CVE-2026-47825

The CVE affects Spring Cloud Gateway Server components (WebMVC and WebFlux gateways) where headers from untrusted proxies (X-Forwarded-For, Forwarded) are forwarded in certain configurations. Root cause: forwarded-header handling without a trusted-proxy basis allows forged headers to reach downst...

CVE-2026-48998

A flaw was found in guzzlehttp/psr7, a PHP library for HTTP messages. A remote attacker could exploit improper validation of the Host header. By providing a specially crafted Host header, an attacker could cause the system to misinterpret the intended destination. This could lead to requests or...

CVE-2025-12101

Cross-Site Scripting XSS in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway VPN virtual server, ICA Proxy, CVPN, RDP Proxy OR AAA virtual server...

CVE-2025-7775

CVE-2025-7775 is a memory overflow vulnerability in Citrix NetScaler ADC and NetScaler Gateway. The CVE affects deployments where the appliance is configured as a Gateway (VPN VServer, ICA Proxy, CVPN, RDP Proxy) or AAA VServer, and also affects LB virtual servers of type HTTP, SSL, or HTTP_QUIC ...

PT-2024-8973 · Citrix · Citrix Netscaler Application Delivery Controller +1

Name of the Vulnerable Software and Affected Versions: Citrix NetScaler Application Delivery Controller ADC and Citrix NetScaler Gateway affected versions not specified Description: The issue is related to a memory safety vulnerability that can lead to memory corruption and Denial of Service in...