Lucene search
K

178 matches found

Nuclei
Nuclei
added yesterday19 views

Emby Server - Authentication Bypass

Emby Server is a user-installable home media server which stores and organizes a user's media files of virtually any format and makes them available for viewing at home and abroad on a broad range of client devices. This vulnerability may allow administrative access to an Emby Server system,...

9.1CVSS6.9AI score0.01713EPSS
Exploits0References2
OSV
OSV
added 2026/07/06 3:27 p.m.6 views

BIT-PYTHON-MIN-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

5.7CVSS5.7AI score0.00562EPSS
Exploits0References11
CVE
CVE
added 2026/07/03 8:19 p.m.175 views

CVE-2026-20896

CVE-2026-20896 affects Gitea Docker images up to and including 1.26.2. The root cause is the default setting REVERSE_PROXY_TRUSTED_PROXIES=*, which can let an attacker impersonate a user when reverse-proxy authentication headers (e.g., X-WEBAUTH-USER) are enabled. Several sources document this, i...

9.8CVSS7.1AI score0.00783EPSS
Exploits4References4
CVE
CVE
added 2026/06/24 8:7 p.m.27 views

CVE-2026-25119

Gogs vulnerability CVE-2026-25119: When ENABLE_REVERSE_PROXY_AUTHENTICATION is enabled, Gogs accepts the header (default X-WEBAUTH-USER) from client requests without validating the request came through a trusted reverse proxy, allowing an attacker to impersonate any user or auto-register. Affecte...

8.7CVSS6AI score0.00864EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 8:7 p.m.23 views

CVE-2026-25119 Gogs: Authentication Bypass via Unvalidated Reverse Proxy Headers

Gogs is an open source self-hosted Git service. Prior to 0.14.3, when ENABLEREVERSEPROXYAUTHENTICATION is enabled, Gogs accepts the configured authentication header default: X-WEBAUTH-USER directly from client requests without validating that the request originated from a trusted reverse proxy. A...

8.7CVSS0.00864EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/19 3:41 p.m.9 views

User Impersonation

Overview silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS. Affected versions of this package are vulnerable to User Impersonation via insufficient validation of proxy-related HTTP headers. An attacker can spoof client IP addresses, hostnames, or protocols by...

5.3CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/06/18 3:4 p.m.2 views

External Initialization of Trusted Variables or Data Stores

Overview Affected versions of this package are vulnerable to External Initialization of Trusted Variables or Data Stores in the installation process when the Forwarded, X-Client-IP, or X-Real-IP headers are set by a reverse proxy. An attacker can gain unauthorized administrative access by remotel...

9.1CVSS5.7AI score0.00545EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.19 views

PT-2026-49036

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.18 Description An identity header validation issue allows local same-host callers to forge trusted-proxy identity headers. Attackers with access to the proxy-facing Gateway port can supply these forged headers...

7.7CVSS5.2AI score0.00102EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.10 views

SUSE SLES15 Security Update : python312 (SUSE-SU-2026:2055-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2055-1 advisory. This update for python312 fixes the following issues - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF...

9.1CVSS6.2AI score0.00579EPSS
Exploits1References13
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.17 views

TencentOS Server 3: python3.12 (TSSA-2026:0389)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0389 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

9.1CVSS6.9AI score0.01279EPSS
Exploits1References12
OSV
OSV
added 2026/05/25 2:2 p.m.6 views

SUSE-SU-2026:2055-1 Security update for python312

This update for python312 fixes the following issues - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969. - CVE-2026-4786: Incomplete mitigation of %action expansion for command injection to webbrowser.open bsc1262319. - CVE-2026-6019: BaseCookie.jsoutput does not...

9.1CVSS7.8AI score0.00579EPSS
Exploits1References9
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Golang 1.19, Golang 1.23

Proxy-Authorization and Proxy-Authenticate headers remain after cross-origin redirections, potentially exposing sensitive information...

6.8CVSS6.6AI score0.0056EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.11 views

SUSE SLES12 Security Update : python3 (SUSE-SU-2026:1937-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1937-1 advisory. This update for python3 fixes the following issue: - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969. -...

9.1CVSS7.5AI score0.00579EPSS
Exploits1References16
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.10 views

SUSE SLES15 Security Update : python310 (SUSE-SU-2026:1947-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1947-1 advisory. This update for python310 fixes the following issues Security issues: - CVE-2026-1502: HTTP client proxy tunnel headers not validat...

9.1CVSS7.9AI score0.00579EPSS
Exploits1References17
AlmaLinux
AlmaLinux
added 2026/05/19 12:0 a.m.21 views

Important: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

9.1CVSS7.1AI score0.01279EPSS
Exploits1References26
OSV
OSV
added 2026/05/19 12:0 a.m.17 views

ALSA-2026:19176 Important: python3.14 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

9.1CVSS7.5AI score0.00621EPSS
Exploits0References20
SUSE Linux
SUSE Linux
added 2026/05/18 7:49 a.m.10 views

Security update for python310

This update for python310 fixes the following issues Security issues: CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969. CVE-2026-3446: base64 decoding stops at first padded quad by default bsc1261970. CVE-2026-4786: incomplete mitigation of , %action expansion fo...

9.1CVSS7.9AI score0.00579EPSS
Exploits1References22
OSV
OSV
added 2026/05/18 7:49 a.m.12 views

SUSE-SU-2026:1947-1 Security update for python310

This update for python310 fixes the following issues Security issues: - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969. - CVE-2026-3446: base64 decoding stops at first padded quad by default bsc1261970. - CVE-2026-4786: incomplete mitigation of , %action...

9.1CVSS7.9AI score0.00579EPSS
Exploits1References12
SUSE Linux
SUSE Linux
added 2026/05/18 7:42 a.m.23 views

Security update for python3

This update for python3 fixes the following issue: CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969. CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed bsc1261970. CVE-2026-4786: URLs prefixe...

9.1CVSS7.4AI score0.00579EPSS
Exploits1References20
OSV
OSV
added 2026/05/18 7:41 a.m.6 views

SUSE-SU-2026:1937-1 Security update for python3

This update for python3 fixes the following issue: - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969. - CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed bsc1261970. - CVE-2026-4786: URLs...

9.1CVSS7.3AI score0.00579EPSS
Exploits1References11
Rows per page
Query Builder