PT-2026-48903

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.135.Final Netty versions prior to 4.2.15.Final Description Netty is a network application framework for developing protocol servers and clients. The RedisArrayAggregator pre-allocates an ArrayList with an initial...

CVE-2026-40999: Spring WS SSRF via unvalidated WS-Addressing reply destinations

When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS may initiate outbound connections through configured WebServiceMessageSender instances to destinations taken directly from request headers without verifying that those destinations are safe to connect to. A remo...

CVE-2026-45364

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.4.17 and 1.5.0-beta.9, Better Auth's HTTP rate limiter keyed each request by the exact textual IP address it received in x-forwarded-for or the configured IP-bearing header. IPv6 clients controlling a typical /6...

CVE-2026-44649

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern accepts Remote-User Authelia and X-Authentik-Username Authentik HTTP headers to...

PT-2026-40545

Name of the Vulnerable Software and Affected Versions SillyTavern versions prior to 1.18.0 Description An authentication bypass and account takeover issue exists when Authelia or Authentik SSO is enabled. The software accepts Remote-User for Authelia and X-Authentik-Username for Authentik HTTP...

GHSA-5MWJ-V5JW-5C97 LobeHub: Unauthenticated authentication bypass on `webapi` routes via forgeable `X-lobe-chat-auth` header

Summary The webapi authentication layer trusts a client-controlled X-lobe-chat-auth header that is only XOR-obfuscated, not signed or otherwise authenticated. Because the XOR key is hardcoded in the repository, an attacker can forge arbitrary auth payloads and bypass authentication on protected...

WordPress plugin BlueSnap Payment Gateway for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

Authorization Bypass Through User-Controlled Key

Overview agents is an A home for your AI agents Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the createHeaderBasedEmailResolver function. An attacker can redirect inbound email to arbitrary internal objects by manipulating the Message-ID...

GHSA-R7X9-8PH7-W8CG Cloudflare Agents SDK has Insecure Direct Object Reference (IDOR) via Header-Based Email Routing

Summary An Insecure Direct Object Reference CWE-639 has been found to exist in createHeaderBasedEmailResolver function within the Cloudflare Agents SDK. The issue occurs because the Message-ID and References headers are parsed to derive the target agentName and agentId without proper validation o...

CVE-2026-1664

Summary An Insecure Direct Object Reference has been found to exist in createHeaderBasedEmailResolver function within the Cloudflare Agents SDK. The issue occurs because the Message-ID and References headers are parsed to derive the target agentName and agentId without proper validation or origin...

CVE-2026-1664

Summary: CVE-2026-1664 affects Cloudflare Agents SDK prior to 0.3.7, due to an IDOR in header-based email routing. Root cause: createHeaderBasedEmailResolver() parses Message-ID and References to derive target agentName/agentId without cryptographic/origin verification, letting external headers s...

CVE-2026-1664

Summary An Insecure Direct Object Reference has been found to exist in createHeaderBasedEmailResolver function within the Cloudflare Agents SDK. The issue occurs because the Message-ID and References headers are parsed to derive the target agentName and agentId without proper validation or origin...

CVE-2026-1664 Insecure Direct Object Reference (IDOR) via Header-Based Email Routing

Summary An Insecure Direct Object Reference has been found to exist in createHeaderBasedEmailResolver function within the Cloudflare Agents SDK. The issue occurs because the Message-ID and References headers are parsed to derive the target agentName and agentId without proper validation or origin...

CVE-2022-37724

Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces...

Linux Distros Unpatched Vulnerability : CVE-2018-1335

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line o...

PT-2025-41612

Name of the Vulnerable Software and Affected Versions BigFix WebUI affected versions not specified Description The BigFix WebUI application is susceptible to Host Header Poisoning Attacks. The application responds with HOST information from the HTTP header field. Recommendations At the moment,...

CVE-2025-57752

Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization API routes are affected by cache key confusion. When images returned from API routes vary based on request headers such as Cookie or...

CVE-2025-57752 Next.js Affected by Cache Key Confusion for Image Optimization API Routes

Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization API routes are affected by cache key confusion. When images returned from API routes vary based on request headers such as Cookie or...

Use of Cache Containing Sensitive Information

Overview next is a react framework. Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information in the image optimization process, when responses from API routes vary based on request headers such as Cookie or Authorization. An attacker can gain unauthorized...

Next.js Affected by Cache Key Confusion for Image Optimization API Routes

A vulnerability in Next.js Image Optimization has been fixed in v15.4.5 and v14.2.31. When images returned from API routes vary based on request headers such as Cookie or Authorization, these responses could be incorrectly cached and served to unauthorized users due to a cache key confusion bug...