Lucene search
K

13 matches found

OSV
OSV
added 2026/06/25 6:26 p.m.4 views

GO-2026-5128 Traefik Kubernetes Ingress NGINX provider fails open when auth-secret resolution fails in github.com/traefik/traefik

Traefik Kubernetes Ingress NGINX provider fails open when auth-secret resolution fails in github.com/traefik/traefik...

8.6CVSS5.8AI score0.0036EPSS
Exploits1References2
NVD
NVD
added 2026/06/23 8:16 p.m.7 views

CVE-2026-54762

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider that causes affected routes to fail open. When an Ingress explicitly enables BasicAuth or DigestAuth through the supported...

8.6CVSS0.0036EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/23 7:17 p.m.37 views

CVE-2026-54762 Traefik Kubernetes Ingress NGINX provider fails open when auth-secret resolution fails

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider that causes affected routes to fail open. When an Ingress explicitly enables BasicAuth or DigestAuth through the supported...

5.9CVSS0.0036EPSS
Exploits1References2
CVE
CVE
added 2026/06/23 7:17 p.m.13 views

CVE-2026-54762

Traefik’s Kubernetes Ingress NGINX provider (versions 3.7.0-ea.1 through 3.7.5) contains a medium-severity fail-open vulnerability: if an Ingress enables BasicAuth or DigestAuth but the referenced auth-secret cannot be resolved or parsed, Traefik logs an error, skips installing the authentication...

8.6CVSS5.9AI score0.0036EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/06/19 9:15 p.m.6 views

GHSA-4MR2-FG2P-W63C Traefik Kubernetes Ingress NGINX provider fails open when auth-secret resolution fails

Summary There is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider that causes affected routes to fail open. When an Ingress explicitly enables BasicAuth or DigestAuth through the supported nginx.ingress.kubernetes.io/auth-type and auth-secret annotations, but the...

5.9CVSS5.9AI score0.0036EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/31 12:31 p.m.6 views

Duplicate Advisory: OpenClaw has Bypass in Webhook Rate Limiting via Pre-Authentication Secret Validation

Duplicate Advisory This advisory has been withdrawn because CVE-2026-34508 has been rejected as a duplicate of CVE-2026-34505. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.12 applies rate limiting only after webhook authentication succeeds,...

5.8AI score0.00056EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/31 11:17 a.m.2 views

CVE-2026-34505 OpenClaw < 2026.3.12 - Webhook Rate Limiting Bypass via Pre-Authentication Secret Validation

OpenClaw before 2026.3.12 applies rate limiting only after successful webhook authentication, allowing attackers to bypass rate limits and brute-force webhook secrets. Attackers can submit repeated authentication requests with invalid secrets without triggering rate limit responses, enabling...

6.9CVSS5.9AI score0.00272EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-26161

Malicious code in bioql PyPI...

6.3CVSS4.8AI score0.00223EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/08/29 12:0 a.m.6 views

Coze Studio 安全漏洞

Coze Studio is an AI Agent visualization and development platform open-sourced by Coze Studio. A security vulnerability exists in Coze Studio 0.2.4 and earlier versions, which originates from the use of hard-coded encryption keys for the parameters AuthSecretKey/StateSecretKey/OAuthTokenSecretKey...

6.3CVSS4.8AI score0.00223EPSS
Exploits0References6
OSV
OSV
added 2025/07/08 11:15 a.m.10 views

CVE-2025-20982

Out-of-bounds write in setting auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory...

6.7CVSS5.8AI score0.00127EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/07/08 10:33 a.m.2 views

CVE-2025-20982

Out-of-bounds write in setting auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory...

6.7CVSS5.8AI score0.00127EPSS
Exploits0References2
Rapid7 Blog
Rapid7 Blog
added 2025/03/25 4:10 p.m.34 views

Multiple vulnerabilities in Ingress NGINX Controller for Kubernetes

On March 24, 2025, Kubernetes disclosed 5 new vulnerabilities affecting the Ingress NGINX Controller for Kubernetes. Successful exploitation could allow attackers access to all secrets stored across all namespaces in the Kubernetes cluster, which could result in cluster takeover. CVE-2025-1974 9....

9.8CVSS8.1AI score0.99098EPSS
Exploits21
Rapid7 Blog
Rapid7 Blog
added 2025/03/25 4:10 p.m.8 views

Multiple vulnerabilities in Ingress NGINX Controller for Kubernetes

On March 24, 2025, Kubernetes disclosed 5 new vulnerabilities affecting the Ingress NGINX Controller for Kubernetes. Successful exploitation could allow attackers access to all secrets stored across all namespaces in the Kubernetes cluster, which could result in cluster takeover. CVE-2025-1974 9....

9.8CVSS8.2AI score0.99098EPSS
Exploits21
Rows per page
Query Builder