1136 matches found
CVE-2026-50052
In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack request smuggling, which in turn can be used for cache poisoning, authentication bypass, or possibly even information disclosure and...
WordPress Varnish/Nginx Proxy Caching <= 1.8.3 - Information Exposure
Razvan Stanga Varnish/Nginx Proxy Caching = 1.8.3 contains an insertion of sensitive information into sent data vulnerability caused by improper handling of embedded sensitive data, letting attackers retrieve sensitive information, exploit requires crafted requests. id: CVE-2025-62126 info: name:...
CVE-2026-50052
In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack request smuggling, which in turn can be used for cache poisoning, authentication bypass, or possibly even information disclosure and...
CVE-2026-50052
Affected products/versions: Vinyl Cache < 9.0.1 and Varnish Cache
EUVD-2026-34066
In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack request smuggling, which in turn can be used for cache poisoning, authentication bypass, or possibly even information disclosure and...
CVE-2026-50052
In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack request smuggling, which in turn can be used for cache poisoning, authentication bypass, or possibly even information disclosure and...
UBUNTU-CVE-2026-50052
In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficien...
[SECURITY] [DSA 6303-1] varnish security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6303-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 27, 2026 https://www.debian.org/security/faq -...
FreeBSD : Vinyl/Varnish -- HTTP/2 parsing deficiency (f0f4bb64-52c6-11f1-a1c0-0050569f0b83)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f0f4bb64-52c6-11f1-a1c0-0050569f0b83 advisory. Vinyl Development Team reports: A deficiency in HTTP/2 request parsing can be exploited to launch a...
SUSE CVE-2017-12425
An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the...
Unity Linux 20.1070e Security Update: varnish (UTSA-2026-017377)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017377 advisory. In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise Cache Plus 4.1.x before 4.1.11r6 and 6.0.x before...
Exploit for Incorrect Behavior Order: Validate Before Canonicalize in Varnish-Software Varnish_Enterprise
way2poccve-2026-34475 CVE-2026-34475 — Nuclei Detection Temp...
Varnish Nuclei Detection Templates
This repository has two-stage Nuclei detection for CVE-2026-34475. It can fingerprint vulnerable Varnish instances, verify cache-key collision behavior, and confirm exploitability via VCL inspection, without triggering the bug...
Linux Distros Unpatched Vulnerability : CVE-2026-40396
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Varnish Cache 9 before 9.0.1 allows a workspace overflow denial of service daemon panic after timeoutlinger. A malicious client could send an HTTP/1 request, wa...
CVE-2026-40396
A flaw was found in Varnish Cache. A malicious client can exploit a 'workspace overflow' vulnerability by sending an HTTP/1 request, waiting for the session to release its worker thread, and then resuming traffic with multiple requests to trigger a pipelining operation. This can lead to a workspa...
CVE-2026-40394
A flaw was found in Varnish Cache and Varnish Enterprise. A remote attacker can trigger a denial of service by sending specific amounts of prefetched data during an HTTP/2 session upgrade. This vulnerability, known as a "workspace overflow," occurs when the system attempts to allocate a buffer,...
CVE-2026-40395
A flaw was found in Varnish Enterprise. A remote attacker can exploit this vulnerability by sending a request with an excessive number of header fields. This can cause a "workspace overflow" within the vmodheaderplus module, leading to a daemon panic and crashing the Varnish Enterprise server. Th...
ROOT-OS-DEBIAN-12-CVE-2023-44487 CVE-2023-44487 in rootio-nginx - Patched by Root
Root has patched CVE-2023-44487 in the rootio-nginx package for Root:Debian:12. Multiple fixed versions available...
Linux Distros Unpatched Vulnerability : CVE-2026-40395
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Varnish Enterprise before 6.0.16r12 allows a workspace overflow denial of service daemon panic for shared VCL. The headerplus.writereq0 function from...
Linux Distros Unpatched Vulnerability : CVE-2026-40394
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a workspace overflow denial of service daemon panic for certain amounts of prefetche...