Vulnerabilities
Vulnerable Software
Security Vulnerabilities
Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's ForwardAuth middleware, even when configured with trustForwardHeader: false, derives the X-Forwarded-Port header sent to the authentication service from the original incoming request instead of the sanitized forwarded request. As a result, an unauthenticated remote attacker can inject an X-Forwarded-Proto: https header over a plain HTTP connection and cause Traefik to forward X-Forwarded-Port: 443 to the authentication service, bypassing port-based authorization checks. This issue is fixed in versions v2.11.51, v3.6.22, and v3.7.6.
CVSS Score
6.9
EPSS Score
0.003
Published
2026-07-06
Memory Corruption when updating prepared commands with invalid port indices based on user space input exceeds supported read client limits.
CVSS Score
5.3
EPSS Score
0.001
Published
2026-07-06
Memory Corruption when processing invalid HT40 channel layouts during dynamic channel switching operations.
CVSS Score
8.8
EPSS Score
0.001
Published
2026-07-06
Memory Corruption when processing asynchronous input parameters due to improper handling of modified values between check and use.
CVSS Score
7.8
EPSS Score
0.001
Published
2026-07-06
Memory Corruption when parsing jpeg commands due to unaccounted extra writes to the buffer during validation checks.
CVSS Score
5.3
EPSS Score
0.001
Published
2026-07-06
Memory Corruption when handling flash commands due to outdated LED count values being used after userspace modification.
CVSS Score
5.3
EPSS Score
0.001
Published
2026-07-06
Memory Corruption when validating input batch size and buffer plane count exceeds maximum allowed values.
CVSS Score
5.3
EPSS Score
0.001
Published
2026-07-06
Memory Corruption when allocating memory with sizes that exceed the maximum allowed value.
CVSS Score
7.8
EPSS Score
0.001
Published
2026-07-06
Cryptographic Issue when using a static initialization vector for AES-GCM key wrapping, which requires a unique value for each call to ensure security.
CVSS Score
7.1
EPSS Score
0.001
Published
2026-07-06
Memory Corruption when invoking device input/output control operations for mapping and unmapping persistent memory buffers due to improper synchronization.
CVSS Score
6.6
EPSS Score
0.001
Published
2026-07-06


Contact Us

Shodan ® - All rights reserved