Lucene search
K

57 matches found

OSV
OSV
added 6 days ago8 views

CVE-2026-55430 Coder's subdomain workspace app routing trusts unauthenticated X-Forwarded-Host header, enabling cross-app data access

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the workspace app proxy resolves the target app from httpapi.RequestHost which prefers the X-Forwarded-Host header over the real Host header. No middleware...

5.8CVSS6AI score0.00208EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.12 views

PT-2026-56084

Name of the Vulnerable Software and Affected Versions 9Router versions prior to 0.4.80 Description The dashboard login rate limiter derives client identity from the X-Forwarded-For HTTP header, which is controlled by the user. When the application is directly exposed or deployed behind a reverse...

7.3CVSS6.2AI score0.00515EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:7 p.m.7 views

CVE-2026-25119

Gogs is an open source self-hosted Git service. Prior to 0.14.3, when ENABLEREVERSEPROXYAUTHENTICATION is enabled, Gogs accepts the configured authentication header default: X-WEBAUTH-USER directly from client requests without validating that the request originated from a trusted reverse proxy. A...

8.7CVSS6AI score0.00864EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.15 views

PT-2026-45799

Name of the Vulnerable Software and Affected Versions React Router versions 7.5.1 through 7.13.1 Description When using Framework Mode with pre-rendering enabled, improper neutralization of the HTTP Location header value can permit Cross-Site Scripting XSS—a vulnerability where malicious scripts...

5.4CVSS5.8AI score0.00144EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.7 views

Unity Linux 20.1060e / 20.1070e Security Update: cryptacular (UTSA-2026-016656)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016656 advisory. CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode...

7.5CVSS6.9AI score0.03334EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/09 7:43 p.m.42 views

CVE-2026-42606 AzuraCast: Password Reset Poisoning via Untrusted X-Forwarded-Host Header Leads to Account Takeover and 2FA Bypass

AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header with no trusted proxy allowlist. An unauthenticated attacker can poison the password reset URL sent to...

8.1CVSS0.00476EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/05/09 7:43 p.m.7 views

CVE-2026-42606 AzuraCast: Password Reset Poisoning via Untrusted X-Forwarded-Host Header Leads to Account Takeover and 2FA Bypass

AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header with no trusted proxy allowlist. An unauthenticated attacker can poison the password reset URL sent to...

8.1CVSS5.8AI score0.00476EPSS
Exploits1References3
CVE
CVE
added 2026/05/09 7:43 p.m.28 views

CVE-2026-42606

CVE-2026-42606 (AzuraCast) : The vulnerability arises from the ApplyXForwarded middleware unconditionally trusting the client-supplied X-Forwarded-Host header with no trusted-proxy allowlist, allowing an unauthenticated attacker to poison the password-reset URL during forgot-password flow. The at...

8.8CVSS5.8AI score0.00476EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/05 3:9 p.m.9 views

CVE-2026-40685

A flaw was found in Exim. When JSON lookup is enabled, a remote attacker can send specially crafted malformed JSON in an untrusted header, leading to an out-of-bounds heap write. This issue, caused by an incorrect implementation of backslash skipping, can result in a denial of service...

9.8CVSS6AI score0.00321EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/04 9:17 p.m.16 views

AzuraCast has Password Reset Poisoning via Untrusted X-Forwarded-Host Header that Leads to Account Takeover and 2FA Bypass

Summary The ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header with no trusted proxy allowlist. An unauthenticated attacker can poison the password reset URL sent to any user by injecting this header when triggering the forgot-password flow. When th...

8.8CVSS5.9AI score0.00476EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/05/04 9:17 p.m.7 views

GHSA-GV7R-3MR9-H5X8 AzuraCast has Password Reset Poisoning via Untrusted X-Forwarded-Host Header that Leads to Account Takeover and 2FA Bypass

Summary The ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header with no trusted proxy allowlist. An unauthenticated attacker can poison the password reset URL sent to any user by injecting this header when triggering the forgot-password flow. When th...

8.1CVSS5.9AI score0.00476EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/04/30 12:0 a.m.4 views

CVE-2026-40685

In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation of \ skipping...

6.5CVSS5.8AI score0.00321EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/30 12:0 a.m.5 views

EUVD-2026-26443

In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation of \ skipping...

6.5CVSS5.1AI score0.00321EPSS
Exploits0References4
CVE
CVE
added 2026/04/30 12:0 a.m.63 views

CVE-2026-40685

Exim before 4.99.2 is affected when JSON lookup is enabled. An out-of-bounds heap write can occur if a JSON operator encounters malformed JSON in an untrusted header, caused by an incorrect implementation of the JSON skipping logic. CVSS v3.1 metrics indicate a high-severity, remote-execution-lik...

9.8CVSS5.1AI score0.00321EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.11 views

PT-2026-36196

Name of the Vulnerable Software and Affected Versions Exim versions prior to 4.99.2 Description An out-of-bounds heap write can occur when JSON lookup is enabled. This happens when a JSON operator encounters malformed JSON in an untrusted header due to an incorrect implementation of backslash...

9.8CVSS5.8AI score0.00321EPSS
Exploits0References28
Github Security Blog
Github Security Blog
added 2026/04/16 1:20 a.m.7 views

pyLoad has a Session Cookie Security Downgrade via Untrusted X-Forwarded-Proto Header Spoofing (Global State Race Condition)

Summary The setsessioncookiesecure beforerequest handler in src/pyload/webui/app/init.py reads the X-Forwarded-Proto header from any HTTP request without validating that the request originates from a trusted proxy, then mutates the global Flask configuration SESSIONCOOKIESECURE on every request...

4.8CVSS5.8AI score0.00171EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/08 6:11 p.m.3 views

CVE-2026-34720 Zammad has an origin validation error in SSO mechanism

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the SSO mechanism in Zammad was not verifying the header originates from a trusted SSO proxy/gateway before applying further actions on it. This vulnerability is fixed in 7.0.1 and 6.5.4...

2.3CVSS5.9AI score0.001EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/02 8:35 p.m.10 views

Rack::Sendfile header-based X-Accel-Mapping regex injection enables unauthorized X-Accel-Redirect

Summary Rack::Sendfilemapaccelpath interpolates the value of the X-Accel-Mapping request header directly into a regular expression when rewriting file paths for X-Accel-Redirect. Because the header value is not escaped, an attacker who can supply X-Accel-Mapping to the backend can inject regex...

7.5CVSS5.8AI score0.00209EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/02 4:56 p.m.5 views

CVE-2026-34240

JOSE is a Javascript Object Signing and Encryption JOSE library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header jwk. The vulnerability exists because key selection could tre...

7.5CVSS5.8AI score0.0013EPSS
Exploits0References1
CVE
CVE
added 2026/03/31 3:44 p.m.30 views

CVE-2026-34240

Summary : CVE-2026-34240 affects the JOSE JavaScript library. Prior to 0.3.5+1, an unauthenticated, remote attacker could forge valid JWS/JWT tokens by embedding an attacker-controlled public key in the JOSE header (jwk) and exploiting header-provided keys as verification candidates even if not p...

7.5CVSS5.8AI score0.0013EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder