Lucene search
K

14 matches found

NVD
NVD
added 3 days ago7 views

CVE-2026-54764

Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's ForwardAuth middleware, even when configured with trustForwardHeader: false, derives the X-Forwarded-Port header sent to the authentication service from the original incoming request instead of t...

6.9CVSS0.0029EPSS
Exploits0References3
CVE
CVE
added 3 days ago19 views

CVE-2026-54764

Summary of CVE-2026-54764 : Traefik’s ForwardAuth middleware can leak spoofed port information due to incorrect header handling when trustForwardHeader is false. Before fixes, the middleware derived X-Forwarded-Port from the original incoming request rather than the sanitized forwarded request, a...

6.9CVSS6AI score0.0029EPSS
Exploits0References3Affected Software1
FreeBSD
FreeBSD
added 2026/06/30 12:0 a.m.4 views

traefik -- Multiple vulnerabilities

The traefik project releases a new version addressing multiple CVEs: CVE-2026-54763 underscore-variant identity spoofing CVE-2026-54764 ForwardAuth middleware leaks X-Forwarded-Port spoofing CVE-2026-54765 Gateway HTTPRoute backendRef filters can leak backend context...

10CVSS5.9AI score0.00346EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.11 views

CVE-2026-50266

A flaw was found in OpenStack Neutron. A project manager can exploit this vulnerability by creating or updating a port on a shared network and setting the deviceowner to a specific value. This bypasses default access controls, allowing the project manager to obtain trusted network-service port...

6.6CVSS5.1AI score0.00262EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.10 views

pupnp 安全漏洞

Pupnp is an open-source application developed by the Portable SDK for UPnP Devices. It’s a portable SDK for UPnP devices. Versions of Pupnp prior to 1.18.5 contained security vulnerabilities. These vulnerabilities were caused by the atoi function used in parseuri, which led to port truncation and...

6.9CVSS5.8AI score0.00346EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/11 1:33 a.m.13 views

CVE-2026-25740

captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings. In 25.05 and earlier, when programs.captive-browser is enabled, any user of the system can run arbitrary commands with the CAPNETRAW capability binding to privileged ports, spoofing localho...

5.8CVSS5.8AI score0.00148EPSS
Exploits0References1
OSV
OSV
added 2025/12/30 12:16 p.m.5 views

OESA-2025-2858 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled...

10CVSS7AI score0.00307EPSS
Exploits2References3
OSV
OSV
added 2024/09/18 12:0 a.m.3 views

CVE-2023-28452

An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for normal resolution. In an exploit, the attacker could just forge a response targeting the source port of a...

7.5CVSS6.8AI score0.00613EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2021/06/07 12:0 a.m.234 views

Trojan-Dropper.Win32.Googite.a Unauthenticated Open Proxy

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ff30fbee3724d80dcb9471c0b553c99a.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Dropper.Win32.Googite.a Vulnerability: Unauthenticated Open Proxy Description: Googite malwar...

0.1AI score
Exploits0
Github Security Blog
Github Security Blog
added 2018/10/19 4:41 p.m.32 views

Apache Qpid Broker vulnerable to authentication port spoofing

Apache Qpid Broker-J versions 0.18 through 0.32 are vulnerable to authentication port spoofing. When the broker is configured with different authentication providers on different ports, one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to...

9.8CVSS1.9AI score0.06214EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2018/10/19 4:41 p.m.22 views

GHSA-269M-695X-J34P Apache Qpid Broker vulnerable to authentication port spoofing

Apache Qpid Broker-J versions 0.18 through 0.32 are vulnerable to authentication port spoofing. When the broker is configured with different authentication providers on different ports, one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to...

9.8CVSS9.7AI score0.06214EPSS
Exploits0References7
Veracode
Veracode
added 2017/12/04 12:52 a.m.24 views

Authentication Port Spoofing

Apache Qpid Broker-J is vulnerable to authentication port spoofing. An attacker can use an HTTP port to trick the library into using an authentication provider which is configured for a different port number referred to as the spoofed port. This becomes a vulnerability when the spoofed port has a...

9.8CVSS9.3AI score0.06214EPSS
Exploits0References5Affected Software1
CNVD
CNVD
added 2016/01/07 12:0 a.m.5 views

ReadyNet WRT300N-DD devices with firmware spoofing vulnerability

ReadyNet WRT300N-DD devices with firmware is a wireless router product from ReadyNet New Zealand. A spoofing vulnerability exists in ReadyNet WRT300N-DD devices with firmware 1.0.26. Since the devices use the same source port for DNS lookups, a remote attacker could select this number as the...

5.8CVSS6.9AI score0.00984EPSS
Exploits0References1
securityvulns
securityvulns
added 2004/04/14 12:0 a.m.35 views

Multiple linux kernel bugs

/proc/tty/driver/serial kestroke counting information leak, multiple execve problems, multiple STP problems, UDP port spoofing, forwarding table records spoofing. ISO9660 file system buffer overflow...

1.6AI score
Exploits0References4Affected Software1
Rows per page
Query Builder