Lucene search
+L

14 matches found

NVD
NVD
added yesterday6 views

CVE-2026-61718

bunkerweb is an Open-source and next-generation Web Application Firewall WAF. From 1.6.2 until 1.6.12, the BunkerWeb web UI BiscuitMiddleware authorization bypass list included the /cache/ URL prefix, so routes in src/ui/app/routes/cache.py protected only by @loginrequired, including POST...

5.4CVSS
Exploits0References3
NVD
NVD
added yesterday5 views

CVE-2026-54728

bunkerweb is an Open-source and next-generation Web Application Firewall WAF. Prior to BunkerWeb 1.6.12 and BunkerWeb PRO 0.57, authenticated Host header handling in the BunkerWeb UI and API improperly validated and neutralized user-controlled input in a configuration-dependent path, allowing a...

6.1CVSS
Exploits0References3
Cvelist
Cvelist
added yesterday25 views

CVE-2026-54728 bunkerweb: Improper Input Validation and Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in BunkerWeb

bunkerweb is an Open-source and next-generation Web Application Firewall WAF. Prior to BunkerWeb 1.6.12 and BunkerWeb PRO 0.57, authenticated Host header handling in the BunkerWeb UI and API improperly validated and neutralized user-controlled input in a configuration-dependent path, allowing a...

6.1CVSS
Exploits0References3
CVE
CVE
added yesterday6 views

CVE-2026-54728

CVE-2026-54728 affects bunkerweb: prior to BunkerWeb 1.6.12 and BunkerWeb PRO 0.57, authenticated handling of Host header input in the UI/API allowed a low-privileged authenticated user to escalate privileges and impact confidentiality, integrity, and availability of the BunkerWeb instance. The i...

6.1CVSS6.1AI score
Exploits0References3
CVE
CVE
added yesterday7 views

CVE-2026-61718

Bunkerweb (WAF) exposes a vulnerability in versions 1.6.2–1.6.12 where the BiscuitMiddleware authorization bypass for the /cache/ routes allowed low-privilege read-only users to delete job cache files. Specifically, routes in src/ui/app/routes/cache.py were only protected by @login_required despi...

5.4CVSS6.1AI score
Exploits0References3
Cvelist
Cvelist
added yesterday23 views

CVE-2026-61718 bunkerweb: Read-only Web UI users can delete job cache files due to missing authorization on /cache/ routes

bunkerweb is an Open-source and next-generation Web Application Firewall WAF. From 1.6.2 until 1.6.12, the BunkerWeb web UI BiscuitMiddleware authorization bypass list included the /cache/ URL prefix, so routes in src/ui/app/routes/cache.py protected only by @loginrequired, including POST...

5.4CVSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/15 12:0 a.m.5 views

BunkerWeb 输入验证错误漏洞

BunkerWeb is an open source web application firewall from Bunkerity Open Source. An input validation error vulnerability exists in BunkerWeb version 1.6.2, which stems from URL redirection to an untrusted site and could lead to phishing attacks...

4.8CVSS6.7AI score0.00431EPSS
Exploits0References4
OSV
OSV
added 2024/12/02 10:17 p.m.14 views

GHSA-Q9RR-H3HX-M87G BunkerWeb has Open Redirect Vulnerability in Loading Page

Summary: A open redirect vulnerability exists in the loading endpoint, allowing attackers to redirect authenticated users to arbitrary external URLs via the "next" parameter. Details: The loading endpoint accepts and uses an unvalidated "next" parameter for redirects: PoC: Visit:...

5.1CVSS6.2AI score0.0076EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/12/02 10:17 p.m.20 views

BunkerWeb has Open Redirect Vulnerability in Loading Page

Summary: A open redirect vulnerability exists in the loading endpoint, allowing attackers to redirect authenticated users to arbitrary external URLs via the "next" parameter. Details: The loading endpoint accepts and uses an unvalidated "next" parameter for redirects: PoC: Visit:...

5.1CVSS6.6AI score0.0076EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/12/02 8:6 p.m.9 views

GO-2024-3294 Open Redirect Vulnerability in Loading Page in bunkerweb in github.com/bunkerity/bunkerweb

Open Redirect Vulnerability in Loading Page in bunkerweb in github.com/bunkerity/bunkerweb...

5.1CVSS6.3AI score0.0076EPSS
Exploits0References2
NVD
NVD
added 2024/11/27 7:15 p.m.11 views

CVE-2024-53264

bunkerweb is an Open-source and next-generation Web Application Firewall WAF. A open redirect vulnerability exists in the loading endpoint, allowing attackers to redirect authenticated users to arbitrary external URLs via the "next" parameter. The loading endpoint accepts and uses an unvalidated...

5.1CVSS0.0076EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/27 6:31 p.m.17 views

CVE-2024-53264 Open Redirect Vulnerability in Loading Page in bunkerweb

bunkerweb is an Open-source and next-generation Web Application Firewall WAF. A open redirect vulnerability exists in the loading endpoint, allowing attackers to redirect authenticated users to arbitrary external URLs via the "next" parameter. The loading endpoint accepts and uses an unvalidated...

5.1CVSS0.0076EPSS
Exploits0References1
OSV
OSV
added 2024/11/27 6:31 p.m.5 views

CVE-2024-53264 Open Redirect Vulnerability in Loading Page in bunkerweb

bunkerweb is an Open-source and next-generation Web Application Firewall WAF. A open redirect vulnerability exists in the loading endpoint, allowing attackers to redirect authenticated users to arbitrary external URLs via the "next" parameter. The loading endpoint accepts and uses an unvalidated...

5.1CVSS6.8AI score0.0076EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/11/27 12:0 a.m.4 views

BunkerWeb 输入验证错误漏洞

BunkerWeb is an open source web application firewall from Bunkerity Open Source. An input validation error vulnerability exists in BunkerWeb version 1.5.11 and earlier, which stems from the presence of an open redirection vulnerability that allows an attacker to redirect an authenticated user to ...

5.1CVSS6.4AI score0.0076EPSS
Exploits0References2
Rows per page
Query Builder