175 matches found
httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash
A flaw was found in the modauthnsocache module of httpd. This vulnerability allows an unauthenticated remote user to crash a child process due to a NULL pointer dereference when the server is operating in a caching forward proxy configuration...
httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash
A flaw was found in the modauthnsocache module of httpd. This vulnerability allows an unauthenticated remote user to crash a child process due to a NULL pointer dereference when the server is operating in a caching forward proxy configuration...
Astra Linux – Vulnerability in Flask
Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client’s session...
Next.js's Middleware / Proxy redirects can be cache-poisoned
Impact Next.js uses the x-nextjs-data request header for internal data requests. On affected versions, an external client could send this header on a normal request to a path handled by middleware that returns a redirect. When that happened, the middleware/proxy could treat the request as a data...
[SECURITY] Fedora 42 Update: trafficserver-10.1.2-1.fc42
Traffic Server is a high-performance building block for cloud services. It's more than just a caching proxy server; it also has support for plugins to build large scale web applications. Key features: Caching - Improve your response time, while reducing server load and bandwidth needs by caching...
CVE-2026-27205
A flaw was found in Flask, a Web Server Gateway Interface WSGI web application framework. When a Flask application accesses the session object using certain methods, it may fail to set the Vary: Cookie header. This oversight can cause sensitive, user-specific information to be improperly cached b...
CVE-2026-27205
Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerability. The logic instructs caches not to cache...
CVE-2026-27205
Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerability. The logic instructs caches not to cache...
CVE-2025-62168
Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to...
CVE-2025-61925
Astro is a web framework. Prior to version 5.14.2, Astro reflects the value in X-Forwarded-Host in output when using Astro.url without any validation. It is common for web servers such as nginx to route requests via the Host header, and forward on other request headers. As such as malicious reque...
EUVD-2025-33766
Astro's X-Forwarded-Host is reflected without validation...
CVE-2025-61925
Astro is a web framework. Prior to version 5.14.2, Astro reflects the value in X-Forwarded-Host in output when using Astro.url without any validation. It is common for web servers such as nginx to route requests via the Host header, and forward on other request headers. As such as malicious reque...
CVE-2025-61925 Astro's `X-Forwarded-Host` is reflected with no validation
Astro is a web framework. Prior to version 5.14.2, Astro reflects the value in X-Forwarded-Host in output when using Astro.url without any validation. It is common for web servers such as nginx to route requests via the Host header, and forward on other request headers. As such as malicious reque...
CVE-2025-61925
CVE-2025-61925 affects Astro (on-demand rendering) where headers x-forwarded-proto and x-forwarded-port are used unsafely to build URLs, enabling URL manipulation that can bypass middleware protections and potentially cause SSRF, cache-poisoning, or URL-based attacks. The issue is discussed acros...
CVE-2025-61925 Astro's `X-Forwarded-Host` is reflected with no validation
Astro is a web framework. Prior to version 5.14.2, Astro reflects the value in X-Forwarded-Host in output when using Astro.url without any validation. It is common for web servers such as nginx to route requests via the Host header, and forward on other request headers. As such as malicious reque...
CVE-2025-61925 Astro's `X-Forwarded-Host` is reflected with no validation
Astro is a web framework. Prior to version 5.14.2, Astro reflects the value in X-Forwarded-Host in output when using Astro.url without any validation. It is common for web servers such as nginx to route requests via the Host header, and forward on other request headers. As such as malicious reque...
PT-2025-41598
Name of the Vulnerable Software and Affected Versions Astro versions prior to 5.14.2 Description Astro, a web framework, does not validate the X-Forwarded-Host header when using Astro.url, leading to potential manipulation of output values. A malicious request with a differing Host and...
EUVD-2002-1153
Malware in sbrugna...
EUVD-2008-0727
Malware in sbrugna...
EUVD-2015-5021
Malware in sbrugna...