Lucene search
K

660 matches found

VulnCheck KEV
VulnCheck KEV
added 2026/04/30 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-58179

Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URL...

7.2CVSS5.2AI score0.00773EPSS
In wildExploits1References2
RedhatCVE
RedhatCVE
added 2026/04/27 7:23 p.m.4 views

CVE-2026-41248

Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by certain crafted requests, allowing them to skip middleware gating and reach downstream handlers. This vulnerability is fixed in...

9.1CVSS5.2AI score0.00323EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/24 9:4 p.m.4 views

EUVD-2026-25632

Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by certain crafted requests, allowing them to skip middleware gating and reach downstream handlers. This vulnerability is fixed in...

9.1CVSS5.3AI score0.00323EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/24 9:4 p.m.6 views

CVE-2026-41248

Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by certain crafted requests, allowing them to skip middleware gating and reach downstream handlers. This vulnerability is fixed in...

9.1CVSS5.3AI score0.00323EPSS
Exploits0References2Affected Software4
Vulnrichment
Vulnrichment
added 2026/04/24 9:4 p.m.5 views

CVE-2026-41248 Official Clerk JavaScript SDKs: Middleware-based route protection bypass

Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by certain crafted requests, allowing them to skip middleware gating and reach downstream handlers. This vulnerability is fixed in...

9.1CVSS5.2AI score0.00323EPSS
Exploits0References1
CVE
CVE
added 2026/04/24 9:4 p.m.65 views

CVE-2026-41248

The CVE-2026-41248 affects Clerk JavaScript repositories: createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by crafted requests, bypassing middleware gating and reaching downstream handlers. Affected fixes are: @clerk/astro 1.5.7, 2.17.10, 3.0.15; @clerk/nextjs 5....

9.1CVSS5.3AI score0.00323EPSS
Exploits0References1
NVD
NVD
added 2026/04/24 6:16 p.m.4 views

CVE-2026-41322

@astrojs/node allows Astro to deploy your SSR site to Node targets. Prior to 10.0.5, requesting a static js/css resources from astro path with an incorrect/malformed if-match header returns a 500 error with a one year cache lifetime instead of 412 in some cases. This has the effect that all...

5.3CVSS0.00238EPSS
Exploits0References1
NVD
NVD
added 2026/04/24 5:16 p.m.6 views

CVE-2026-41067

Astro is a web framework. Prior to 6.1.6, the defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline tags via the define:vars directive. HTML parsers close elements case-insensitively and also accept whitespace o...

6.1CVSS0.00189EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/24 5:8 p.m.7 views

CVE-2026-41322

@astrojs/node allows Astro to deploy your SSR site to Node targets. Prior to 10.0.5, requesting a static js/css resources from astro path with an incorrect/malformed if-match header returns a 500 error with a one year cache lifetime instead of 412 in some cases. This has the effect that all...

5.3CVSS5.2AI score0.00238EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/24 5:8 p.m.7 views

EUVD-2026-25580

@astrojs/node allows Astro to deploy your SSR site to Node targets. Prior to 10.0.5, requesting a static js/css resources from astro path with an incorrect/malformed if-match header returns a 500 error with a one year cache lifetime instead of 412 in some cases. This has the effect that all...

5.3CVSS5.2AI score0.00238EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/24 4:57 p.m.5 views

CVE-2026-41067

Astro is a web framework. Prior to 6.1.6, the defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline ,...

6.1CVSS5.2AI score0.00189EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/24 4:57 p.m.28 views

CVE-2026-41067 Astro: XSS via incomplete `</script>` sanitization in `define:vars` allows case-insensitive and whitespace-based bypass

Astro is a web framework. Prior to 6.1.6, the defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline tags via the define:vars directive. HTML parsers close elements case-insensitively and also accept whitespace o...

6.1CVSS0.00189EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/24 4:57 p.m.4 views

EUVD-2026-25573

Astro is a web framework. Prior to 6.1.6, the defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline tags via the define:vars directive. HTML parsers close elements case-insensitively and also accept whitespace o...

6.1CVSS5.5AI score0.00189EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/24 4:57 p.m.3 views

CVE-2026-41067 Astro: XSS via incomplete `</script>` sanitization in `define:vars` allows case-insensitive and whitespace-based bypass

Astro is a web framework. Prior to 6.1.6, the defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline tags via the define:vars directive. HTML parsers close elements case-insensitively and also accept whitespace o...

6.1CVSS5.5AI score0.00189EPSS
Exploits1References1
CVE
CVE
added 2026/04/24 4:57 p.m.15 views

CVE-2026-41067

Summary: CVE-2026-41067 affects Astro’s SSR pipeline, where defineScriptVars sanitizes inline script values using a case-sensitive //g regex. This fails to match closing script tags when payloads use case variants (e.g., ), whitespace before &gt; (), or self-closing forms (), allowing injected HT...

6.1CVSS5.5AI score0.00189EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.10 views

Astro 跨站脚本漏洞

Astro is a content-driven website framework developed by Astro OpenSource. Versions of Astro prior to 6.1.6 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of case-sensitive regular expressions in the defineScriptVars function, which cleaned and injected...

6.1CVSS5.8AI score0.00189EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.10 views

Astro 安全漏洞

Astro is a content-driven website framework developed by Astro OpenSource. Versions of Astro prior to 10.0.5 contained security vulnerabilities; these vulnerabilities stemmed from incorrect status codes returned when processing the if-match header, which could lead to static resource caching erro...

5.3CVSS5.8AI score0.00238EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.10 views

Astro 代码问题漏洞

Astro is a content-driven website framework developed by Astro OpenSource. Versions of Astro prior to 13.1.10 had code vulnerabilities. These vulnerabilities stemmed from the use of default redirection behavior in fetch calls, which could allow Cloudflare Workers to bypass domain whitelist checks...

2.2CVSS5.9AI score0.00199EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/04/23 2:36 p.m.6 views

@chocolatey-software/astro (=2.7.0), astro-service-worker (=0.0.1) potentially affected by CVE-2026-41322 via @astrojs/node (>=0.1.6 <=10.0.4)

@astrojs/node NPM version =0.1.6, =10.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on @astrojs/node and may be impacted: - @chocolatey-software/astro =2.7.0 - astro-service-worker =0.0.1 Source cves: CVE-2026-41322 Source advisory:...

5.3CVSS5.8AI score0.00238EPSS
Exploits0
OSV
OSV
added 2026/04/23 2:36 p.m.5 views

GHSA-C57F-MM3J-27Q9 Astro: Cache Poisoning due to incorrect error handling when if-match header is malformed

Summary Requesting a static JS/CSS resource from the astro path with an incorrect or malformed if-match header returns a 500 error with a one-year cache lifetime instead of 412 in some cases. As a result, all subsequent requests to that file — regardless of the if-match header — will be served a...

5.3CVSS5.7AI score0.00238EPSS
Exploits0References3
Rows per page
Query Builder