3 matches found
CVE-2026-54588
A flaw was found in Poweradmin, a web-based DNS administration tool. An unauthenticated attacker can exploit this vulnerability by manipulating the HTTPHOST request header. This manipulation allows the attacker to poison the redirecturi used in the OpenID Connect OIDC, Security Assertion Markup...
CVE-2026-34454
OAuth2 Proxy (oauth2-proxy) has a regression introduced in 7.11.0 where the session cookie is not cleared when rendering the sign-in page. This can allow a remaining authenticated session on the browser, particularly for logout flows that rely on the sign-in page. The issue is fixed in 7.15.2. De...
CVE-2026-34454 OAuth2 Proxy: Session cookie not cleared when rendering sign-in page
OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. A regression introduced in 7.11.0 prevents OAuth2 Proxy from clearing the session cookie when rendering the sign-in page. In deployments that rely on the sign-in page as part of their logout flow, a user may be...