Imlonghao

#9052of 53,633
30.2Total CVSS
Vulnerabilities · 4
Medium
2
High
2
PT-2026-7893
8.6
2026-02-12
Traefik · Traefik · CVE-2026-25748
**Name of the Vulnerable Software and Affected Versions** authentik versions prior to 2025.10.4 authentik versions prior to 2025.12.4 **Description** authentik is an open-source identity provider. A malformed cookie could bypass authentication when using forward authentication with the authentik Proxy Provider in conjunction with Traefik or Caddy as a reverse proxy. The absence of authentik-specific X-Authentik-* headers with a malicious cookie could grant access to an attacker, depending on the application. **Recommendations** Update to authentik version 2025.10.4 or later. Update to authentik version 2025.12.4 or later.
PT-2025-33680
8.6
2025-08-12
Komari · Komari · CVE-2025-55300
Name of the Vulnerable Software and Affected Versions: Komari versions prior to 1.0.4-fix1 Description: Komari is a server monitoring tool. A Cross-Site WebSocket Hijacking (CSWSH) issue exists in the WebSocket upgrader due to disabled origin checking, potentially allowing remote code execution against authenticated users. An attacker can send requests to the terminal websocket endpoint with the victim's browser cookies. Recommendations: Update to version 1.0.4-fix1 or later.
PT-2023-19952
6.5
2023-02-08
Discourse · Discourse · CVE-2023-25167
**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to the latest stable, beta and tests-passed versions **Description** Discourse is an open source discussion platform. A malicious user can cause a regular expression denial of service using a carefully crafted git URL. **Recommendations** For all affected versions, users are advised to upgrade to the latest stable, beta, or tests-passed version of Discourse. As a temporary workaround, consider restricting the use of git URLs in Discourse until a patch is available.
PT-2023-12730
6.5
2023-01-05
Discourse · Discourse · CVE-2022-23548
**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 2.8.14 on the `stable` branch Discourse versions prior to 2.9.0.beta16 on the `beta` and `tests-passed` branches **Description** The issue affects the parsing of posts in Discourse, making it susceptible to regular expression denial of service (ReDoS) attacks. This allows for potential disruption of service. There are no known workarounds for this issue. **Recommendations** For Discourse versions prior to 2.8.14 on the `stable` branch, update to version 2.8.14 to resolve the issue. For Discourse versions prior to 2.9.0.beta16 on the `beta` and `tests-passed` branches, update to version 2.9.0.beta16 to resolve the issue.