NPM: http-proxy-middleware `router` host+path substring matching allows Host-header-driven backend routing bypass

NPM: http-proxy-middleware router host+path substring matching allows Host-header-driven backend routing bypass vulnerability discovered by ? in WordPress Npm http-proxy-middleware versions = 0.16.0, 3.0.6...

CVE-2026-32148

Insufficient Verification of Data Authenticity vulnerability in hexpm hex Hex.RemoteConverger module allows dependency integrity bypass via unverified lockfile checksums. Hex stores checksums for dependencies in the mix.lock file to ensure reproducible and integrity-checked builds. However,...

CVE-2026-32148 Lockfile checksums not verified in Hex allows dependency integrity bypass

Insufficient Verification of Data Authenticity vulnerability in hexpm hex Hex.RemoteConverger module allows dependency integrity bypass via unverified lockfile checksums. Hex stores checksums for dependencies in the mix.lock file to ensure reproducible and integrity-checked builds. However,...

Hex 安全漏洞

Hex is a package management tool for the Erlang ecosystem developed by Hex Open Source. Versions of Hex from 0.16.0 to 2.4.2 contained security vulnerabilities. These vulnerabilities were due to insufficient verification of data authenticity, which could lead to bypassing dependency integrity...