CVE-2026-39858

A flaw was found in Traefik. A remote attacker can exploit an authentication bypass vulnerability by injecting spoofed trust context through unsanitized alias headers. This is due to Traefik's forwarded-header sanitization logic not properly handling alias header names that use underscores instea...

CVE-2026-39858

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's ForwardAuth and snippet-based authentication middleware. Traefik's forwarded-header sanitization logic targets only...

CVE-2026-39858

Traefik vulnerable to a high-severity authentication bypass via forwarded alias headers. The sanitization logic targets only canonical headers (e.g., X-Forwarded-Proto) and does not strip or normalize alias forms using underscores (e.g., X_Forwarded_Proto). When an auth backend normalizes undersc...

Traefik: Pre-authentication decision bypass due to forwarded alias spoofing

Summary There is a high severity authentication bypass vulnerability in Traefik's ForwardAuth and snippet-based authentication middleware. Traefik's forwarded-header sanitization logic targets only canonical header names e.g., X-Forwarded-Proto and does not strip or normalize alias variants that...

CVE-2025-14023

LINE client for iOS prior to 15.19 allows UI spoofing due to inconsistencies between the navigation state and the in-app browser's user interface, which could create confusion about the trust context of displayed pages or interactive elements under specific conditions...

EUVD-2025-203346

LINE client for iOS prior to 15.19 allows UI spoofing due to inconsistencies between the navigation state and the in-app browser's user interface, which could create confusion about the trust context of displayed pages or interactive elements under specific conditions...

CVE-2025-14023

LINE client for iOS prior to 15.19 allows UI spoofing due to inconsistencies between the navigation state and the in-app browser's user interface, which could create confusion about the trust context of displayed pages or interactive elements under specific conditions...

CVE-2025-14023

The CVE-2025-14023 entry maps to a UI spoofing issue in LINE client for iOS versions prior to 15.19. Root cause: inconsistencies between the app’s navigation state and the in-app browser UI, which could confuse users about the trust context of displayed pages or interactive elements. Impact: pote...

PT-2025-51207

Name of the Vulnerable Software and Affected Versions LINE client for iOS versions prior to 15.19 Description The LINE client for iOS is susceptible to a UI spoofing issue stemming from inconsistencies between the application's navigation state and the user interface of the in-app browser. This...

Arbitrary Code Execution

de.tum.in.ase: artemis-java-test-sandbox is vulnerable to Arbitrary Code Execution. The vulnerability is due to missing class sanitization during the creation of special subclasses of type InvocationTargetException. An attacker can execute arbitrary student code in the trusted context...