Lucene search
K

422 matches found

AlpineLinux
AlpineLinux
added 2026/04/30 8:38 p.m.9 views

CVE-2026-40912

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches...

8.2CVSS5.7AI score0.00767EPSS
Exploits1References4
OSV
OSV
added 2026/04/25 11:30 p.m.5 views

GHSA-3Q34-RX83-R6MQ Heimdall has an authorization bypass via path normalization mismatch

Summary Heimdall performs rule matching on the raw non-normalized request path, while downstream components may normalize dot-segments according to RFC 3986, Section 6.2.2.3. This discrepancy can result in heimdall authorizing a request for one path e.g., /user/../admin, or URL-encoded variants...

7.8CVSS5.8AI score0.00368EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/04/25 11:30 p.m.77 views

Heimdall has an authorization bypass via path normalization mismatch

Summary Heimdall performs rule matching on the raw non-normalized request path, while downstream components may normalize dot-segments according to RFC 3986, Section 6.2.2.3. This discrepancy can result in heimdall authorizing a request for one path e.g., /user/../admin, or URL-encoded variants...

7.8CVSS5.4AI score0.00368EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/04/25 5:48 a.m.8 views

OESA-2026-2013 firebird security update

Firebird is a relational database offering many ANSI SQL standard features that runs on Linux, Windows, MacOS and a variety of Unix platforms. Firebird offers excellent concurrency, high performance, and powerful language support for stored procedures and triggers. It has been used in production...

9.9CVSS6.8AI score0.01133EPSS
Exploits8References10
Snyk
Snyk
added 2026/04/24 4:37 p.m.7 views

Use of Incorrectly-Resolved Name or Reference

Overview Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference in StripPrefixRegex, when used together with ForwardAuth, BasicAuth, or DigestAuth. An attacker can gain unauthorized access to protected backend resources by sending requests with...

9.1CVSS5.5AI score0.00767EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 4:37 p.m.4 views

Use of Incorrectly-Resolved Name or Reference

Overview Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference in StripPrefixRegex, when used together with ForwardAuth, BasicAuth, or DigestAuth. An attacker can gain unauthorized access to protected backend resources by sending requests with...

9.1CVSS5.5AI score0.00767EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/24 4:37 p.m.11 views

Traefik has an StripPrefixRegex Middleware Authorization Bypass via Path/RawPath Desync

Summary There is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches the regex against the decoded URL path but uses the resulting byte length to slice the...

8.6CVSS5.6AI score0.00767EPSS
Exploits1References6Affected Software3
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.6 views

PT-2026-36179

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.43 Traefik versions prior to 3.6.14 Traefik versions prior to 3.7.0-rc.2 Description An authentication bypass exists in the StripPrefixRegex middleware when used with ForwardAuth, BasicAuth, or DigestAuth. The...

8.5CVSS5.8AI score0.00767EPSS
Exploits1References20
Tenable Nessus
Tenable Nessus
added 2026/04/18 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-27890

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCTspecificdata segments during...

8.2CVSS5.8AI score0.00465EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/04/17 7:35 p.m.5 views

CVE-2026-27890

A flaw was found in Firebird, an open-source relational database management system. An unauthenticated attacker can exploit this by sending specially crafted authentication segments that arrive out of order. This can cause the server to crash, leading to a Denial of Service DoS...

8.2CVSS5.7AI score0.00465EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/17 6:14 p.m.4 views

CVE-2026-27890 Firebird has Pre-Auth DOS when Processing Out of Order CNCT_specific_data Segments

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCTspecificdata segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow...

8.2CVSS5.7AI score0.00465EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/17 6:14 p.m.36 views

CVE-2026-27890 Firebird has Pre-Auth DOS when Processing Out of Order CNCT_specific_data Segments

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCTspecificdata segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow...

8.2CVSS0.00465EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.6 views

PT-2026-33476

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT specific data segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's gro...

8.2CVSS5.7AI score0.00465EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/04/08 9:50 p.m.10 views

Pretext: Algorithmic Complexity (DoS) in the text analysis phase

isRepeatedSingleCharRun in src/analysis.ts line 285 re-scans the entire accumulated segment on every merge iteration during text analysis, producing On² total work for input consisting of repeated identical punctuation characters. An attacker who controls text passed to prepare can block the main...

5.9AI score
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/03/31 11:2 p.m.2 views

Prototype Pollution

Overview org.webjars.npm:lodash is a modern JavaScript utility library delivering modularity, performance, & extras. Affected versions of this package are vulnerable to Prototype Pollution via the .unset and .omit functions. An attacker can delete properties from built-in prototypes by supplying...

8.2CVSS7AI score0.01535EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/29 3:30 p.m.3 views

EUVD-2026-17011

OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard matching across path segments to execute commands or...

9.8CVSS6AI score0.00406EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/29 12:44 p.m.22 views

CVE-2026-32973 OpenClaw < 2026.3.11 - Exec Allowlist Pattern Overmatch via POSIX Path Normalization

OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard matching across path segments to execute commands or...

9.8CVSS0.00406EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/28 11:9 p.m.6 views

CVE-2026-33868

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.8, 4.4.15, and 4.3.21, an unauthenticated Open Redirect vulnerability CWE-601 exists in the /web/ route due to improper handling of URL-encoded path segments. An attacker can craft a specially encode...

6.1CVSS6AI score0.00515EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/27 7:50 p.m.9 views

EUVD-2026-16783

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.8, 4.4.15, and 4.3.21, an unauthenticated Open Redirect vulnerability CWE-601 exists in the /web/ route due to improper handling of URL-encoded path segments. An attacker can craft a specially encode...

4.3CVSS6AI score0.00515EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.7 views

FileRise 安全漏洞

FileRise is a lightweight, self-hosted web-based file manager developed by Ryan. Versions of FileRise 3.10.0 and earlier have security vulnerabilities, which stem from server-side authorization flaws. These vulnerabilities could allow users to read file segments from other users within the same...

4.3CVSS5.8AI score0.00225EPSS
Exploits1References2
Rows per page
Query Builder