Lucene search
+L

13 matches found

NVD
NVD
added 3 days ago11 views

CVE-2026-62314

Anubis is a Web AI Firewall Utility that challenges users' connections in order to protect upstream resources from scraper bots. From 1.22.0 until 1.26.0-pre1, lib/policy/checker.go PathChecker.Check trusted the client-controlled X-Original-URI header before matching r.URL.Path, allowing an HTTP...

5.8CVSS0.0027EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-62314 Anubis: Policy bypass via client controlled X-Original-URI header

Anubis is a Web AI Firewall Utility that challenges users' connections in order to protect upstream resources from scraper bots. From 1.22.0 until 1.26.0-pre1, lib/policy/checker.go PathChecker.Check trusted the client-controlled X-Original-URI header before matching r.URL.Path, allowing an HTTP...

5.8CVSS0.0027EPSS
Exploits0References4
OSV
OSV
added 3 days ago4 views

CVE-2026-62314 Anubis: Policy bypass via client controlled X-Original-URI header

Anubis is a Web AI Firewall Utility that challenges users' connections in order to protect upstream resources from scraper bots. From 1.22.0 until 1.26.0-pre1, lib/policy/checker.go PathChecker.Check trusted the client-controlled X-Original-URI header before matching r.URL.Path, allowing an HTTP...

5.8CVSS6.1AI score0.0027EPSS
Exploits0References6
Snyk
Snyk
added 2026/04/22 12:8 a.m.5 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the X-Forwarded-Uri header when the --reverse-proxy setting is enabled and either --skip-auth-regex or --skip-auth-route is configured. An attacker can gain unauthorized access to protected routes by spoofing the...

9.1CVSS5.4AI score0.00477EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 12:8 a.m.3 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the X-Forwarded-Uri header when the --reverse-proxy setting is enabled and either --skip-auth-regex or --skip-auth-route is configured. An attacker can gain unauthorized access to protected routes by spoofing the...

9.1CVSS5.4AI score0.00477EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 12:8 a.m.5 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the X-Forwarded-Uri header when the --reverse-proxy setting is enabled and either --skip-auth-regex or --skip-auth-route is configured. An attacker can gain unauthorized access to protected routes by spoofing the...

9.1CVSS5.4AI score0.00477EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 12:8 a.m.7 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the X-Forwarded-Uri header when the --reverse-proxy setting is enabled and either --skip-auth-regex or --skip-auth-route is configured. An attacker can gain unauthorized access to protected routes by spoofing the...

9.1CVSS5.4AI score0.00477EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/21 11:20 p.m.33 views

CVE-2026-40575 OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a client-supplied X-Forwarded-Uri header when --reverse-proxy is enabled and --skip-auth-regex or --skip-auth-route is configured. An attacker can spoof this header so OAut...

9.1CVSS0.00477EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/21 11:20 p.m.5 views

CVE-2026-40575

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a client-supplied X-Forwarded-Uri header when --reverse-proxy is enabled and --skip-auth-regex or --skip-auth-route is configured. An attacker can spoof this header so OAut...

9.1CVSS5.8AI score0.00477EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/15 7:21 p.m.4 views

GHSA-7X63-XV5R-3P2X OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing

Impact A configuration-dependent authentication bypass exists in OAuth2 Proxy. Deployments are affected when all of the following are true: OAuth2 Proxy is configured with --reverse-proxy and at least one rule is defined with --skipauthroutes or the legacy --skip-auth-regex OAuth2 Proxy may trust...

9.1CVSS5.9AI score0.00477EPSS
Exploits0References3
OSV
OSV
added 2021/11/25 3:15 p.m.3 views

DEBIAN-CVE-2021-44223

WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin...

9.8CVSS9.2AI score0.28983EPSS
Exploits1References1
OSV
OSV
added 2021/11/25 3:15 p.m.5 views

UBUNTU-CVE-2021-44223

WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin...

9.8CVSS6.2AI score0.28983EPSS
Exploits1References4
OSV
OSV
added 2019/10/06 2:15 p.m.7 views

CVE-2019-17213

The WebARX plugin 1.3.0 for WordPress has unauthenticated stored XSS via the URI or the X-Forwarded-For HTTP header...

6.1CVSS6.4AI score0.01155EPSS
Exploits1References2
Rows per page
Query Builder