186 matches found
CVE-2026-10153
A flaw has been found in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is the function Search of the file org/springframework/cache/support/AbstractCacheManager.java. This manipulation of the argument s causes cross site scripting. Remote exploitation of the attack i...
CVE-2026-10153
A flaw has been found in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is the function Search of the file org/springframework/cache/support/AbstractCacheManager.java. This manipulation of the argument s causes cross site scripting. Remote exploitation of the attack i...
CicadasCMS 代码注入漏洞
CicadasCMS is a content management framework developed by the Chinese individual developer westboy, based on SpringBoot, Mybatis, SpringSecurity, and Vue. CicadasCMS has a code injection vulnerability. This vulnerability stems from the Search method in the...
Astra Linux – Vulnerability in Squid
A vulnerability was discovered in Squid before versions 4.15 and 5.x before version 5.0.6. Due to incorrect parser validation, this vulnerability allows for a Denial of Service attack against the Cache Manager API. This enables a trusted client to trigger memory leaks, which over time can lead to...
Astra Linux – Vulnerability in Squid
Squid is a caching proxy for the Web. Due to a bug related to expired pointer references, Squid versions prior to 6.6 were vulnerable to a Denial of Service attack targeting error responses from the Cache Manager. This vulnerability allowed a trusted client to cause a Denial of Service attack by...
Astra Linux – Vulnerability in Squid
A issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, sensitive information about clients using the proxy may be exposed through an HTTPS request to an internal cache manager URL. This issue has been fixed in version 5.7...
CLSA-2026-1777539404 squid34: Fix of 12 CVEs
CVE-2019-12525: fix heap buffer over-read in Digest auth parameter parsing - CVE-2018-1000027: fix NULL pointer dereference in X-Forwarded-For logging for internal transactions - CVE-2018-19131: escape certificate field injection via %D in ERRSECURECONNECTFAIL page - CVE-2018-19132: fix memory...
CLSA-2026-1777054556 squid: Fix of 2 CVEs
CVE-2022-41317: fix exposure of sensitive cache manager information via non-HTTP URI schemes due to typo in default manager ACL regex - CVE-2023-49288: fix use-after-free in StoreEntry::startWriting reachable via oversized replies with collapsedforwarding enabled...
MiracleLinux 8 : squid:4 (AXSA:2021-2820:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2820:01 advisory. squid: denial of service in URN processing CVE-2021-28651 squid: denial of service issue in Cache Manager CVE-2021-28652 squid: denial of service in...
MiracleLinux 9 : squid-5.5-13.el9_4 (AXSA:2024-8595:05)
The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-8595:05 advisory. squid: vulnerable to a Denial of Service attack against Cache Manager error responses CVE-2024-23638 squid: Out-of-bounds write error may lead to...
MiracleLinux 8 : squid:4 (AXSA:2021-1405:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1405:01 advisory. squid: Improper input validation in request allows for proxy manipulation CVE-2019-12520 squid: Off-by-one error in addStackElement allows for heap...
CVE-2025-67738
squid/cachemgr.cgi in Webmin before 2.600 does not properly quote arguments. This is relevant if Webmin's Squid module and its Cache Manager feature are available, and an untrusted party is able to authenticate to Webmin and has certain Cache Manager permissions the "cms" security option...
CVE-2025-67738
squid/cachemgr.cgi in Webmin before 2.600 does not properly quote arguments. This is relevant if Webmin's Squid module and its Cache Manager feature are available, and an untrusted party is able to authenticate to Webmin and has certain Cache Manager permissions the "cms" security option...
CVE-2025-67738
squid/cachemgr.cgi in Webmin before 2.600 does not properly quote arguments. This is relevant if Webmin's Squid module and its Cache Manager feature are available, and an untrusted party is able to authenticate to Webmin and has certain Cache Manager permissions the "cms" security option...
CVE-2025-67738
squid/cachemgr.cgi in Webmin before 2.600 does not properly quote arguments. This is relevant if Webmin's Squid module and its Cache Manager feature are available, and an untrusted party is able to authenticate to Webmin and has certain Cache Manager permissions the "cms" security option...
CVE-2025-67738
squid/cachemgr.cgi in Webmin before 2.600 does not properly quote arguments. This is relevant if Webmin's Squid module and its Cache Manager feature are available, and an untrusted party is able to authenticate to Webmin and has certain Cache Manager permissions the "cms" security option...
EUVD-2025-202665
squid/cachemgr.cgi in Webmin before 2.600 does not properly quote arguments. This is relevant if Webmin's Squid module and its Cache Manager feature are available, and an untrusted party is able to authenticate to Webmin and has certain Cache Manager permissions the "cms" security option...
CVE-2025-67738
CVE-2025-67738 affects Webmin prior to 2.600. The issue resides in squid/cachemgr.cgi where arguments are not properly quoted, applicable when Webmin’s Squid module and its Cache Manager feature are enabled and an untrusted, authenticated user holds certain Cache Manager permissions (the cms opti...
PT-2025-50582
Name of the Vulnerable Software and Affected Versions Webmin versions prior to 2.600 Description The application does not properly handle arguments within the cachemgr.cgi script when the Squid module and its Cache Manager feature are enabled. This issue arises if an unauthorized user gains acces...
EUVD-2019-4119
Malware in sbrugna...