Lucene search
+L

1943 matches found

EUVD
EUVD
added 2026/04/14 10:31 p.m.5 views

EUVD-2026-22761

OAuth2 Proxy's Health Check User-Agent Matching Bypasses Authentication in authrequest Mode...

9.1CVSS5.8AI score0.00475EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/14 10:31 p.m.18 views

OAuth2 Proxy's Health Check User-Agent Matching Bypasses Authentication in auth_request Mode

Impact A configuration-dependent authentication bypass exists in OAuth2 Proxy. Deployments are affected when all of the following are true: - OAuth2 Proxy is used with an authrequest-style integration for example, nginx authrequest - --ping-user-agent is set or --gcp-healthchecks is enabled In...

9.1CVSS5.9AI score0.00475EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2026/04/14 10:31 p.m.5 views

GHSA-5HVV-M4W4-GF6V OAuth2 Proxy's Health Check User-Agent Matching Bypasses Authentication in auth_request Mode

Impact A configuration-dependent authentication bypass exists in OAuth2 Proxy. Deployments are affected when all of the following are true: - OAuth2 Proxy is used with an authrequest-style integration for example, nginx authrequest - --ping-user-agent is set or --gcp-healthchecks is enabled In...

9.1CVSS5.9AI score0.00475EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/14 10:14 p.m.20 views

CVE-2026-34457 OAuth2 Proxy: Health Check User-Agent Matching Bypasses Authentication in auth_request Mode

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions prior to 7.15.2 contain a configuration-dependent authentication bypass in deployments where OAuth2 Proxy is used with an authrequest-style integration such as nginx authrequest and either...

9.1CVSS0.00475EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/14 10:14 p.m.3 views

CVE-2026-34457

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions prior to 7.15.2 contain a configuration-dependent authentication bypass in deployments where OAuth2 Proxy is used with an authrequest-style integration such as nginx authrequest and either...

9.1CVSS5.8AI score0.00475EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/14 10:14 p.m.3 views

CVE-2026-34457 OAuth2 Proxy: Health Check User-Agent Matching Bypasses Authentication in auth_request Mode

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions prior to 7.15.2 contain a configuration-dependent authentication bypass in deployments where OAuth2 Proxy is used with an authrequest-style integration such as nginx authrequest and either...

9.1CVSS5.8AI score0.00475EPSS
Exploits0References2
CVE
CVE
added 2026/04/14 10:14 p.m.20 views

CVE-2026-34457

CVE-2026-34457 affects OAuth2 Proxy prior to 7.15.2. In deployments using an auth_request-style integration (e.g., nginx auth_request) with either --ping-user-agent or --gcp-healthchecks enabled, any request bearing the configured health-check User-Agent is treated as authenticated, bypassing log...

9.1CVSS5.8AI score0.00475EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/14 10:14 p.m.3 views

CVE-2026-34457 OAuth2 Proxy: Health Check User-Agent Matching Bypasses Authentication in auth_request Mode

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions prior to 7.15.2 contain a configuration-dependent authentication bypass in deployments where OAuth2 Proxy is used with an authrequest-style integration such as nginx authrequest and either...

9.1CVSS6AI score0.00475EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/04/14 9:17 a.m.113 views

ai-pentest-agent

🔐 AI Pentest Agent v4 Automated web application penetration...

5.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.5 views

PT-2026-32955

Name of the Vulnerable Software and Affected Versions OAuth2 Proxy versions prior to 7.15.2 Description A configuration-dependent authentication bypass exists in deployments using auth request-style integration, such as nginx auth request. The issue occurs when either the --ping-user-agent variab...

9.1CVSS5.8AI score0.00475EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-22675

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary...

6.1CVSS6.1AI score0.00218EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.6 views

CVE-2026-22675

OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...

6.1CVSS6AI score0.00218EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/07 12:30 a.m.20 views

EUVD-2026-19484

OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...

5.4CVSS6.2AI score0.00218EPSS
Exploits0References4
OSV
OSV
added 2026/04/06 10:16 p.m.3 views

DEBIAN-CVE-2026-22675

OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...

6.1CVSS6AI score0.00218EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/06 10:16 p.m.3 views

CVE-2026-22675

OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...

6.1CVSS6AI score0.00218EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/06 9:19 p.m.3 views

CVE-2026-22675

OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...

6.1CVSS6AI score0.00218EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/06 9:19 p.m.2 views

CVE-2026-22675 OCS Inventory NG Server Stored XSS via User-Agent

OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...

5.4CVSS6AI score0.00218EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/06 9:19 p.m.27 views

CVE-2026-22675 OCS Inventory NG Server Stored XSS via User-Agent

OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...

5.4CVSS0.00218EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/04/06 9:19 p.m.8 views

CVE-2026-22675

OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...

6.1CVSS6AI score0.00218EPSS
Exploits0
OSV
OSV
added 2026/04/06 9:19 p.m.4 views

CVE-2026-22675 OCS Inventory NG Server Stored XSS via User-Agent

OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...

5.1CVSS6.2AI score0.00218EPSS
Exploits0References6
Rows per page
Query Builder