Red Hat OpenShift Container Platform 授权问题漏洞

Red Hat OpenShift Container Platform is a platform developed by Red Hat Inc. It helps enterprises develop, deploy, and manage existing container-based applications across physical, virtual, and public cloud infrastructures. There is an authorization vulnerability in Red Hat OpenShift Container...

CVE-2026-34834

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the verifyIdentity function contained logic that returned true if no session cookies were present. This allowed unauthenticated attackers to bypass security checks and access/modify user settings vi...

Incorrect Behavior Order: Validate Before Canonicalize

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

CVE-2026-34786

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Staticapplicablerules evaluates several headerrules types against the raw URL-encoded PATHINFO, while the underlying file-serving path is decoded before the file is served. As a result, a request for a...

CVE-2026-34786

Vulnerability summary: CVE-2026-34786 affects Rack’s static file serving. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static#applicable_rules compares header_rules against the raw URL-encoded PATH_INFO while the file path is decoded for serving. This can allow a URL-encoded path variant to...

PT-2026-26175

Summary ewe's chunked transfer encoding trailer handling merges declared trailer fields into req.headers after body parsing, but the denylist only blocks 9 header names. Security-sensitive headers like authorization, cookie, and x-forwarded-for can be injected or overwritten by a malicious client...

MiracleLinux 8 : python39:3.9 (AXSA:2025-9939:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9939:01 advisory. modwsgi: Trusted Proxy Headers Removing Bypass CVE-2022-2255 Tenable has extracted the preceding description block directly from the MiracleLinux security...

CVE-2024-10006 Consul L7 Intentions Vulnerable To Headers Bypass

A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using Headers in L7 traffic intentions could bypass HTTP header based access rules...

Vmware Spring Cloud Security Vulnerability

Vmware Spring Cloud Config is a set of configuration management solutions for distributed systems from Vmware. The product focuses on providing server and client support for external configuration in distributed systems. Spring Cloud Netflix Zuul 2.2.6.RELEASE A security vulnerability exists in t...

httpd: bypass of mod_headers rules via chunked requests

A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header...

httpd: bypass of mod_headers rules via chunked requests

A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header...

httpd: bypass of mod_headers rules via chunked requests

A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header...