Lucene search
K

149 matches found

OSV
OSV
added 4 days ago1 views

CVE-2026-57216 RabbitMQ: AMQP 1.0, AMQP 0-9-1, Stream Protocol loopback enforcement can lead to remote guest sessions due to listener-address loopback checks

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, AMQP 0-9-1, AMQP 1.0, and Stream Protocol authentication can allow a loopback-restricted user such as guest to connect remotely when traffic is accepted through a trusted PROXY-protocol path and the backend...

6.8CVSS6.1AI score0.00341EPSS
Exploits1References8
CVE
CVE
added 4 days ago11 views

CVE-2026-57216

CVE-2026-57216 affects RabbitMQ server prior to versions 3.13.15, 4.0.20, 4.1.11, and 4.2.6. The issue occurs when authentication via AMQP 0-9-1, AMQP 1.0, or Stream Protocol allows a loopback-restricted user (e.g., guest) to connect remotely if traffic is accepted through a trusted PROXY-protoco...

10CVSS6.1AI score0.00341EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-57301

Name of the Vulnerable Software and Affected Versions RabbitMQ versions prior to 3.13.15 RabbitMQ versions prior to 4.0.20 RabbitMQ versions prior to 4.1.11 RabbitMQ versions prior to 4.2.6 Description Authentication for AMQP 0-9-1, AMQP 1.0, and Stream Protocol allows a loopback-restricted user,...

10CVSS6.1AI score0.00341EPSS
Exploits1References11
OSV
OSV
added 2026/07/02 4:43 p.m.11 views

GHSA-QJPC-QF9M-XWMR OpenClaw: Trusted-proxy Control UI WebSocket accepted client-declared scopes before pairing

Summary In trusted-proxy Control UI mode, OpenClaw accepted a WebSocket client's declared operator scopes before those scopes were bound to a server-approved pairing or trusted-proxy authorization baseline. This issue affects trusted-proxy Control UI deployments. It does not apply to shared-secre...

8.8CVSS5.8AI score0.00289EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 4:3 p.m.8 views

GHSA-RGGC-M335-3WVJ OpenClaw: Same-host trusted-proxy deployments could accept local forged identity headers

Summary Same-host trusted-proxy deployments could accept local forged identity headers. In affected versions, a local same-host caller that can reach the proxy-facing Gateway port could supply identity headers normally reserved for the trusted proxy. This advisory is scoped to the named feature a...

7.7CVSS6AI score0.00102EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 8:7 p.m.23 views

CVE-2026-25119 Gogs: Authentication Bypass via Unvalidated Reverse Proxy Headers

Gogs is an open source self-hosted Git service. Prior to 0.14.3, when ENABLEREVERSEPROXYAUTHENTICATION is enabled, Gogs accepts the configured authentication header default: X-WEBAUTH-USER directly from client requests without validating that the request originated from a trusted reverse proxy. A...

8.7CVSS0.00864EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2026/06/22 4:29 p.m.20 views

29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests

A heap over-read in the Squid web proxy can leak another user's cleartext HTTP request, including any credentials or session tokens it carries, to anyone already allowed to send traffic through the same proxy. The bug traces to a 1997 FTP-parsing change and is still live in Squid's default...

6.2AI score
Exploits0
Snyk
Snyk
added 2026/06/12 11:9 p.m.6 views

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization via the trusted-proxy Control UI WebSocket process. An attacker can gain unauthorized administrative privileges by connecting as an unpaired or restricted client and...

8.8CVSS5.9AI score0.00289EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 10:16 p.m.18 views

CVE-2026-53832

OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local same-host callers to forge trusted-proxy identity headers. Attackers with access to the proxy-facing Gateway port can supply forged identity headers to assume operator identity and potentially escalate...

7.7CVSS0.00102EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 9:56 p.m.34 views

CVE-2026-53832 OpenClaw < 2026.5.18 - Identity Header Forgery via Trusted-Proxy Configuration

OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local same-host callers to forge trusted-proxy identity headers. Attackers with access to the proxy-facing Gateway port can supply forged identity headers to assume operator identity and potentially escalate...

7.7CVSS0.00102EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 9:56 p.m.8 views

CVE-2026-53832 OpenClaw < 2026.5.18 - Identity Header Forgery via Trusted-Proxy Configuration

OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local same-host callers to forge trusted-proxy identity headers. Attackers with access to the proxy-facing Gateway port can supply forged identity headers to assume operator identity and potentially escalate...

7.7CVSS5.2AI score0.00102EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 9:56 p.m.21 views

CVE-2026-53832

CVE-2026-53832 affects OpenClaw prior to 2026.5.18. The issue is an identity header validation flaw that lets local, same-host callers forge trusted-proxy identity headers, enabling them to assume operator identity and potentially escalate privileges when they have access to the proxy-facing Gate...

7.7CVSS5.3AI score0.00102EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/12 9:56 p.m.32 views

CVE-2026-53821

OpenClaw is affected: prior to 2026.5.18, WebSocket control UI accepts client-declared operator scopes before server-approved pairing/trusted-proxy binding. This enables unpaired/restricted trusted-proxy Control UI clients to obtain cached operator.admin authority on live WebSocket connections an...

8.8CVSS5.5AI score0.00289EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/12 9:56 p.m.33 views

CVE-2026-53821 OpenClaw < 2026.5.18 - Scope Elevation in trusted-proxy Control UI WebSocket

OpenClaw before 2026.5.18 accepts WebSocket client-declared operator scopes before binding to server-approved pairing or trusted-proxy authorization baseline. Unpaired or restricted trusted-proxy Control UI clients can obtain cached operator.admin authority on live WebSocket connections to execut...

8.8CVSS0.00289EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 9:56 p.m.9 views

CVE-2026-53821 OpenClaw < 2026.5.18 - Scope Elevation in trusted-proxy Control UI WebSocket

OpenClaw before 2026.5.18 accepts WebSocket client-declared operator scopes before binding to server-approved pairing or trusted-proxy authorization baseline. Unpaired or restricted trusted-proxy Control UI clients can obtain cached operator.admin authority on live WebSocket connections to execut...

8.8CVSS5.4AI score0.00289EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-49025

OpenClaw before 2026.5.18 accepts WebSocket client-declared operator scopes before binding to server-approved pairing or trusted-proxy authorization baseline. Unpaired or restricted trusted-proxy Control UI clients can obtain cached operator.admin authority on live WebSocket connections to execut...

8.8CVSS5.5AI score0.00289EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/11 12:0 a.m.7 views

Use of Less Trusted Source

Overview Affected versions of this package are vulnerable to Use of Less Trusted Source. Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded request headers it receives from untrusted proxies to downstream services. Both the WebFlux and WebMVC Gateway Servers process these...

8.6CVSS5.4AI score0.00139EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/11 12:0 a.m.8 views

Use of Less Trusted Source

Overview Affected versions of this package are vulnerable to Use of Less Trusted Source. Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded request headers it receives from untrusted proxies to downstream services. Both the WebFlux and WebMVC Gateway Servers process these...

8.6CVSS5.4AI score0.00139EPSS
Exploits0References2
CVE
CVE
added 2026/05/29 5:45 p.m.25 views

CVE-2026-44649

SillyTavern) vulnerability (CVE-2026-44649) affects SillyTavern before version 1.18.0 where header-based SSO authentication can be bypassed. The root cause is lack of validation that Remote-User (Authelia) and X-Authentik-Username (Authentik) headers originate from a trusted reverse proxy. The lo...

9.8CVSS5.8AI score0.00218EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

cpp-httplib 代码问题漏洞

cpp-httplib is a C++ library developed by Yhirose, designed for HTTP/HTTPS servers and clients. Versions of cpp-httplib prior to 0.44.0 contained code vulnerabilities. These vulnerabilities occurred when the server had a non-empty trusted proxy list; attackers could send HTTP requests with the...

8.7CVSS5.9AI score0.00327EPSS
Exploits1References1
Rows per page
Query Builder