PT-2025-39520

Name of the Vulnerable Software and Affected Versions Apache Airflow versions 3.0.0 through 3.0.3 Description A change in Apache Airflow 3 introduced a "write-only" model for sensitive connection information, intended to restrict access to Connection Editing Users. However, in version 3.0.3, this...

SUSE CVE-2025-7783

Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3...

@amazeelabs/publisher (>=2.4.28 <=3.2.6), @angular-devkit/build-angular (>=18.0.0 <=20.0.0-next.5) +83 more potentially affected by CVE-2025-32997 via http-proxy-middleware (>=3.0.0 <=3.0.3)

http-proxy-middleware NPM version =3.0.0, =2.4.28, =18.0.0, =1.0.0, =18.0.0-next.39, =18.0.0-next.39, =2.1.0-next.0, =2.1.0-next.0, =2.1.0-next.0, =2.1.0-next.0, =2.1.0-next.0, =8.10.0, =9.0.0, =9.0.0, =9.0.0, =3.11.0-beta.6, =3.26.12-beta.0 and more Source cves: CVE-2025-32997 Source advisory:...

http-proxy-middleware 安全漏洞

http-proxy-middleware is Node.js http proxy middleware for connect, express, next.js, and more. A security vulnerability exists in http-proxy-middleware versions prior to 2.0.7 and versions 3.0.0 through 3.0.3. An attacker exploiting this vulnerability could cause a system crash...

CVE-2019-19886

Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive Denial of Service because of a flaw in Transaction::addRequestHeader in transaction.cc...

CVE-2018-1496

IBM Content Navigator 2.0.3, 3.0.0, 3.0.1, 3.0.2, and 3.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...