Lucene search
+L

41 matches found

cve
cve
added 2026/07/09 5:9 p.m.19 views

CVE-2026-59224

Open WebUI vulnerability CVE-2026-59224 affects versions prior to 0.10.0. The issue: in backend/open_webui/routers/terminals.py, the ws_terminal upstream URL is built from an unencoded session_id and appends user_id as a query parameter, enabling query injection to make the terminal backend resol...

8CVSS6AI score0.00286EPSS
Exploits0References4Affected Software1
osv
osv
added 2026/07/03 8:19 p.m.4 views

CVE-2026-20896 Gitea Docker image trusts spoofable reverse-proxy headers by default

Gitea Docker image versions up to and including 1.26.2 use REVERSEPROXYTRUSTEDPROXIES= by default, allowing any source IP to impersonate a user when reverse-proxy authentication headers such as X-WEBAUTH-USER are enabled...

9.8CVSS7.3AI score0.00783EPSS
Exploits5References6
cve
cve
added 2026/07/01 2:25 p.m.20 views

CVE-2026-58399

The CVE affects @acastellon/auth (authentication control for microservices). Versions

8.7CVSS5.8AI score0.00543EPSS
Exploits0References3
cvelist
cvelist
added 2026/07/01 2:25 p.m.34 views

CVE-2026-58399 @acastellon/auth has an authentication bypass via spoofable headers in validateToken()

@acastellon/auth is an authentication control system for microservices. Versions prior to 2.3.0 appear to allow an unauthenticated authentication bypass in validateToken through spoofable auth-user and Host request headers. The validateToken middleware contains a service-to-service bypass for...

8.7CVSS0.00543EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/22 12:0 a.m.17 views

PT-2026-51429

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description When ENABLE REVERSE PROXY AUTHENTICATION is enabled, Gogs accepts the configured authentication header default: X-WEBAUTH-USER directly from client requests without validating that the request originat...

8.7CVSS6AI score0.00864EPSS
Exploits0References10
github
github
added 2026/06/18 5:22 p.m.28 views

@acastellon/auth: Authentication bypass via spoofable headers in validateToken()

@acastellon/auth v2.2.0 appears to allow an unauthenticated authentication bypass in validateToken through spoofable auth-user and Host request headers. The validateToken middleware contains a service-to-service bypass for auth-user: service-brother when req.get'host'.startsWithgetHostName. Both...

8.7CVSS5.5AI score0.00543EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2026/06/09 11:48 p.m.40 views

CVE-2026-41726 In Spring for Apache Kafka, unbounded delegate cache keyed on user-controlled, potentially malicious selector header

When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending records with unique random spring.kafka.serialization.selector header values, eventually causing GC thrash and OutOfMemoryError. Affected versions: Spring for Apache Kafka 4.0.0...

6.5CVSS0.00289EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/29 5:45 p.m.12 views

CVE-2026-44649 SillyTavern: Authentication Bypass via SSO Header Injection

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern accepts Remote-User Authelia and X-Authentik-Username Authentik HTTP headers to...

9.8CVSS5.8AI score0.00218EPSS
Exploits0References1
cve
cve
added 2026/05/29 5:45 p.m.27 views

CVE-2026-44649

SillyTavern) vulnerability (CVE-2026-44649) affects SillyTavern before version 1.18.0 where header-based SSO authentication can be bypassed. The root cause is lack of validation that Remote-User (Authelia) and X-Authentik-Username (Authentik) headers originate from a trusted reverse proxy. The lo...

9.8CVSS5.8AI score0.00218EPSS
Exploits0References1
osv
osv
added 2026/05/29 5:45 p.m.3 views

CVE-2026-44649 SillyTavern: Authentication Bypass via SSO Header Injection

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern accepts Remote-User Authelia and X-Authentik-Username Authentik HTTP headers to...

9.8CVSS6AI score0.00218EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/05/29 12:0 a.m.16 views

SillyTavern 安全漏洞

SillyTavern is a frontend interface for the SillyTavern open-source language model. Versions of SillyTavern prior to 1.18.0 contained security vulnerabilities. These vulnerabilities stemmed from automatic login using the Remote-User and X-Authentik-Username HTTP headers, without verifying whether...

9.8CVSS5.8AI score0.00218EPSS
Exploits0References1
github
github
added 2026/05/12 10:23 p.m.35 views

SillyTavern has Authentication Bypass via SSO Header Injection

Resolution SillyTavern 1.18.0 now includes a configuration option to limit which IP addresses can authorize using SSO headers, limiting to just loopback addresses by default. A setting can be customized according to user's needs. Documentation: https://docs.sillytavern.app/administration/sso/...

9.8CVSS5.8AI score0.00218EPSS
Exploits0References4Affected Software1
nvd
nvd
added 2026/04/21 9:16 p.m.13 views

CVE-2026-40910

frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser...

9.1CVSS0.00269EPSS
Exploits1References1
snyk
snyk
added 2026/04/17 10:30 p.m.5 views

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the TokenAuthenticator process. An attacker can determine valid usernames by measuring response time differences when submitting authentication requests with the X-AUTH-USER header. Remediation Upgrade kimai/kimai to...

6.3CVSS5.8AI score
Exploits0References2
redhatcve
redhatcve
added 2026/01/21 6:33 a.m.11 views

CVE-2025-14348

The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.7. This is due to the plugin's REST API trusting the x-wemail-user HTTP header to identif...

5.3CVSS5.5AI score0.00268EPSS
Exploits0References1
nvd
nvd
added 2026/01/20 5:16 a.m.5 views

CVE-2025-14348

The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.7. This is due to the plugin's REST API trusting the x-wemail-user HTTP header to identif...

5.3CVSS0.00268EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/01/20 4:35 a.m.3 views

CVE-2025-14348

The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.7. This is due to the plugin's REST API trusting the x-wemail-user HTTP header to identif...

5.3CVSS5.4AI score0.00268EPSS
Exploits0References5
cvelist
cvelist
added 2026/01/20 4:35 a.m.27 views

CVE-2025-14348 weMail <= 2.0.7 - Insufficient Authorization via x-wemail-user Header to Sensitive Information Disclosure

The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.7. This is due to the plugin's REST API trusting the x-wemail-user HTTP header to identif...

5.3CVSS0.00268EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/01/20 12:0 a.m.11 views

PT-2026-3535

The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.7. This is due to the plugin's REST API trusting the x-wemail-user HTTP header to identif...

5.3CVSS5.5AI score0.00268EPSS
Exploits0References5
patchstack
patchstack
added 2026/01/19 10:12 p.m.6 views

WordPress weMail plugin <= 2.0.7 - Insufficient Authorization via x-wemail-user Header to Sensitive Information Disclosure vulnerability

Insufficient Authorization via x-wemail-user Header to Sensitive Information Disclosure vulnerability discovered by shark3y in WordPress Plugin weMail versions = 2.0.7...

5.3CVSS5.5AI score0.00268EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder