11 matches found
CVE-2026-54765
Traefik’s Gateway API provider (v3.7.0–v3.7.5) may allow two accepted HTTPRoutes targeting the same backend Service:port to have different backendRef filters, causing one route’s filter context to be applied to requests reaching the other route. This can leak security-sensitive headers (e.g., ten...
CVE-2026-54765 Traefik: Gateway HTTPRoute backendRef filters can leak backend context across routes sharing a Service:port
Traefik is an open source HTTP reverse proxy and load balancer. From v3.7.0 prior to v3.7.6, Traefik's Kubernetes Gateway API provider may resolve two accepted HTTPRoutes that target the same backend Service:port but configure different backendRef filters to the same child service and apply only...
traefik -- Multiple vulnerabilities
The traefik project releases a new version addressing multiple CVEs: CVE-2026-54763 underscore-variant identity spoofing CVE-2026-54764 ForwardAuth middleware leaks X-Forwarded-Port spoofing CVE-2026-54765 Gateway HTTPRoute backendRef filters can leak backend context...
CVE-2026-29647
In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabling cross-context information leakage or disruption of interrupt handling...
EUVD-2026-23960
In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabling cross-context information leakage or disruption of interrupt handling...
CVE-2026-29647
In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabling cross-context information leakage or disruption of interrupt handling...
CVE-2026-29647
In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabling cross-context information leakage or disruption of interrupt handling...
CVE-2026-32887
Effect is a TypeScript framework that consists of several packages that work together to help build TypeScript applications. Prior to version 3.20.0, when using RpcServer.toWebHandler or HttpApp.toWebHandlerRuntime inside a Next.js App Router route handler, any Node.js AsyncLocalStorage-dependent...
Race Condition
Overview @envelop/graphql-modules is a This plugins integrates graphql-modules execution lifecycle into the GraphQL execution flow. Affected versions of this package are vulnerable to Race Condition via the useGraphQLModules plugin. An attacker can cause request context data to be mixed between...
Linux Distros Unpatched Vulnerability : CVE-2021-21334
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In containerd an industry-standard container runtime before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation through...
Mojarra: deployed web applications can read FacesContext from other applications under certain conditions
Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext reference during startup, which allows local users to obtain context information an access resources from another WAR file by calling the FacesContext.getCurrentInstance function...