Lucene search
K

11 matches found

CVE
CVE
added yesterday15 views

CVE-2026-54765

Traefik’s Gateway API provider (v3.7.0–v3.7.5) may allow two accepted HTTPRoutes targeting the same backend Service:port to have different backendRef filters, causing one route’s filter context to be applied to requests reaching the other route. This can leak security-sensitive headers (e.g., ten...

6.3CVSS5.9AI score
Exploits0References4
Cvelist
Cvelist
added yesterday24 views

CVE-2026-54765 Traefik: Gateway HTTPRoute backendRef filters can leak backend context across routes sharing a Service:port

Traefik is an open source HTTP reverse proxy and load balancer. From v3.7.0 prior to v3.7.6, Traefik's Kubernetes Gateway API provider may resolve two accepted HTTPRoutes that target the same backend Service:port but configure different backendRef filters to the same child service and apply only...

6.3CVSS
Exploits0References4
FreeBSD
FreeBSD
added 2026/06/30 12:0 a.m.3 views

traefik -- Multiple vulnerabilities

The traefik project releases a new version addressing multiple CVEs: CVE-2026-54763 underscore-variant identity spoofing CVE-2026-54764 ForwardAuth middleware leaks X-Forwarded-Port spoofing CVE-2026-54765 Gateway HTTPRoute backendRef filters can leak backend context...

7.8CVSS5.9AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/21 1:22 a.m.7 views

CVE-2026-29647

In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabling cross-context information leakage or disruption of interrupt handling...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/20 9:31 p.m.5 views

EUVD-2026-23960

In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabling cross-context information leakage or disruption of interrupt handling...

5.8AI score0.00231EPSS
Exploits0References4
NVD
NVD
added 2026/04/20 9:16 p.m.4 views

CVE-2026-29647

In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabling cross-context information leakage or disruption of interrupt handling...

6.5CVSS0.00231EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/20 12:0 a.m.31 views

CVE-2026-29647

In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabling cross-context information leakage or disruption of interrupt handling...

0.00231EPSS
Exploits0References3
NVD
NVD
added 2026/03/20 10:16 p.m.7 views

CVE-2026-32887

Effect is a TypeScript framework that consists of several packages that work together to help build TypeScript applications. Prior to version 3.20.0, when using RpcServer.toWebHandler or HttpApp.toWebHandlerRuntime inside a Next.js App Router route handler, any Node.js AsyncLocalStorage-dependent...

7.4CVSS0.0027EPSS
Exploits1References1
Snyk
Snyk
added 2026/01/21 4:36 p.m.3 views

Race Condition

Overview @envelop/graphql-modules is a This plugins integrates graphql-modules execution lifecycle into the GraphQL execution flow. Affected versions of this package are vulnerable to Race Condition via the useGraphQLModules plugin. An attacker can cause request context data to be mixed between...

8.7CVSS6AI score0.00465EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-21334

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In containerd an industry-standard container runtime before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation through...

6.3CVSS6.2AI score0.02044EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2012/12/18 10:23 p.m.4 views

Mojarra: deployed web applications can read FacesContext from other applications under certain conditions

Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext reference during startup, which allows local users to obtain context information an access resources from another WAR file by calling the FacesContext.getCurrentInstance function...

2.1CVSS5.8AI score0.00545EPSS
Exploits1References4
Rows per page
Query Builder