Lucene search
+L

652 matches found

CVE
CVE
added 2026/04/21 11:54 p.m.14 views

CVE-2026-41136

The CVE-2026-41136 issue affects free5GC AMF prior to 1.4.3: the HTTPUEContextTransfer handler in internal/sbi/api_communication.go does not handle an unsupported Content-Type with a default case, causing deserialization to be skipped and an uninitialized UeContextTransferRequest to be processed....

6.9CVSS5.8AI score0.00282EPSS
Exploits1References2Affected Software2
Cvelist
Cvelist
added 2026/04/21 11:20 p.m.33 views

CVE-2026-40575 OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a client-supplied X-Forwarded-Uri header when --reverse-proxy is enabled and --skip-auth-regex or --skip-auth-route is configured. An attacker can spoof this header so OAut...

9.1CVSS0.00477EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/21 11:20 p.m.5 views

CVE-2026-40575

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a client-supplied X-Forwarded-Uri header when --reverse-proxy is enabled and --skip-auth-regex or --skip-auth-route is configured. An attacker can spoof this header so OAut...

9.1CVSS5.8AI score0.00477EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/21 11:20 p.m.4 views

CVE-2026-40575 OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a client-supplied X-Forwarded-Uri header when --reverse-proxy is enabled and --skip-auth-regex or --skip-auth-route is configured. An attacker can spoof this header so OAut...

9.1CVSS5.8AI score0.00477EPSS
Exploits0References1
CVE
CVE
added 2026/04/21 11:20 p.m.21 views

CVE-2026-40575

OAuth2 Proxy versions 7.5.0–7.15.1 can trust a client-supplied X-Forwarded-Uri when --reverse-proxy and at least one --skip-auth-regex/--skip-auth-route are configured, enabling header spoofing that makes authentication rules run against a different path. This can let an unauthenticated attacker ...

9.1CVSS5.8AI score0.00477EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/04/21 11:20 p.m.10 views

EUVD-2026-24557

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a client-supplied X-Forwarded-Uri header when --reverse-proxy is enabled and --skip-auth-regex or --skip-auth-route is configured. An attacker can spoof this header so OAut...

9.1CVSS5.8AI score0.00477EPSS
Exploits0References1
OSV
OSV
added 2026/04/21 11:20 p.m.6 views

CVE-2026-40575 OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a client-supplied X-Forwarded-Uri header when --reverse-proxy is enabled and --skip-auth-regex or --skip-auth-route is configured. An attacker can spoof this header so OAut...

9.1CVSS6AI score0.00477EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/21 11:17 p.m.8 views

CVE-2026-41059

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 have a configuration-dependent authentication bypass. Deployments are affected when all of the following are true: Use of skipauthroutes or the legacy skipauthregex; use of patterns...

8.2CVSS5.7AI score0.00275EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/21 11:17 p.m.30 views

CVE-2026-41059 OAuth2 Proxy has an Authentication Bypass via Fragment Confusion in skip_auth_routes and skip_auth_regex

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 have a configuration-dependent authentication bypass. Deployments are affected when all of the following are true: Use of skipauthroutes or the legacy skipauthregex; use of patterns...

8.2CVSS0.00275EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/21 11:17 p.m.6 views

EUVD-2026-24559

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 have a configuration-dependent authentication bypass. Deployments are affected when all of the following are true: Use of skipauthroutes or the legacy skipauthregex; use of patterns...

8.2CVSS5.7AI score0.00275EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/21 11:17 p.m.2 views

CVE-2026-41059 OAuth2 Proxy has an Authentication Bypass via Fragment Confusion in skip_auth_routes and skip_auth_regex

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 have a configuration-dependent authentication bypass. Deployments are affected when all of the following are true: Use of skipauthroutes or the legacy skipauthregex; use of patterns...

8.2CVSS5.7AI score0.00275EPSS
Exploits0References1
OSV
OSV
added 2026/04/21 11:17 p.m.3 views

CVE-2026-41059 OAuth2 Proxy has an Authentication Bypass via Fragment Confusion in skip_auth_routes and skip_auth_regex

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 have a configuration-dependent authentication bypass. Deployments are affected when all of the following are true: Use of skipauthroutes or the legacy skipauthregex; use of patterns...

8.2CVSS5.9AI score0.00275EPSS
Exploits0References3
CVE
CVE
added 2026/04/21 11:17 p.m.76 views

CVE-2026-41059

The CVE concerns OAuth2 Proxy (versions 7.5.0–7.15.1) where a configuration-driven authentication bypass can occur due to patterns in skip_auth_routes or legacy skip_auth_regex. Attacks are possible when attacker-controlled suffixes widen patterns (for example, ^/foo/.*/bar$) so that a # in the p...

8.2CVSS5.7AI score0.00275EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/21 9:18 p.m.3 views

CVE-2026-40946 Oxia: OIDC token audience validation bypass via SkipClientIDCheck

Oxia is a metadata store and coordination system. Prior to 0.16.2, the OIDC authentication provider unconditionally sets SkipClientIDCheck: true in the go-oidc verifier configuration, disabling the standard audience aud claim validation at the library level. This allows tokens issued for unrelate...

9.2CVSS5.7AI score0.00255EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.13 views

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007022)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007022 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: do not compare internal table flags on updates Restore skipping transaction ...

7.8CVSS6.8AI score0.00263EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.5 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013148)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013148 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: do not compare internal table flags on updates Restore skipping transaction ...

7.8CVSS6.8AI score0.00263EPSS
Exploits0References4
OSV
OSV
added 2026/04/15 7:24 p.m.7 views

GHSA-PXQ7-H93F-9JRG OAuth2 Proxy has an Authentication Bypass via Fragment Confusion in skip_auth_routes and skip_auth_regex

Impact A configuration-dependent authentication bypass exists in OAuth2 Proxy. Deployments are affected when all of the following are true: Use of skipauthroutes or the legacy skipauthregex Use of patterns that can be widened by attacker-controlled suffixes, such as ^/foo/./bar$ causing potential...

8.2CVSS5.8AI score0.00275EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/15 7:24 p.m.17 views

OAuth2 Proxy has an Authentication Bypass via Fragment Confusion in skip_auth_routes and skip_auth_regex

Impact A configuration-dependent authentication bypass exists in OAuth2 Proxy. Deployments are affected when all of the following are true: Use of skipauthroutes or the legacy skipauthregex Use of patterns that can be widened by attacker-controlled suffixes, such as ^/foo/./bar$ causing potential...

8.2CVSS5.8AI score0.00275EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/15 7:21 p.m.5 views

GHSA-7X63-XV5R-3P2X OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing

Impact A configuration-dependent authentication bypass exists in OAuth2 Proxy. Deployments are affected when all of the following are true: OAuth2 Proxy is configured with --reverse-proxy and at least one rule is defined with --skipauthroutes or the legacy --skip-auth-regex OAuth2 Proxy may trust...

9.1CVSS5.9AI score0.00477EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/15 7:21 p.m.11 views

OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing

Impact A configuration-dependent authentication bypass exists in OAuth2 Proxy. Deployments are affected when all of the following are true: OAuth2 Proxy is configured with --reverse-proxy and at least one rule is defined with --skipauthroutes or the legacy --skip-auth-regex OAuth2 Proxy may trust...

9.1CVSS5.9AI score0.00477EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder