CVE-2026-25949 Traefik: TCP readTimeout bypass via STARTTLS on Postgres

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.8, there is a potential vulnerability in Traefik managing STARTTLS requests. An unauthenticated client can bypass Traefik entrypoint respondingTimeouts.readTimeout by sending the 8-byte Postgres SSLRequest STARTTLS prelude and then...

EUVD-2024-1095

Malicious code in bioql PyPI...

CVE-2024-28869

An improper handling of exceptional conditions vulnerability was found in Traefik. In affected versions, sending a GET request to any Traefik endpoint with the "Content-length" request header results in an indefinite hang with the default configuration, resulting in a denial of service...

CVE-2024-28869 Possible denial of service vulnerability with Content-length header in Traefik

Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the "Content-length" request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of...

CVE-2024-28869 Possible denial of service vulnerability with Content-length header in Traefik

Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the "Content-length" request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of...

CVE-2024-28869

Technical details about CVE-2024-28869 are not publicly available in the provided Connected documents. The initial description lists vulnerable Traefik versions and fixes, but no additional technical specifics or exploit information are present here. Monitor for updates.

GHSA-4VWX-54MW-VQFW Traefik vulnerable to denial of service with Content-length header

There is a potential vulnerability in Traefik managing requests with Content-length and no body . Sending a GET request to any Traefik endpoint with the Content-length request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to...

Traefik vulnerable to denial of service with Content-length header

There is a potential vulnerability in Traefik managing requests with Content-length and no body . Sending a GET request to any Traefik endpoint with the Content-length request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to...

EasyNas 1.1.0 Command Injection

Exploit Title: EasyNas 1.1.0 - OS Command Injection Date: 2023-02-9 Exploit Author: Ivan Spiridonov [email protected] Author Blog: https://xbz0n.medium.com Version: 1.0.0 Vendor home page : https://www.easynas.org Authentication Required: Yes CVE : CVE-2023-0830 !/usr/bin/python3 import...