32 matches found
CVE-2026-52839 Easy!Appointments appointments/store and appointments/update allow cross-provider appointment injection — Authorization Bypass
Easy!Appointments is a self hosted appointment scheduler. Versions prior to 1.6.0 correctly filter provider-scoped appointments in the appointments/search response, proving that provider isolation is an intended security boundary. However, the direct mutation endpoints appointments/store and...
CVE-2026-52839 Easy!Appointments appointments/store and appointments/update allow cross-provider appointment injection — Authorization Bypass
Easy!Appointments is a self hosted appointment scheduler. Versions prior to 1.6.0 correctly filter provider-scoped appointments in the appointments/search response, proving that provider isolation is an intended security boundary. However, the direct mutation endpoints appointments/store and...
CVE-2026-52839
Easy!Appointments versions before 1.6.0 allow cross-provider appointment injection via unauthorized use of the store and update endpoints. The vulnerability arises because store/update do not verify that id_users_provider belongs to the current session, enabling a provider to add or reassign appo...
EUVD-2026-43570
OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in Discord guild actions that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to skip cross-provider requester...
CVE-2026-62192
OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in Discord guild actions that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to skip cross-provider requester...
GO-2026-5083 Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services in github.com/traefik/traefik
Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services in github.com/traefik/traefik...
CVE-2026-54761
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlis...
CVE-2026-54761
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlis...
CVE-2026-54761 Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlis...
CVE-2026-54761 Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlis...
CVE-2026-54761
Traefik vulnerability CVE-2026-54761 affects the Kubernetes Gateway provider: prior to 3.6.21 and 3.7.5, the crossProviderNamespaces allowlist is checked against backendRef.namespace instead of the HTTPRoute’s own namespace, enabling an attacker in a non-allowlisted namespace to reference interna...
CVE-2026-50202
Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Security.Authentication.CloudFoundryBase prior to version 3.4.0, Steeltoe.Security.Authentication.JwtBearer prior to version 4.2.0, and...
CVE-2026-50202 Steeltoe's static JWKS cache shared across schemes and never invalidated
Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Security.Authentication.CloudFoundryBase prior to version 3.4.0, Steeltoe.Security.Authentication.JwtBearer prior to version 4.2.0, and...
GHSA-3G6V-2R68-PRFC Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services
Summary There is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlist against the target backendRef.namespace instead of the route's own...
Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services
Summary There is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlist against the target backendRef.namespace instead of the route's own...
PT-2026-50495
Name of the Vulnerable Software and Affected Versions Traefik versions prior to 3.6.21 Traefik versions prior to 3.7.5 Description An issue exists in the Kubernetes Gateway provider regarding the crossProviderNamespaces allowlist. When HTTPRoute rules declare multiple backendRefs Weighted Round...
CVE-2026-9093
In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. The buildSp function in object/samlsp.go never sets AudienceURI on the gosaml2 SAMLServiceProvider struct and never inspects...
CVE-2026-41577
authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, the SAML source response processor ResponseProcessor.parse does not validate the Conditions element on assertions. NotBefore, NotOnOrAfter, and AudienceRestriction are all ignored. This allows replay of expir...
authentik 数据伪造问题漏洞
Authentik is an open-source identity provisioning application developed by Authentik. Versions of Authentik before 2025.12.5 and 2026.2.3 had a data manipulation vulnerability. This vulnerability stemmed from the SAML response processor not verifying the Conditions element in assertions, which...
GHSA-3W4H-G9F5-J84P Casdoor does not validate the AudienceRestriction element in SAML assertions
In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. The buildSp function in object/samlsp.go never sets AudienceURI on the gosaml2 SAMLServiceProvider struct and never inspects...