Lucene search
K

299 matches found

ATTACKERKB
ATTACKERKB
added last week4 views

CVE-2026-57942

LibreTranslate through 1.9.7, fixed in commit 397fd22, contains an IP spoofing vulnerability in the getremoteaddress function that allows unauthenticated attackers to spoof client IP addresses by injecting arbitrary values into the X-Forwarded-For header without trusted proxy validation. Attacker...

6.9CVSS5.9AI score0.00192EPSS
Exploits0References5
CVE
CVE
added last week8 views

CVE-2026-57942

LibreTranslate (up to 1.9.7) contains an IP spoofing vulnerability in get_remote_address() that allows unauthenticated attackers to spoof client IPs via X-Forwarded-For values, bypassing per-IP rate limits and enabling unlimited API abuse. Fixed in commit 397fd22. Affected: LibreTranslate; remedi...

6.9CVSS5.9AI score0.00192EPSS
Exploits0References4
NVD
NVD
added 2026/06/22 6:16 p.m.13 views

CVE-2026-54289

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so...

4.8CVSS0.00114EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 5:16 p.m.32 views

CVE-2026-54289 Hono: Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so...

4.8CVSS0.00114EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 5:16 p.m.21 views

CVE-2026-54289

CVE-2026-54289 — Hono Lambda@Edge header handling : On AWS Lambda@Edge, prior to 4.12.25, CloudFront may deliver repeated headers as multiple entries. The Hono Lambda@Edge adapter uses Headers.set for each value, overwriting the previous one, so only the last value reaches the application. Header...

4.8CVSS5.9AI score0.00114EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 8:17 a.m.14 views

CVE-2026-54665

Apache NiFi 0.0.1 through 2.9.0 support building qualified URLs from one of several HTTP request headers that provide an alternative to the standard Host header without validating the values provided. Apache NiFi 1.6.0 introduced a configurable application property to restrict values provided in...

6.3CVSS0.00268EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Ruby-Rack

Rack is a modular Ruby web server interface. Carefully crafted headers may cause header parsing in Rack to take longer than expected, potentially leading to a denial-of-service issue. The Accept and Forwarded headers are affected. Ruby 3.2 includes fixes for this problem, so Rack applications tha...

7.5CVSS6.1AI score0.01996EPSS
Exploits0References2
OSV
OSV
added 2026/06/18 9:28 p.m.6 views

MGASA-2026-0226 Updated ruby-rack packages fix security vulnerabilities

CVE-2026-26961 Greedy multipart boundary parsing can cause parser differentials and WAF bypass. Forwarded header semicolon injection enables Host and Scheme spoofing. CVE-2026-34230 Quadratic complexity in Rack::Utils.selectbestencoding via wildcard Accept-Encoding header. CVE-2026-34763 Root...

7.5CVSS5.2AI score0.00475EPSS
Exploits2References14
ATTACKERKB
ATTACKERKB
added 2026/06/18 4:13 p.m.5 views

CVE-2026-54106

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS do not validate X-Forwarded-For HTTP headers, allowing a remote attacker with compromised administrator credentials to bypass network...

5.1CVSS5.4AI score0.00289EPSS
Exploits0References5
OSV
OSV
added 2026/06/18 2:24 p.m.5 views

GHSA-4JGR-PG2M-M988 Heimdall: Forwarded Header Injection via Unsanitized Host Header in Proxy Mode

Summary When Heimdall operates in proxy mode, it constructs the Forwarded HTTP header after executing the matched rule pipeline by inserting the incoming request's Host header value directly into the header string without sanitizing commas or semicolons. This allows an attacker to inject addition...

7CVSS5.4AI score
Exploits0References2
Veracode
Veracode
added 2026/06/17 6:21 p.m.12 views

Improper Handling Of HTTP Headers

hono is vulnerable to Improper Handling of HTTP Headers. The vulnerability is due to using Headers.set instead of Headers.append when processing repeated request headers, which allows multiple header values to be overwritten and truncated, potentially enabling attackers to bypass security control...

4.8CVSS5.3AI score0.00114EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/16 2:32 p.m.4 views

GHSA-WGPF-JWQJ-8H8P hono: Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest

Summary On AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so every value overwrites the previous one and only the last reaches the application. Repeated reques...

4.8CVSS5.4AI score0.00114EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.11 views

PT-2026-49736

Summary On AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so every value overwrites the previous one and only the last reaches the application. Repeated reques...

4.8CVSS5.4AI score0.00114EPSS
Exploits0References4
NVD
NVD
added 2026/06/15 9:17 p.m.5 views

CVE-2026-47825

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers. Affected versions: Spring Cloud Gateway 3.1.x fix 3.1.13. Spring Cloud Gateway 4.1.x fix 4.1.13. Spri...

8.6CVSS0.00139EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 7:34 p.m.61 views

CVE-2026-47825

The CVE affects Spring Cloud Gateway Server components (WebMVC and WebFlux gateways) where headers from untrusted proxies (X-Forwarded-For, Forwarded) are forwarded in certain configurations. Root cause: forwarded-header handling without a trusted-proxy basis allows forged headers to reach downst...

8.6CVSS5.2AI score0.00139EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 7:34 p.m.27 views

CVE-2026-47825 Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies in certain situations

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers. Affected versions: Spring Cloud Gateway 3.1.x fix 3.1.13. Spring Cloud Gateway 4.1.x fix 4.1.13. Spri...

8.6CVSS0.00139EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 10:3 a.m.8 views

CVE-2026-34025 IP restriction bypass in Wertheim SafeController Software allows logins from unauthorized network locations

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction bypass vulnerability in the login process. The application restricts user logins based on the IP address associated with a branch location, but the client IP address is derived from the HTTP...

5.3CVSS5.3AI score0.00283EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/15 10:3 a.m.10 views

EUVD-2026-36708

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction bypass vulnerability in the login process. The application restricts user logins based on the IP address associated with a branch location, but the client IP address is derived from the HTTP...

5.3CVSS5.4AI score0.00283EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.29 views

PT-2026-49468

Name of the Vulnerable Software and Affected Versions Spring Cloud Gateway versions prior to 3.1.13 Spring Cloud Gateway versions prior to 4.1.13 Spring Cloud Gateway versions prior to 4.2.9 Spring Cloud Gateway versions prior to 4.3.5 Spring Cloud Gateway versions prior to 5.0.2 Description Spri...

8.6CVSS5.8AI score0.00139EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49196

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction bypass vulnerability in the login process. The application restricts user logins based on the IP address associated with a branch location, but the client IP address is derived from the HTTP...

5.3CVSS5.3AI score0.00283EPSS
Exploits1References3
Rows per page
Query Builder