212 matches found
PT-2026-56507
Name of the Vulnerable Software and Affected Versions Hono versions 4.3.3 through 4.12.26 Description The AWS API Gateway v1 adapter incorrectly de-duplicates repeated request header values by using a substring comparison instead of an exact match. This behavior can lead to the loss of distinct...
Security Bulletin: Security vulnerabilities have been found in IBM Application Gateway
Summary Security vulnerabilities have been addressed in IBM Application Gateway Vulnerability Details CVEID:CVE-2026-40355 DESCRIPTION: In MIT Kerberos 5 aka krb5 before 1.22.3, there is a NULL pointer dereference if an application calls gssacceptseccontext on a system with a NegoEx mechanism...
CVE-2026-11815
An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken security expectations or remote code execution...
EUVD-2026-35992
An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken security expectations or remote code execution...
CVE-2026-33814 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-5
CVE-2026-33814 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-5. A patched version of the package is available...
CVE-2026-42502 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4
CVE-2026-42502 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...
CVE-2026-25680 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4
CVE-2026-25680 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...
CVE-2026-39821 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4
CVE-2026-39821 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...
CVE-2026-27136 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4
CVE-2026-27136 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...
CVE-2026-42506 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4
CVE-2026-42506 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...
CVE-2026-25681 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4
CVE-2026-25681 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...
CVE-2026-6266
A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider IDP identity to an existing AAP user account based on email matching without verifying email ownership. This allows a remote attacker to potentially hijack a...
CVE-2026-6266 Aap-controller: aap-gateway: account hijacking and unauthorized access via unverified email linking
A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider IDP identity to an existing AAP user account based on email matching without verifying email ownership. This allows a remote attacker to potentially hijack a...
EUVD-2026-25576
Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the...
CVE-2026-33034 Potential denial-of-service vulnerability in ASGI requests via memory upload limit bypass
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could bypass the DATAUPLOADMAXMEMORYSIZE limit when reading HttpRequest.body, allowing remote attackers to load an unbounded request body into...
CVE-2025-47911 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-3
CVE-2025-47911 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-3. A patched version of the package is available...
CVE-2025-58190 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-3
CVE-2025-58190 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-3. A patched version of the package is available...
CVE-2025-30204 affecting package application-gateway-kubernetes-ingress for versions less than 1.4.0-27
CVE-2025-30204 affecting package application-gateway-kubernetes-ingress for versions less than 1.4.0-27. A patched version of the package is available...
CVE-2025-47911 affecting package application-gateway-kubernetes-ingress for versions less than 1.4.0-27
CVE-2025-47911 affecting package application-gateway-kubernetes-ingress for versions less than 1.4.0-27. A patched version of the package is available...
AZL-76856 CVE-2025-58190 affecting package application-gateway-kubernetes-ingress 1.7.7-2
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...