CVE-2026-40575 OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a client-supplied X-Forwarded-Uri header when --reverse-proxy is enabled and --skip-auth-regex or --skip-auth-route is configured. An attacker can spoof this header so OAut...

EUVD-2026-24477

frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser...

frp 授权问题漏洞

FRP is an internal penetration reverse proxy tool developed by Fatedier’s developers. Versions of FRP from 0.43.0 to 0.68.0 have vulnerabilities related to authorization. These vulnerabilities arise from using routeByHTTPUser for access control. In this scenario, the HTTP vhost routing path...

BIT-AUTHENTIK-2026-25748 authentik has a forward authentication bypass with broken cookie

authentik is an open-source identity provider. Prior to 2025.10.4 and 2025.12.4, with a malformed cookie it was possible to bypass authentication when using forward authentication in the authentik Proxy Provider when used in conjunction with Traefik or Caddy as reverse proxy. When a malicious...

GHSA-7X63-XV5R-3P2X OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing

Impact A configuration-dependent authentication bypass exists in OAuth2 Proxy. Deployments are affected when all of the following are true: OAuth2 Proxy is configured with --reverse-proxy and at least one rule is defined with --skipauthroutes or the legacy --skip-auth-regex OAuth2 Proxy may trust...

OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing

Impact A configuration-dependent authentication bypass exists in OAuth2 Proxy. Deployments are affected when all of the following are true: OAuth2 Proxy is configured with --reverse-proxy and at least one rule is defined with --skipauthroutes or the legacy --skip-auth-regex OAuth2 Proxy may trust...

PT-2026-33224

Name of the Vulnerable Software and Affected Versions OAuth2 Proxy versions prior to 7.15.2 Description A configuration-dependent authentication bypass occurs when OAuth2 Proxy is configured with --reverse-proxy and has at least one rule defined using --skip auth routes or --skip-auth-regex. In...

reverse_proxy_logger_xss

No d...

EUVD-2026-19998

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows an attacker to contact internal authentication endpoints which are...

CVE-2026-1343

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows an attacker to contact internal authentication endpoints which are...

CVE-2026-1343 Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows an attacker to contact internal authentication endpoints which are...

CVE-2026-1343

CVE-2026-1343 affects IBM Verify Identity Access Container (11.0–11.0.2), IBM Security Verify Access Container (10.0–10.0.9.1), IBM Verify Identity Access (11.0–11.0.2), and IBM Security Verify Access (10.0–10.0.9.1). The issue allows an attacker to contact internal authentication endpoints prote...

CVE-2026-1343 Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows an attacker to contact internal authentication endpoints which are...

PT-2026-31053

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows an attacker to contact internal authentication endpoints which are...

IBM多款产品 代码问题漏洞

IBM Security Verify Access ISAM is a product of the American multinational company International Business Machines IBM. IBM Security Verify Access is a service that enhances user access security. IBM Verify Identity Access Container is a containerized software that provides authentication and...

Java-SDK has a DNS Rebinding Vulnerability

Summary The java-sdk contains a DNS rebinding vulnerability. This vulnerability allows an attacker to access a locally or network-private java-sdk MCP server via a victims browser that is either local, or network adjacent. This allows an attacker to make any tool call to the server as if they wer...

CLEANSTART-2026-AJ47488 When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11

Multiple security vulnerabilities affect the tomcat10 package. When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11. See references for individual vulnerability detail...

CVE-2026-35390 Content-Security-Policy was set to Report-Only mode, failing to block XSS attacks

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, the reverse proxy proxy.ts set the Content-Security-Policy-Report-Only header instead of the enforcing Content-Security-Policy header. This means cross-site scripting XSS attacks were logged but not blocked...

JupyterHub Has An Open Redirect Vulnerability

Affected Version JupyterHub = 5.4.3 Impact An open redirect vulnerability in JupyterHub =5.4.3 allows attackers to construct links which, when clicked, take users to the JupyterHub login page, after which they are sent to an arbitrary attacker-controlled site outside JupyterHub instead of a...

Open Redirect

Overview jupyterhub is a JupyterHub: A multi-user server for Jupyter notebooks Affected versions of this package are vulnerable to Open Redirect via the login page. An attacker can redirect users to an external site by crafting a malicious link that, when followed, causes the user to be sent to a...