21 matches found
CVE-2026-48594
Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodies. When Tesla.Middleware.DecompressResponse or Tesla.Middleware.Compression is included in a Tesla middleware pipeline, HTTP...
CVE-2026-41174
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCrossNamespace=false, Traefik correctly rejects...
GHSA-XHJW-95FP-8VGQ Traefik Kubernetes CRD allows unauthorized cross-namespace middleware binding
Summary There is a vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCrossNamespace=false, Traefik correctly rejects direct cross-namespace middleware references from IngressRoute objects, but fails to apply the same...
Traefik Kubernetes CRD allows unauthorized cross-namespace middleware binding
Summary There is a vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCrossNamespace=false, Traefik correctly rejects direct cross-namespace middleware references from IngressRoute objects, but fails to apply the same...
Use of Incorrectly-Resolved Name or Reference
Overview Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference in StripPrefixRegex, when used together with ForwardAuth, BasicAuth, or DigestAuth. An attacker can gain unauthorized access to protected backend resources by sending requests with...
[SECURITY] Fedora 43 Update: python-aiohttp-3.13.3-4.fc43
Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...
Malicious code in lp-middlewares (npm)
The package lp-middlewares was found to contain malicious code...
MAL-2025-25620 Malicious code in lp-middlewares (npm)
The package lp-middlewares was found to contain malicious code...
CVE-2025-6669
A vulnerability was found in gooaclok819 sublinkX up to 1.8. It has been declared as problematic. This vulnerability affects unknown code of the file middlewares/jwt.go. The manipulation with the input sublink leads to use of hard-coded cryptographic key . The attack can be initiated remotely. Th...
CVE-2025-32431
CVE-2025-32431 : Traefik is vulnerable when using path-based matchers (PathPrefix, Path, PathRegex). If a request URL contains a trailing path traversal like /../ in the path, an attacker can bypass middleware routing and target a backend exposed via another router. This affects older releases pr...
PT-2025-9199 · Ibc-Go · Ibc-Go
Name of the Vulnerable Software and Affected Versions: IBC-Go versions 7 and later Description: An issue was discovered in IBC-Go's deserialization of acknowledgements, resulting in non-deterministic behavior that can halt a chain. Any user who can open an IBC channel can introduce this state to...
Fedora: Security Advisory (FEDORA-2024-e0057e6044)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for python-aiohttp (FEDORA-2024-f34786d26f)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GHSA-JM3V-QXMH-HXWV Scrapy's redirects ignoring scheme-specific proxy settings
Impact When using system proxy settings, which are scheme-specific i.e. specific to http:// or https:// URLs, Scrapy was not accounting for scheme changes during redirects. For example, an HTTP request would use the proxy configured for HTTP and, when redirected to an HTTPS URL, the new HTTPS...
[SECURITY] Fedora 38 Update: python-aiohttp-3.9.1-1.fc38
Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...
[SECURITY] Fedora 39 Update: python-aiohttp-3.8.6-1.fc39
Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...
[SECURITY] Fedora 38 Update: python-aiohttp-3.8.6-1.fc38
Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...
[SECURITY] Fedora 37 Update: python-aiohttp-3.8.5-1.fc37
Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...
[SECURITY] Fedora 38 Update: python-aiohttp-3.8.5-1.fc38
Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...
Race condition allowing privilege escalation
Grafana is an open-source platform for monitoring and observability. Versions starting with 9.2.0 and less than 9.2.4 contain a race condition in the authentication middlewares logic which may allow an unauthenticated user to query an administration endpoint under heavy load. This issue is patche...