Lucene search
K

17 matches found

RedhatCVE
RedhatCVE
added 2026/06/24 7:25 a.m.6 views

CVE-2026-48491

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This vulnerability allows an unauthenticated client to bypass mutual Transport Layer Security TLS enforcement, a security measure that verifies both client and server identities. The bypass occurs due to an issue in Traefik's...

10CVSS5.8AI score0.00245EPSS
Exploits1References5
NVD
NVD
added 2026/06/23 8:16 p.m.6 views

CVE-2026-53622

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.7.3, there is a critical vulnerability in Traefik's HTTP/3 QUIC TLS configuration selection that allows unauthenticated clients to bypass router-specific mTLS enforcement. When HTTP/3 is enabled on an entrypoint, the TLS handshake...

10CVSS0.0024EPSS
Exploits1References5
NVD
NVD
added 2026/06/23 8:16 p.m.7 views

CVE-2026-48491

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerability in Traefik's domain-fronting protection SNICheck that allows an unauthenticated client to bypass mutual TLS enforced through wildcard router TLSOptions. When a router uses a wildcard...

10CVSS0.00245EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/06/23 7:13 p.m.14 views

CVE-2026-53622 Traefik: HTTP/3 mTLS bypass via exact SNI TLSOptions lookup for wildcard and mixed-case hosts

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.7.3, there is a critical vulnerability in Traefik's HTTP/3 QUIC TLS configuration selection that allows unauthenticated clients to bypass router-specific mTLS enforcement. When HTTP/3 is enabled on an entrypoint, the TLS handshake...

7.8CVSS5.9AI score0.0024EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 7:13 p.m.34 views

CVE-2026-53622

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.7.3, there is a critical vulnerability in Traefik's HTTP/3 QUIC TLS configuration selection that allows unauthenticated clients to bypass router-specific mTLS enforcement. When HTTP/3 is enabled on an entrypoint, the TLS handshake...

7.8CVSS5.9AI score0.0024EPSS
Exploits1References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/23 7:13 p.m.6 views

CVE-2026-53622

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.7.3, there is a critical vulnerability in Traefik's HTTP/3 QUIC TLS configuration selection that allows unauthenticated clients to bypass router-specific mTLS enforcement. When HTTP/3 is enabled on an entrypoint, the TLS handshake...

10CVSS5.8AI score0.0024EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2026/06/23 7:12 p.m.5 views

CVE-2026-48491

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerability in Traefik's domain-fronting protection SNICheck that allows an unauthenticated client to bypass mutual TLS enforced through wildcard router TLSOptions. When a router uses a wildcard...

10CVSS5.8AI score0.00245EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/06/23 7:12 p.m.6 views

CVE-2026-48491

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerability in Traefik's domain-fronting protection SNICheck that allows an unauthenticated client to bypass mutual TLS enforced through wildcard router TLSOptions. When a router uses a wildcard...

7.8CVSS5.9AI score0.00245EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/06/18 6:37 p.m.20 views

CVE-2026-47847

Bitnami MariaDB Galera container images and Helm chart are affected by a hardcoded default credential vulnerability in the Galera replication health-check user. The MARIADBREPLICATIONUSER and MARIADBREPLICATIONPASSWORD environment variables defaulted to monitor and monitor respectively. This user...

5.3CVSS0.00187EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/16 7:2 p.m.75 views

Traefik: SNICheck ignores wildcard TLSOptions mappings, allowing domain-fronted mTLS bypass

Summary There is a high severity vulnerability in Traefik's domain-fronting protection SNICheck that allows an unauthenticated client to bypass mutual TLS enforced through wildcard router TLSOptions. When a router uses a wildcard host rule such as Host.example.com with stricter TLS options for...

10CVSS5.1AI score0.00245EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.22 views

PT-2026-50163

Name of the Vulnerable Software and Affected Versions Traefik versions 3.6.17 through 3.7.1 Description An issue in the HTTP/3 QUIC TLS configuration selection allows unauthenticated clients to bypass router-specific mutual TLS mTLS enforcement. When HTTP/3 is enabled, the TLS handshake uses an...

10CVSS5.3AI score0.0024EPSS
Exploits1References11
Cvelist
Cvelist
added 2026/03/05 9:59 p.m.28 views

CVE-2026-28395 OpenClaw 2026.1.14-1 < 2026.2.12 - Unintended Public Binding of Chrome Extension Relay via Wildcard cdpUrl

OpenClaw version 2026.1.14-1 prior to 2026.2.12 contains an improper network binding vulnerability in the Chrome extension must be installed and enabled relay server that treats wildcard hosts as loopback addresses, allowing the relay HTTP/WS server to bind to all interfaces when a wildcard cdpUr...

6.5CVSS0.00396EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.6 views

PT-2026-23524

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.1.14-1 through 2026.2.11 Description The software contains an improper network binding issue in the Chrome extension relay server. The server incorrectly handles wildcard hosts, treating them as loopback addresses. This...

9.1CVSS5.8AI score0.00396EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2023/02/15 4:12 a.m.6 views

SUSE CVE-2019-11737

If a wildcard '' is specified for the host in Content Security Policy CSP directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly applied to content. This vulnerability affects Firefox 69...

5.3CVSS8.4AI score0.00546EPSS
Exploits0References5
OSV
OSV
added 2019/09/27 6:15 p.m.3 views

CVE-2019-11737

If a wildcard '' is specified for the host in Content Security Policy CSP directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly applied to content. This vulnerability affects Firefox 69...

5.3CVSS6.7AI score
Exploits0References2
OSV
OSV
added 2018/02/14 2:29 p.m.3 views

DEBIAN-CVE-2018-1287

In Apache JMeter 2.X and 3.X, when using Distributed Test only RMI based, jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code...

9.8CVSS6.9AI score0.03416EPSS
Exploits0References1
OSV
OSV
added 2018/02/14 2:29 p.m.4 views

UBUNTU-CVE-2018-1287

In Apache JMeter 2.X and 3.X, when using Distributed Test only RMI based, jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code...

9.8CVSS7.3AI score0.03416EPSS
Exploits0References4
Rows per page
Query Builder