4189 matches found
CVE-2026-41263
CVE-2026-41263 affects Traefik’s BasicAuth middleware. A timing side-channel allows an attacker to enumerate valid usernames by measuring response times, because the constant-time fallback secret resolves to an empty string, causing the bcrypt check to short-circuit quickly. Vulnerable versions a...
CVE-2026-41263
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a timing side-channel vulnerability in Traefik's BasicAuth middleware that allows an attacker to enumerate valid usernames through response-time differences. The variable intended to ho...
EUVD-2026-26433
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a timing side-channel vulnerability in Traefik's BasicAuth middleware that allows an attacker to enumerate valid usernames through response-time differences. The variable intended to ho...
CVE-2026-41263
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a timing side-channel vulnerability in Traefik's BasicAuth middleware that allows an attacker to enumerate valid usernames through response-time differences. The variable intended to ho...
CVE-2026-40912 Traefik: StripPrefixRegex auth bypass via Path/RawPath desync
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches...
CVE-2026-40912 Traefik: StripPrefixRegex auth bypass via Path/RawPath desync
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches...
CVE-2026-40912
CVE-2026-40912 affects Traefik’s StripPrefixRegex middleware used with ForwardAuth, BasicAuth, or DigestAuth. The vulnerability arises because the middleware matches a decoded URL path against a regex but uses that length to slice the percent-encoded RawPath, which can produce a dot-segment (e.g....
CVE-2026-40912
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches...
CLSA-2026-1777539404 squid34: Fix of 12 CVEs
CVE-2019-12525: fix heap buffer over-read in Digest auth parameter parsing - CVE-2018-1000027: fix NULL pointer dereference in X-Forwarded-For logging for internal transactions - CVE-2018-19131: escape certificate field injection via %D in ERRSECURECONNECTFAIL page - CVE-2018-19132: fix memory...
Traefik 安全漏洞
Traefik is an open-source reverse proxy and load balancing tool developed by Traefik. Versions prior to Traefik 2.11.43, 3.6.14, and 3.7.0-rc.2 contain security vulnerabilities. These vulnerabilities stem from variables used in the BasicAuth middleware for constant-time comparisons, which are...
Exploit for Out-of-bounds Write in Microsoft
CVE-2016-0189 Proof-of-Concept exploit for CVE-2016-0189 VBSc...
CVE-2026-7241 Totolink A8000RU CGI cstecgi.cgi setWiFiBasicCfg os command injection
A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wifiOff results in os command injection. The attack is possible to be carried...
CVE-2026-7241 Totolink A8000RU CGI cstecgi.cgi setWiFiBasicCfg os command injection
A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wifiOff results in os command injection. The attack is possible to be carried...
CVE-2026-44240
creationtimestamp| type| source ---|---|--- 2026-04-28 03:41:59+00:00| published-proof-of-concept| https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rpmf-866q-6p89...
TOTOLINK A8000RU 命令注入漏洞
TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a command injection vulnerability. This vulnerability stems from the setWiFiBasicCfg function in the CGI Handler component’s /cgi-bin/cstecgi.cgi file, which...
CVE-2026-40022 Apache Camel Platform HTTP Main: Authentication Bypass on Non-Root Context Paths in camel main runtime
When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server camel-platform-http-main and a non-root context path such as /api or /admin is configured via camel.server.path or camel.management.path, the BasicAuthenticationConfigurer and...
Linux Distros Unpatched Vulnerability : CVE-2026-41324
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service through unbounded memory growth while processing directory...
[SECURITY] Fedora 44 Update: python-flask-httpauth-4.8.1-1.fc44
FlaskHTTPAuth Basic and Digest HTTP authentication for Flask routes...
Timing Attack
Overview Affected versions of this package are vulnerable to Timing Attack via the BasicAuth process. An attacker can enumerate valid usernames by measuring authentication response times, exploiting differences in processing between existing and non-existing users. Remediation Upgrade...
Timing Attack
Overview Affected versions of this package are vulnerable to Timing Attack via the BasicAuth process. An attacker can enumerate valid usernames by measuring authentication response times, exploiting differences in processing between existing and non-existing users. Remediation Upgrade...