CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

RedhatCVE•added 2026/06/05 7:26 p.m.•9 views

CVE-2026-40910

frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser...

9.1CVSS5.5AI score0.00269EPSS

Exploits1References1

GithubExploit•added 2026/05/24 8:48 a.m.•94 views

Exploit for OS Command Injection in Arcane

CVE-2026-23520: Model Context Protocol MCP Connect RCE - Edu...

9CVSS5.7AI score0.01643EPSS

Exploits6

CVE•added 2026/04/21 8:9 p.m.•27 views

CVE-2026-40910

Summary : frp versions 0.43.0–0.68.0 contain an authentication bypass in the HTTP vhost routing path when using routeByHTTPUser for access control. The routing logic derives the route from the Proxy-Authorization username, while access control checks credentials from the standard Authorization he...

9.1CVSS5.8AI score0.00269EPSS

Exploits1References1Affected Software1

Positive Technologies•added 2026/04/14 12:0 a.m.•9 views

PT-2026-34174

Name of the Vulnerable Software and Affected Versions frp versions 0.43.0 through 0.68.0 Description An authentication bypass exists in the HTTP vhost routing path when routeByHTTPUser is utilized for access control. In proxy-style requests, the routing logic selects the routeByHTTPUser backend...

9.1CVSS5.9AI score0.00269EPSS

Exploits1References6

RedhatCVE•added 2025/05/23 6:1 a.m.•6 views

CVE-2023-28346

An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for a remote attacker to communicate with the private API endpoints exposed at /login, /consoleSettings, /console, etc. despite Virtual Host Routing being used to block this access. Remote attackers can interact wit...

7.3CVSS6.9AI score0.00884EPSS

Exploits1References1