Lucene search
K

4 matches found

Snyk
Snyk
added 2026/04/22 12:8 a.m.3 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the X-Forwarded-Uri header when the --reverse-proxy setting is enabled and either --skip-auth-regex or --skip-auth-route is configured. An attacker can gain unauthorized access to protected routes by spoofing the...

9.1CVSS5.4AI score0.00477EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 12:8 a.m.3 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the X-Forwarded-Uri header when the --reverse-proxy setting is enabled and either --skip-auth-regex or --skip-auth-route is configured. An attacker can gain unauthorized access to protected routes by spoofing the...

9.1CVSS5.4AI score0.00477EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/21 11:20 p.m.4 views

CVE-2026-40575 OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a client-supplied X-Forwarded-Uri header when --reverse-proxy is enabled and --skip-auth-regex or --skip-auth-route is configured. An attacker can spoof this header so OAut...

9.1CVSS5.8AI score0.00477EPSS
Exploits0References1
NVD
NVD
added 2025/12/27 9:15 a.m.4 views

CVE-2025-15105

A security flaw has been discovered in getmaxun maxun up to 0.0.28. Impacted is an unknown function of the file /getmaxun/maxun/blob/develop/server/src/routes/auth.ts. Performing manipulation of the argument apikey results in use of hard-coded cryptographic key . Remote exploitation of the attack...

6.3CVSS0.00458EPSS
Exploits1References4
Rows per page
Query Builder