Lucene search
K

15 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.12 views

CVE-2026-41181

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. The errors custom error pages middleware can inadvertently expose end-user credentials. When a backend returns a response matching a configured status range, the middleware forwards the original request's complete header set,...

6.9CVSS5.8AI score0.00445EPSS
Exploits1References7
NVD
NVD
added 2026/05/15 5:16 p.m.34 views

CVE-2026-41181

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.44, 3.6.15, and 3.7.0-rc.3, there is an information disclosure vulnerability in Traefik's errors custom error pages middleware. When the backend returns a response matching the configured status range, the middleware forwards the...

6.9CVSS0.00445EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/05/15 4:27 p.m.9 views

CVE-2026-41181 Traefik: Errors middleware forwards Authorization and Cookie headers to separate error page service

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.44, 3.6.15, and 3.7.0-rc.3, there is an information disclosure vulnerability in Traefik's errors custom error pages middleware. When the backend returns a response matching the configured status range, the middleware forwards the...

6.9CVSS5.8AI score0.00445EPSS
Exploits1References4
CVE
CVE
added 2026/05/15 4:27 p.m.28 views

CVE-2026-41181

CVE-2026-41181 affects Traefik before 2.11.44, 3.6.15, and 3.7.0-rc.3. The information disclosure stems from the errors middleware in which, when a response matches a configured status range, the middleware forwards the full request header set (including Authorization and Cookies) to the separate...

6.9CVSS5.8AI score0.00445EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/15 4:27 p.m.7 views

CVE-2026-41181

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.44, 3.6.15, and 3.7.0-rc.3, there is an information disclosure vulnerability in Traefik's errors custom error pages middleware. When the backend returns a response matching the configured status range, the middleware forwards the...

6.9CVSS5.8AI score0.00445EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/05/04 7:26 p.m.15 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the errors middleware process. An attacker can obtain sensitive authentication headers, such as Authorization and Cookie, by triggering a backend response that matches the configured...

6.9CVSS5.8AI score0.00445EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/04 7:26 p.m.7 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the errors middleware process. An attacker can obtain sensitive authentication headers, such as Authorization and Cookie, by triggering a backend response that matches the configured...

6.9CVSS5.8AI score0.00445EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/04 7:26 p.m.8 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the errors middleware process. An attacker can obtain sensitive authentication headers, such as Authorization and Cookie, by triggering a backend response that matches the configured...

6.9CVSS5.8AI score0.00445EPSS
Exploits1References2
OSV
OSV
added 2026/05/04 7:26 p.m.6 views

GHSA-P6HG-QH38-555R Traefik's errors middleware forwards Authorization and Cookie headers to separate error page service

Summary There is a medium severity information disclosure vulnerability in Traefik's errors custom error pages middleware. When the backend returns a response matching the configured status range, the middleware forwards the original request's complete header set, including Authorization, Cookie,...

6.9CVSS5.9AI score0.00445EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.9 views

PT-2026-37111

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.44 Traefik versions prior to 3.6.15 Traefik versions prior to 3.7.0-rc.3 Description An information disclosure issue exists in the errors custom error pages middleware. When a backend returns a response matching...

6.9CVSS5.8AI score0.00445EPSS
Exploits1References10
NVD
NVD
added 2025/12/02 8:15 p.m.6 views

CVE-2025-65877

Lvzhou CMS before commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 2025-09-22 is vulnerable to SQL injection via the 'title' parameter in com.wanli.lvzhoucms.service.ContentServicefindPage. The parameter is concatenated directly into a dynamic SQL query without sanitization or prepared statements,...

7.5CVSS0.00261EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2014/01/21 12:0 a.m.12 views

Oracle WebCenter Portal Page Service Subcomponent Unspecified Information Disclosure

Binary data oraclewebcenterportalcve20135869.nbin...

5CVSS7.3AI score0.02348EPSS
Exploits0References2
NVD
NVD
added 2014/01/15 4:11 p.m.18 views

CVE-2013-5869

Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.6.0, 11.1.1.7.0, and 11.1.1.8.0 allows remote attackers to affect confidentiality via unknown vectors related to Page Service...

5CVSS5.6AI score0.02348EPSS
Exploits0References6
Prion
Prion
added 2014/01/15 4:11 p.m.13 views

Design/Logic Flaw

Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.6.0, 11.1.1.7.0, and 11.1.1.8.0 allows remote attackers to affect confidentiality via unknown vectors related to Page Service...

5CVSS6.1AI score0.02348EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2014/01/15 12:30 a.m.22 views

CVE-2013-5869

Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.6.0, 11.1.1.7.0, and 11.1.1.8.0 allows remote attackers to affect confidentiality via unknown vectors related to Page Service...

5.6AI score0.02348EPSS
Exploits0References6
Rows per page
Query Builder