11 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-30851
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Caddy is an extensible server platform that uses TLS by default. From version 2.10.0 to before version 2.11.2, forwardauth copyheaders does not strip...
CVE-2026-30851 Caddy forward_auth copy_headers Does Not Strip Client-Supplied Headers, Allowing Identity Injection and Privilege Escalation
Caddy is an extensible server platform that uses TLS by default. From version 2.10.0 to before version 2.11.2, forwardauth copyheaders does not strip client-supplied headers, allowing identity injection and privilege escalation. This issue has been patched in version 2.11.2...
CVE-2026-30852 Caddy: vars_regexp double-expands user input, leaking env vars and files
Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...
CVE-2026-30852 Caddy: vars_regexp double-expands user input, leaking env vars and files
Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...
Linux Distros Unpatched Vulnerability : CVE-2026-27587
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP path request matcher is intended to be case-insensitive,...
UBUNTU-CVE-2026-27586
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, two swallowed errors in ClientAuthentication.provision cause mTLS client certificate authentication to silently fail open when a CA certificate file is missing, unreadable, or malformed. The server starts...
Caddy 输入验证错误漏洞
Caddy is an open-source, cross-platform HTTP/Web server developed by the Caddy company. Versions of Caddy prior to 2.11.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from the path cleaner in the file matcher not clearing backslashes properly, which cou...
Caddy 跨站请求伪造漏洞
Caddy is an open-source, cross-platform HTTP/Web server developed by the Caddy company. Versions of Caddy prior to 2.11.1 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the local Caddy management API accepting cross-domain requests when source forcing was n...
EUVD-2017-15032
Malware in sbrugna...
CVE-2022-28923
Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs...
PT-2020-8890 · Caddy · Caddy
Name of the Vulnerable Software and Affected Versions: Caddy versions prior to 0.10.13 Description: The issue is related to the mishandling of TLS client authentication. This is caused by the lack of the StrictHostMatching mode, allowing an attacker to bypass TLS client authentication. An attacke...