Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the actions/cache server process. An attacker can inject malicious cache entries and retrieve all existing caches by connecting to the server and predicting cache keys, potentially leading to execution of...

GHSA-X34H-54CW-9825 act: actions/cache server allows malicious cache injection

act's built-in actions/cache server listens to connections on all interfaces and allows anyone who can connect to it — including someone anywhere on the internet — to create caches with arbitrary keys and retrieve all existing caches. If one can predict which cache keys will be used by local...

act: actions/cache server allows malicious cache injection

act's built-in actions/cache server listens to connections on all interfaces and allows anyone who can connect to it — including someone anywhere on the internet — to create caches with arbitrary keys and retrieve all existing caches. If one can predict which cache keys will be used by local...

PT-2026-28595

Name of the Vulnerable Software and Affected Versions act versions prior to 0.2.86 Description act, a project for running GitHub Actions locally, has an issue where the built-in actions/cache server listens on all interfaces, potentially allowing unauthorized access from the internet. This allows...

Squid 安全漏洞

Squid is a set of open-source proxy servers and web caching servers developed by Squid. This software provides features such as caching the World Wide Web, filtering traffic, and proxy access. Versions of Squid prior to 7.5 contained security vulnerabilities; these vulnerabilities stemmed from th...

BIT-NIFI-2025-66524 Apache NiFi: Deserialization of Untrusted Data in GetAsanaObject Processor

Apache NiFi 1.20.0 through 2.6.0 include the GetAsanaObject Processor, which requires integration with a configurable Distribute Map Cache Client Service for storing and retrieving state information. The GetAsanaObject Processor used generic Java Object serialization and deserialization without...

CVE-2025-66524

Apache NiFi 1.20.0 through 2.6.0 include the GetAsanaObject Processor, which requires integration with a configurable Distribute Map Cache Client Service for storing and retrieving state information. The GetAsanaObject Processor used generic Java Object serialization and deserialization without...

GHSA-V4P2-2W39-MHRJ Apache NiFi GetAsanaObject Processor has Remote Code Execution via Unsafe Deserialization

Apache NiFi 1.20.0 through 2.6.0 include the GetAsanaObject Processor, which requires integration with a configurable Distribute Map Cache Client Service for storing and retrieving state information. The GetAsanaObject Processor used generic Java Object serialization and deserialization without...

EUVD-2025-204524

Apache NiFi GetAsanaObject Processor has Remote Code Execution via Unsafe Deserialization...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the GetAsanaObject processor, which uses generic Java object serialization and deserialization without filtering. An attacker can execute arbitrary code by supplying crafted serialized objects to th...

Apache NiFi GetAsanaObject Processor has Remote Code Execution via Unsafe Deserialization

Apache NiFi 1.20.0 through 2.6.0 include the GetAsanaObject Processor, which requires integration with a configurable Distribute Map Cache Client Service for storing and retrieving state information. The GetAsanaObject Processor used generic Java Object serialization and deserialization without...

CVE-2025-66524

Apache NiFi 1.20.0 through 2.6.0 include the GetAsanaObject Processor, which requires integration with a configurable Distribute Map Cache Client Service for storing and retrieving state information. The GetAsanaObject Processor used generic Java Object serialization and deserialization without...

CVE-2025-66524 Apache NiFi: Deserialization of Untrusted Data in GetAsanaObject Processor

Apache NiFi 1.20.0 through 2.6.0 include the GetAsanaObject Processor, which requires integration with a configurable Distribute Map Cache Client Service for storing and retrieving state information. The GetAsanaObject Processor used generic Java Object serialization and deserialization without...

CVE-2025-66524

The vulnerability concerns Apache NiFi GetAsanaObject Processor (NiFi 1.20.0–2.6.0) which uses unfiltered Java Object serialization/deserialization with a Distribute Map Cache Client Service for state. The root cause is unsafe deserialization of crafted state data stored in the configured cache s...

EUVD-2003-1323

Malware in sbrugna...

EUVD-2007-4410

Malware in sbrugna...

EUVD-2021-2900

Malicious code in bioql PyPI...

CVE-2003-1333

Unspecified vulnerability in the Cache' Server Page CSP implementation in InterSystems Cache' 4.0.3 through 5.0.5 allows remote attackers to "gain complete control" of a server...

varnish: HTTP/2 Broken Window Attack may result in denial of service

A flaw was found in the Varnish cache server, with HTTP/2 support enabled, that may allow a Denial of Service type of attack. A malicious actor can cause the server to run out of credits during the HTTP/2 connection control flow. As a consequence, the server will stop to properly process the acti...

USN-6907-1: Squid vulnerability

Joshua Rogers discovered that Squid did not properly handle multi-byte characters during Edge Side Includes ESI processing. A remote attacker could possibly use this issue to cause a memory corruption error, leading to a denial of service...