Lucene search
K

58 matches found

CVE
CVE
added yesterday15 views

CVE-2026-20896

CVE-2026-20896 affects Gitea Docker images up to and including 1.26.2. The root cause is the default setting REVERSE_PROXY_TRUSTED_PROXIES=*, which can let an attacker impersonate a user when reverse-proxy authentication headers (e.g., X-WEBAUTH-USER) are enabled. Several sources document this, i...

9.8CVSS7.1AI score
Exploits2References4
SUSE CVE
SUSE CVE
added 2026/06/02 1:37 a.m.18 views

SUSE CVE-2026-46527

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::settrustedproxies with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose value parses to no valid ...

8.7CVSS5.7AI score0.00327EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/06/01 1:19 p.m.9 views

CVE-2026-46527

A flaw was found in cpp-httplib, a C++ HTTP/HTTPS library. When a server using cpp-httplib has configured trusted proxies, a remote attacker can send a specially crafted HTTP request with a malformed X-Forwarded-For header. This can lead to undefined behavior, resulting in abnormal process...

8.7CVSS5.8AI score0.00327EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/05/30 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-46527

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::settrustedproxies with a...

8.7CVSS5.4AI score0.00327EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/05/29 9:32 p.m.26 views

Symfony: Twilio SMS Notifier allows unauthenticated webhook injection due to missing X-Twilio-Signature verification

Description The Twilio SMS notifier bridge ships a webhook request parser used to authenticate and decode the status callbacks Twilio POSTs to an application's webhook endpoint. Its doParseRequest $request, \SensitiveParameter string $secret method receives the configured webhook secret but never...

5.8AI score0.00026EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2026/05/29 9:32 p.m.20 views

GHSA-55RJ-X2VC-4WHQ Symfony: Twilio SMS Notifier allows unauthenticated webhook injection due to missing X-Twilio-Signature verification

Description The Twilio SMS notifier bridge ships a webhook request parser used to authenticate and decode the status callbacks Twilio POSTs to an application's webhook endpoint. Its doParseRequest $request, \SensitiveParameter string $secret method receives the configured webhook secret but never...

8.2CVSS5.8AI score0.00026EPSS
Exploits0References6
Snyk
Snyk
added 2026/05/29 9:14 p.m.8 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the getclientip process when the server is configured with trusted proxies and receives a specially crafted X-Forwarded-For header that parses to no valid IP segments. An attacker can cause abnormal process...

8.7CVSS5.8AI score0.00327EPSS
Exploits1References2
NVD
NVD
added 2026/05/29 8:16 p.m.21 views

CVE-2026-46527

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::settrustedproxies with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose value parses to no valid ...

8.7CVSS0.00327EPSS
Exploits1References1
OSV
OSV
added 2026/05/29 8:16 p.m.9 views

DEBIAN-CVE-2026-46527

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::settrustedproxies with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose value parses to no valid ...

7.5CVSS5.7AI score0.00327EPSS
Exploits1References1
OSV
OSV
added 2026/05/29 8:16 p.m.9 views

UBUNTU-CVE-2026-46527

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::settrustedproxies with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose value parses to no valid ...

8.7CVSS5.7AI score0.00327EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/29 7:18 p.m.11 views

EUVD-2026-33426

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::settrustedproxies with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose value parses to no valid ...

8.7CVSS5.7AI score0.00327EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/29 7:18 p.m.11 views

CVE-2026-46527 cpp-httplib: Malicious `X-Forwarded-For` Under Trusted-Proxy Configuration Triggers Empty `vector::front()`, Leading to Undefined Behavior and Server Crash

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::settrustedproxies with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose value parses to no valid ...

8.7CVSS5.7AI score0.00327EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/29 7:18 p.m.39 views

CVE-2026-46527 cpp-httplib: Malicious `X-Forwarded-For` Under Trusted-Proxy Configuration Triggers Empty `vector::front()`, Leading to Undefined Behavior and Server Crash

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::settrustedproxies with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose value parses to no valid ...

8.7CVSS0.00327EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/05/29 7:18 p.m.15 views

CVE-2026-46527

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::settrustedproxies with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose value parses to no valid ...

8.7CVSS5.7AI score0.00327EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/05/29 7:18 p.m.10 views

CVE-2026-46527

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::settrustedproxies with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose value parses to no valid ...

8.7CVSS5.7AI score0.00327EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/05/29 7:18 p.m.28 views

CVE-2026-46527

cpp-httplib (C++11 header-only library) before 0.44.0 is vulnerable when Server::set_trusted_proxies() is used with a non-empty trusted-proxy list. An attacker can send an HTTP request with an X-Forwarded-For header that parses to no valid IP segments. The code path then calls get_client_ip(), wh...

8.7CVSS5.7AI score0.00327EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.11 views

PT-2026-44991

Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.44.0 Description A denial of service occurs when the server uses the set trusted proxies function with a non-empty trusted-proxy list. An attacker can send an HTTP request containing an X-Forwarded-For header wi...

8.7CVSS5.2AI score0.00327EPSS
Exploits1References13
Github Security Blog
Github Security Blog
added 2026/05/19 8:29 p.m.14 views

Caddy Defender trusted proxy client IP bypass

Impact Caddy Defender used r.RemoteAddr when evaluating whether a request should be blocked. RemoteAddr is the address of the immediate peer connected to Caddy. In deployments where Caddy is behind a trusted proxy, CDN, or load balancer, the immediate peer is usually the proxy, not the original...

5.8AI score0.00019EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/19 8:29 p.m.4 views

GHSA-3H23-RRPC-3P87 Caddy Defender trusted proxy client IP bypass

Impact Caddy Defender used r.RemoteAddr when evaluating whether a request should be blocked. RemoteAddr is the address of the immediate peer connected to Caddy. In deployments where Caddy is behind a trusted proxy, CDN, or load balancer, the immediate peer is usually the proxy, not the original...

8.2CVSS5.8AI score0.00019EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.10 views

PT-2026-42048

Name of the Vulnerable Software and Affected Versions Caddy Defender versions prior to 0.10.1 Description The software incorrectly used r.RemoteAddr to evaluate whether a request should be blocked. In environments where Caddy is positioned behind a trusted proxy, CDN, or load balancer, RemoteAddr...

8.2CVSS5.9AI score0.00019EPSS
Exploits0References5
Rows per page
Query Builder