33 matches found
CVE-2026-44649
SillyTavern) vulnerability (CVE-2026-44649) affects SillyTavern before version 1.18.0 where header-based SSO authentication can be bypassed. The root cause is lack of validation that Remote-User (Authelia) and X-Authentik-Username (Authentik) headers originate from a trusted reverse proxy. The lo...
CVE-2026-44649 SillyTavern: Authentication Bypass via SSO Header Injection
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern accepts Remote-User Authelia and X-Authentik-Username Authentik HTTP headers to...
SillyTavern 安全漏洞
SillyTavern is a frontend interface for the SillyTavern open-source language model. Versions of SillyTavern prior to 1.18.0 contained security vulnerabilities. These vulnerabilities stemmed from automatic login using the Remote-User and X-Authentik-Username HTTP headers, without verifying whether...
SillyTavern has Authentication Bypass via SSO Header Injection
Resolution SillyTavern 1.18.0 now includes a configuration option to limit which IP addresses can authorize using SSO headers, limiting to just loopback addresses by default. A setting can be customized according to user's needs. Documentation: https://docs.sillytavern.app/administration/sso/...
CVE-2026-40910
frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser...
Timing Attack
Overview Affected versions of this package are vulnerable to Timing Attack via the TokenAuthenticator process. An attacker can determine valid usernames by measuring response time differences when submitting authentication requests with the X-AUTH-USER header. Remediation Upgrade kimai/kimai to...
CVE-2025-14348
The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.7. This is due to the plugin's REST API trusting the x-wemail-user HTTP header to identif...
CVE-2025-14348
The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.7. This is due to the plugin's REST API trusting the x-wemail-user HTTP header to identif...
CVE-2025-14348
The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.7. This is due to the plugin's REST API trusting the x-wemail-user HTTP header to identif...
CVE-2025-14348 weMail <= 2.0.7 - Insufficient Authorization via x-wemail-user Header to Sensitive Information Disclosure
The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.7. This is due to the plugin's REST API trusting the x-wemail-user HTTP header to identif...
PT-2026-3535
The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.7. This is due to the plugin's REST API trusting the x-wemail-user HTTP header to identif...
WordPress weMail plugin <= 2.0.7 - Insufficient Authorization via x-wemail-user Header to Sensitive Information Disclosure vulnerability
Insufficient Authorization via x-wemail-user Header to Sensitive Information Disclosure vulnerability discovered by shark3y in WordPress Plugin weMail versions = 2.0.7...
WordPress plugin AA Block Country 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
erxes 安全漏洞
erxes is an open source Hubspot/Qualtrics alternative to erxes open source. Enabling SaaS providers and digital marketing agencies/developers to create unique experiences for their entire business. A security vulnerability exists in versions prior to erxes 1.6.1 that stems from improper access...
CLSA-2025-1744875533 php: Fix of CVE-2025-1736
CVE-2025-1736: add checking of http user header crlf...
SUSE CVE-2014-0482
The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors...
CVE-2019-12131
An issue was detected in ONAP APPC through Dublin and SDC through Dublin. By setting a USERID parameter in an HTTP header, an attacker may impersonate an arbitrary existing user without any authentication. All APPC and SDC setups are affected...
Authentication Bypass
openshift-origin-broker is vulnerable to authentication bypass attacks. The vulnerability exists as the openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attacker...
python: http protocol steam injection attack
It was found that the Python's httplib library used by urllib, urllib2 and others did not properly check HTTPConnection.putheader function arguments. An attacker could use this flaw to inject additional headers in a Python application that allowed user provided header names or values...
PYSEC-2015-4
Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an underscore character instead of a - dash character in an HTTP header, as demonstrated by an X-AuthUser header...