Lucene search
K

467 matches found

CVE
CVE
added 2 days ago27 views

CVE-2026-54763

Traefik (HTTP reverse proxy/load balancer) before versions v2.11.51, v3.6.22, and v3.7.6 allows underscore-variant identity spoofing via BasicAuth, DigestAuth, and ForwardAuth middlewares. These middlewares strip canonical header names but don’t account for underscore-variant headers, letting an ...

10CVSS6AI score0.00272EPSS
Exploits0References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 4 days ago25 views

Security Bulletin: Multiple vulnerabilities in IBM Tivoli Monitoring affect IBM Cloud Pak System

Summary Multiple vulnerabilities in IBM Tivoli Monitoring affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-35154 DESCRIPTION: IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to...

8.8CVSS7.7AI score0.01163EPSS
Exploits0Affected Software2
FreeBSD
FreeBSD
added 2026/06/30 12:0 a.m.3 views

traefik -- Multiple vulnerabilities

The traefik project releases a new version addressing multiple CVEs: CVE-2026-54763 underscore-variant identity spoofing CVE-2026-54764 ForwardAuth middleware leaks X-Forwarded-Port spoofing CVE-2026-54765 Gateway HTTPRoute backendRef filters can leak backend context...

10CVSS5.9AI score0.00427EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/26 11:18 p.m.26 views

pnpm: Manifest identity spoof satisfies allowBuilds and runs attacker lifecycle

Summary Keep build approval for opaque dependency sources byte-exact for GHSA-5wx6-mg75-v57r / CAND-PNPM-123. Merged upstream commit bf1b731ee6 fixed the original name-only approval bypass by making build policy consume the resolved dependency identity. One collision remained: the generic...

8.8CVSS5.8AI score0.00118EPSS
Exploits1References6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 8:38 p.m.4 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty

Summary Multiple vulnerabilities in IBM WebSphere Application Server Liberty that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and...

9.8CVSS6.6AI score0.00978EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/06/23 2:37 p.m.4 views

BIT-APISIX-2026-49231 Apache APISIX: Identity spoofing issue in APISIX opa plugin

Authentication Bypass by Spoofing vulnerability in opa plugin. An attacker could relay spoofed identity headers to upstream capitalising on non-default configuration in opa plugin. This could allow the attacker to assume higher privileges on the upstream service. This issue affects Apache APISIX:...

5.4CVSS5.9AI score0.00359EPSS
Exploits0References3
OSV
OSV
added 2026/06/23 2:37 p.m.5 views

BIT-APISIX-2026-44046 Apache APISIX: wolf-rbac plugin Identity Spoofing

Use of Less Trusted Source vulnerability in Apache APISIX. Attacker can take advantage of wolf-rbac plugin under default configuration to potentially pollute logs with spoofed identity information and exploit IP based access control rules. This issue affects Apache APISIX: from 1.2.0 through...

5.8CVSS5.8AI score0.00314EPSS
Exploits0References3
OSV
OSV
added 2026/06/23 2:37 p.m.3 views

BIT-APISIX-2026-39998 Apache APISIX: Identity Injection via forward-auth Plugin Missing Header Cleanup

Improper Input Validation vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to spoof identity headers. This issue affects Apache APISIX: from 2.12.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the...

8.8CVSS5.8AI score0.00403EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 2:44 p.m.7 views

EUVD-2026-38251

IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to HTTP request smuggling. A remote attacker could smuggle a specially crafted request to the application server thereby allowing the attacker to bypass security...

7.4CVSS5.9AI score0.00338EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 1:14 p.m.26 views

CVE-2026-49231 Apache APISIX: Identity spoofing issue in APISIX opa plugin

Authentication Bypass by Spoofing vulnerability in opa plugin. An attacker could relay spoofed identity headers to upstream capitalising on non-default configuration in opa plugin. This could allow the attacker to assume higher privileges on the upstream service. This issue affects Apache APISIX:...

2.3CVSS0.00359EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 1:14 p.m.19 views

CVE-2026-49231

CVE-2026-49231 describes an authentication bypass via spoofed identity headers in the APISIX opa plugin. Affected software: Apache APISIX (versions 3.5.0–3.16.0). Root cause: spoofed headers accepted due to non-default plugin configuration, allowing an attacker to relay identities to an upstream ...

5.4CVSS5.9AI score0.00359EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/19 1:11 p.m.32 views

CVE-2026-44087

CVE-2026-44087 affects Apache APISIX via the openid-connect plugin under default configuration. The root cause is insufficient verification of data authenticity, enabling spoofing of identity headers and unauthorized access to protected resources. Affected versions are 2.3 through 3.16.0. The iss...

9.1CVSS5.8AI score0.00213EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/19 1:9 p.m.27 views

CVE-2026-44046

Apache APISIX is affected by CVE-2026-44046 due to a Less Trusted Source issue in the wolf-rbac plugin under default configuration. Affected versions: 1.2.0 through 3.16.0. Exploitation can allow spoofed identity information to be logged and potentially bypass or abuse IP-based access controls. T...

5.8CVSS5.8AI score0.00314EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/19 1:9 p.m.29 views

CVE-2026-44046 Apache APISIX: wolf-rbac plugin Identity Spoofing

Use of Less Trusted Source vulnerability in Apache APISIX. Attacker can take advantage of wolf-rbac plugin under default configuration to potentially pollute logs with spoofed identity information and exploit IP based access control rules. This issue affects Apache APISIX: from 1.2.0 through...

2.3CVSS0.00314EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.13 views

PT-2026-50879

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 2.12.0 through 3.16.0 Description Improper Input Validation in the forward-auth plugin allows an attacker to spoof identity headers by leveraging specific configurations. Recommendations Upgrade to version 3.17.0...

8.8CVSS5.9AI score0.00403EPSS
Exploits0References6
NVD
NVD
added 2026/06/17 6:17 p.m.11 views

CVE-2026-30799

Missing Authentication for Critical Function vulnerability in RTI Connext Professional Security Plugins allows Identity Spoofing.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3., from 6.1.0 before 6.1., from 6.0.0 before 6.0., from 5.3.0 before 5.3...

8.1CVSS0.00268EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 5:20 p.m.19 views

CVE-2026-30799 Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Identity Spoofing.

Missing Authentication for Critical Function vulnerability in RTI Connext Professional Security Plugins allows Identity Spoofing.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3., from 6.1.0 before 6.1., from 6.0.0 before 6.0., from 5.3.0 before 5.3...

6.1CVSS0.00268EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 5:20 p.m.8 views

EUVD-2026-37754

Missing Authentication for Critical Function vulnerability in RTI Connext Professional Security Plugins allows Identity Spoofing.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3., from 6.1.0 before 6.1., from 6.0.0 before 6.0., from 5.3.0 before 5.3...

6.1CVSS5.2AI score0.00268EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 5:20 p.m.15 views

CVE-2026-30799

Missing Authentication for Critical Function vulnerability in RTI Connext Professional Security Plugins allows Identity Spoofing.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3., from 6.1.0 before 6.1., from 6.0.0 before 6.0., from 5.3.0 before 5.3...

8.1CVSS5.2AI score0.00268EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/17 3:22 p.m.14 views

Security Bulletin: IBM WebSphere Application Server is affected by an identity spoofing vulnerability (CVE-2026-8644)

Summary IBM WebSphere Application Server is affected by an identity spoofing vulnerability. Vulnerability Details CVEID:CVE-2026-8644 DESCRIPTION: IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing. CWE:CWE-290: Authentication Bypass by Spoofing CVSS Source: IBM CVSS...

9.1CVSS5.2AI score0.0033EPSS
Exploits0Affected Software1
Rows per page
Query Builder