Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes

Impact App Router applications that rely on middleware or proxy-based checks for authorization can allow unauthorized access through transport-specific route variants used for segment prefetching. In affected configurations, specially crafted .rsc and segment-prefetch URLs can resolve to the same...

GHSA-267C-6GRR-H53F Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes

Impact App Router applications that rely on middleware or proxy-based checks for authorization can allow unauthorized access through transport-specific route variants used for segment prefetching. In affected configurations, specially crafted .rsc and segment-prefetch URLs can resolve to the same...

SUSE CVE-2026-44029

An issue was discovered in Nix before 2.34.7. Writing to arbitrary files can occur via "nix-prefetch-url --unpack" or "nix store prefetch-file --unpack" directory traversal. The fixed versions are 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4, and 2.28.7 introduced in 2.24.7;...

EUVD-2026-27166

An issue was discovered in Nix before 2.34.7. Writing to arbitrary files can occur via "nix-prefetch-url --unpack" or "nix store prefetch-file --unpack" directory traversal. The fixed versions are 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4, and 2.28.7 introduced in 2.24.7;...

DEBIAN-CVE-2026-44029

An issue was discovered in Nix before 2.34.7. Writing to arbitrary files can occur via "nix-prefetch-url --unpack" or "nix store prefetch-file --unpack" directory traversal. The fixed versions are 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4, and 2.28.7 introduced in 2.24.7;...

CVE-2026-44029

An issue was discovered in Nix before 2.34.7. Writing to arbitrary files can occur via "nix-prefetch-url --unpack" or "nix store prefetch-file --unpack" directory traversal. The fixed versions are 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4, and 2.28.7 introduced in 2.24.7;...

CVE-2026-44029

An issue was discovered in Nix before 2.34.7. Writing to arbitrary files can occur via "nix-prefetch-url --unpack" or "nix store prefetch-file --unpack" directory traversal. The fixed versions are 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4, and 2.28.7 introduced in 2.24.7;...

PT-2026-36941

Name of the Vulnerable Software and Affected Versions Nix versions 2.24.7 through 2.34.6 Description A directory traversal issue allows writing to arbitrary files when using the "nix-prefetch-url --unpack" or "nix store prefetch-file --unpack" commands. Recommendations Update to version 2.34.7...

Varnish Cache和Varnish Enterprise 安全漏洞

Varnish Cache and Varnish Enterprise are both products from the Varnish company. Varnish Cache is a set of reverse website caching servers. Varnish Enterprise is a high-performance caching software designed for handling high-traffic and optimizing businesses. There were security vulnerabilities i...

EUVD-2013-0989

Malware in sbrugna...

EUVD-2016-10617

Malware in sbrugna...

EUVD-2021-13124

Malware in sbrugna...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the prefetchParentTask and recursiveDownloadWithDirectMetadata, which the first return value of the functions is dereferenced even when the functions returns an error. An attacker can cause the application t...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the prefetchParentTask and recursiveDownloadWithDirectMetadata, which the first return value of the functions is dereferenced even when the functions returns an error. An attacker can cause the application t...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the prefetchParentTask and recursiveDownloadWithDirectMetadata, which the first return value of the functions is dereferenced even when the functions returns an error. An attacker can cause the application t...

Linux Distros Unpatched Vulnerability : CVE-2021-26318

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space...

A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.

...

CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox < 128 and Thunderbird < 128.

...

drm/xe/ufence: Prefetch ufence addr to catch bogus address

...

Linux Distros Unpatched Vulnerability : CVE-2010-3813

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6...