Lucene search
K

33 matches found

Cvelist
Cvelist
added 6 days ago29 views

CVE-2026-55501 9router: Login brute-force protection bypass via spoofed X-Forwarded-For header

9Router is an AI router & token saver. Prior to 0.4.80, the dashboard login rate limiter in src/lib/auth/loginLimiter.js derives the client identity from the attacker-controlled X-Forwarded-For HTTP header, and src/app/api/auth/login/route.js uses that spoofable value for checkLock and recordFail...

7.3CVSS0.00515EPSS
Exploits0References3
CVE
CVE
added 6 days ago21 views

CVE-2026-55501

The CVE concerns 9router prior to version 0.4.80, where the login rate limiter uses client identity from the attacker-controlled X-Forwarded-For header in src/lib/auth/loginLimiter.js. This allows remote attackers to rotate X-Forwarded-For per attempt, creating a fresh rate-limit bucket each time...

7.3CVSS6.2AI score0.00515EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-42726

Hermes WebUI before 0.51.307 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to circumvent local-origin IP restrictions on onboarding endpoints by supplying a spoofed X-Forwarded-For header with a loopback address. Attackers can exploit this bypass to...

9.3CVSS6AI score0.00293EPSS
Exploits0References5
NVD
NVD
added last week8 views

CVE-2026-58122

Hermes WebUI before 0.51.307 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to circumvent local-origin IP restrictions on onboarding endpoints by supplying a spoofed X-Forwarded-For header with a loopback address. Attackers can exploit this bypass to...

9.3CVSS0.00293EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/07/06 9:46 p.m.6 views

9router: Login brute-force protection bypass via spoofed X-Forwarded-For header

Summary The 9router dashboard login rate limiter derives the client identity from the attacker-controlled X-Forwarded-For HTTP header. When 9router is directly exposed, or deployed behind a reverse proxy that does not overwrite untrusted forwarding headers, a remote attacker can rotate the...

7.3CVSS6AI score0.00515EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/07/06 9:46 p.m.11 views

NPM: 9router: Login brute-force protection bypass via spoofed X-Forwarded-For header

NPM: 9router: Login brute-force protection bypass via spoofed X-Forwarded-For header vulnerability discovered by ? in WordPress Npm 9router versions = 0.4.71...

7.3CVSS5.9AI score0.00515EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/07/06 12:0 a.m.6 views

9router: Login brute-force protection bypass via spoofed X-Forwarded-For header

The 9router dashboard login rate limiter derives the client identity from the attacker-controlled X-Forwarded-For HTTP header. When 9router is directly exposed, or deployed behind a reverse proxy that does not overwrite untrusted forwarding headers, a remote attacker can rotate the X-Forwarded-Fo...

7.3CVSS6AI score0.00515EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/07/02 1:50 p.m.4 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the BalancerForward process. An attacker can manipulate upstream IP-based logic, such as rate limiting, access control, and audit logging, by injecting a spoofed X-Real-IP header value in requests. Remediation The...

6.9CVSS6AI score0.00455EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/18 8:41 a.m.9 views

CVE-2026-6333

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to validate the Host header when constructing response URLs for custom slash commands which allows an authenticated attacker to redirect slash command responses to an attacker-controlled server via a spoofed Host header.. Mattermost...

3.5CVSS5.8AI score0.00137EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/30 8:26 p.m.2 views

CVE-2026-35051 Traefik: ForwardAuth trustForwardHeader=false allows spoofed X-Forwarded-Prefix to bypass auth

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is an authentication bypass vulnerability in Traefik's ForwardAuth middleware when trustForwardHeader=false is configured and Traefik is deployed behind a trusted upstream proxy. This issu...

7.8CVSS7.1AI score0.00267EPSS
Exploits1References10
Snyk
Snyk
added 2026/04/24 4:31 p.m.5 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the ForwardAuth middleware when trustForwardHeader is set to false and the deployment is behind a trusted upstream proxy. An attacker can gain unauthorized access to protected backend...

10CVSS5.5AI score0.00267EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 4:31 p.m.4 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the ForwardAuth middleware when trustForwardHeader is set to false and the deployment is behind a trusted upstream proxy. An attacker can gain unauthorized access to protected backend...

10CVSS5.5AI score0.00267EPSS
Exploits1References2
OSV
OSV
added 2026/04/23 8:47 a.m.7 views

BIT-OAUTH2-PROXY-2026-40575 OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a client-supplied X-Forwarded-Uri header when --reverse-proxy is enabled and --skip-auth-regex or --skip-auth-route is configured. An attacker can spoof this header so OAut...

9.1CVSS5.8AI score0.00477EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/21 11:20 p.m.5 views

CVE-2026-40575

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a client-supplied X-Forwarded-Uri header when --reverse-proxy is enabled and --skip-auth-regex or --skip-auth-route is configured. An attacker can spoof this header so OAut...

9.1CVSS5.8AI score0.00477EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/12 4:38 p.m.4 views

GHSA-4CM8-XPFV-JV6F ZeptoClaw: Email Sender Spoofing to bypass Header-Only From Allowlist Validation

Summary The email channel authorizes senders based on the parsed From header identity only. If upstream email authentication/enforcement is weak for example, relaxed SPF/DKIM/DMARC handling, an attacker can spoof an allowlisted sender address and have the message treated as trusted input. Details...

6.5CVSS5.9AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/07 5:7 a.m.4 views

CVE-2026-30820 Flowise Authorization Bypass via Spoofed x-request-from Header

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, Flowise trusts any HTTP client that sets the header x-request-from: internal, allowing an authenticated tenant session to bypass all /api/v1/ authorization checks. With only a browser...

8.7CVSS5.7AI score0.00477EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/06 6:48 p.m.14 views

Flowise has Authorization Bypass via Spoofed x-request-from Header

Summary Flowise trusts any HTTP client that sets the header x-request-from: internal, allowing an authenticated tenant session to bypass all /api/v1/ authorization checks. With only a browser cookie, a low-privilege tenant can invoke internal administration endpoints API key management, credentia...

8.8CVSS5.9AI score0.00477EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/06 6:48 p.m.3 views

GHSA-WVHQ-WP8G-C7VQ Flowise has Authorization Bypass via Spoofed x-request-from Header

Summary Flowise trusts any HTTP client that sets the header x-request-from: internal, allowing an authenticated tenant session to bypass all /api/v1/ authorization checks. With only a browser cookie, a low-privilege tenant can invoke internal administration endpoints API key management, credentia...

8.7CVSS5.9AI score0.00477EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.7 views

PT-2026-23511

Name of the Vulnerable Software and Affected Versions @perfood/couch-auth version 0.26.0 Description A host header injection flaw exists in the mailer component. This allows attackers to obtain reset tokens and potentially take over accounts by manipulating the HTTP Host header. The affected...

9.3CVSS5.8AI score0.00352EPSS
Exploits0References12
Veracode
Veracode
added 2026/01/07 7:35 a.m.8 views

Authorization Bypass

Signal K Server is vulnerable to Authorization Bypass. The vulnerability is due to misleading access request UI and trust of spoofable X-Forwarded-For headers, allowing attackers to impersonate trusted devices and request elevated permissions that administrators may unknowingly approve...

8.8CVSS6.6AI score0.00272EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder