21 6:16 p.m.11 views

PYSEC-2026-125

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev98, the setsessioncookiesecure beforerequest handler in src/pyload/webui/app/init.py reads the X-Forwarded-Proto header from any HTTP request without validating that the request originates from a trusted prox...

4.8CVSS5.8AI score0.00171EPSS
Exploits1References1Affected Software1
Snyk
Snyk
added 2026/03/30 7:20 a.m.2 views

Cleartext Transmission of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information in the process of establishing HTTPS tunnels through a configured HTTP proxy. An attacker can intercept sensitive session cookies by performing a man-in-the-middle attack or by controlling...

8.2CVSS5.8AI score0.00254EPSS
Exploits1References2
CVE
CVE
added 2025/12/09 1:37 a.m.16 views

CVE-2025-66508

1Panel (GitHub/Governance: 1Panel) contains a vulnerability where Gin’s default proxy trust config (TrustedProxies = 0.0.0.0/0) causes X-Forwarded-For headers to be trusted, letting attackers bypass IP-based access controls (AllowIPs, API whitelists, localhost checks) by sending X-Forwarded-For: ...

6.5CVSS6.4AI score0.00196EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/10/06 8:18 p.m.7 views

GHSA-HM36-FFRH-C77C Litestar X-Forwarded-For Header Spoofing Vulnerability Enables Rate Limit Evasion

While testing Litestar's RateLimitMiddleware, I discovered that rate limits can be completely bypassed by manipulating the X-Forwarded-For header. This renders IP-based rate limiting ineffective against determined attackers. The Problem Litestar's RateLimitMiddleware uses cachekeyfromrequest to...

7.5CVSS6.6AI score0.00452EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-16457

Malicious code in bioql PyPI...

8.6CVSS8.3AI score0.00276EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/27 2:48 a.m.10 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-cloud-starter-gateway-4.1.7.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-cloud-starter-gateway-4.1.7.jar Vulnerability Details CVEID:CVE-2025-41235 DESCRIPTION: Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies. CWE:CWE-444: Inconsisten...

8.6CVSS6.7AI score0.00276EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2025/06/03 4:51 a.m.7 views

Spoofing Attack

org.springframework.cloud, spring-cloud-gateway-server is vulnerable to Spoofing Attack. The vulnerability is due to insufficient validation of X-Forwarded-For and Forwarded headers from untrusted proxies, allowing attackers to spoof client IP addresses...

8.6CVSS6.6AI score0.00276EPSS
Exploits0References3Affected Software2
RedhatCVE
RedhatCVE
added 2025/06/01 6:35 a.m.8 views

CVE-2025-41235

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies...

8.6CVSS6.9AI score0.00276EPSS
Exploits0References1
Snyk
Snyk
added 2025/05/30 6:43 a.m.4 views

Unintended Proxy or Intermediary ('Confused Deputy')

Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' due to the improper validation of X-Forwarded-For and Forwarded headers forwarded from untrusted proxies. An attacker can manipulate the server's behavior by sending crafted headers fro...

8.6CVSS6.9AI score0.00276EPSS
Exploits0References2
OSV
OSV
added 2025/05/30 6:30 a.m.7 views

GHSA-6J2Q-C73V-97C5 Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies...

8.6CVSS7.2AI score0.00276EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/05/30 6:30 a.m.15 views

Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies...

8.6CVSS7.1AI score0.00276EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2025/05/30 6:15 a.m.26 views

CVE-2025-41235

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies...

8.6CVSS0.00276EPSS
Exploits0References1
Rows per page
Query Builder