Lucene search
K

31 matches found

OSV
OSV
added 2026/07/06 6:28 a.m.6 views

OESA-2026-2851 rubygem-yard security update

YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...

5.3CVSS5.9AI score0.00273EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 9:13 p.m.7 views

Directory Traversal

Overview yard is a documentation generation tool for the Ruby programming language. Affected versions of this package are vulnerable to Directory Traversal via the static cache lookup feature when a server is configured with a document root. An attacker can access files outside the intended...

6.9CVSS6.5AI score0.00273EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 8:16 p.m.11 views

DEBIAN-CVE-2026-49342

YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as /../yard-cache-secret.html is joine...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.11 views

PT-2026-51019

Name of the Vulnerable Software and Affected Versions YARD versions prior to 0.9.44 Description YARD is a documentation generation tool for the Ruby programming language. The static cache lookup reads a request path before the router's path cleanup process occurs. When a server is configured with...

5.3CVSS5.7AI score0.00273EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2026/04/21 3:21 p.m.11 views

Auth0 Next.js SDK has Improper Proxy Cache Lookup

Description In affected versions of the Next.js SDK, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Which Projects are Affected? Users are affected if they meet all of the following preconditions: -...

5.4CVSS5.8AI score0.00214EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/21 3:21 p.m.7 views

GHSA-XQ8M-7C5P-C2R6 Auth0 Next.js SDK has Improper Proxy Cache Lookup

Description In affected versions of the Next.js SDK, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Which Projects are Affected? Users are affected if they meet all of the following preconditions: -...

5.4CVSS5.8AI score0.00214EPSS
Exploits0References5
CVE
CVE
added 2026/04/17 8:54 p.m.19 views

CVE-2026-40155

The CVE concerns the Auth0 Next.js SDK. Affected versions: 4.12.0–4.17.1. Issue: when multiple simultaneous requests trigger a nonce retry, the proxy cache fetcher may perform improper lookups for token request results. Impact: affects projects using both the vulnerable SDK versions and the proxy...

5.4CVSS5.7AI score0.00214EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2024/08/28 1:20 a.m.11 views

Incorrect Input Validation

Apache Traffic Server is vulnerable to Incorrect Input Validation. The vulnerability is caused due to Invalid Accept-Encoding header. This can lead to fail cache lookup and force forwarding requests...

8.2CVSS6.6AI score0.01085EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/08/16 11:8 a.m.5 views

OESA-2024-1981 trafficserver security update

Apache Traffic Server is an OpenSource HTTP / HTTPS / HTTP/2 / QUIC reverse, forward and transparent proxy and cache. Security Fixes: Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from...

8.2CVSS7AI score0.01085EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2024/07/29 6:30 a.m.29 views

CVE-2024-35296

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue...

6.9AI score0.01085EPSS
Exploits0References4
OSV
OSV
added 2024/07/26 10:15 a.m.2 views

DEBIAN-CVE-2024-35296

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue...

8.2CVSS5.2AI score0.01085EPSS
Exploits0References1
NVD
NVD
added 2024/07/26 10:15 a.m.30 views

CVE-2024-35296

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue...

8.2CVSS0.01085EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2024/07/26 10:15 a.m.28 views

CVE-2024-35296

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue...

8.2CVSS5.8AI score0.01085EPSS
Exploits0References3
OSV
OSV
added 2024/07/26 10:15 a.m.16 views

UBUNTU-CVE-2024-35296

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue...

8.2CVSS5.8AI score0.01085EPSS
Exploits0References4
CVE
CVE
added 2024/07/26 9:11 a.m.80 views

CVE-2024-35296

Apache Traffic Server (versions 8.0.0–8.1.10 and 9.0.0–9.2.4) is affected by CVE-2024-35296 due to incorrect handling of the Accept-Encoding header, which can cause cache lookups to fail and lead to forwarding requests. The issue is resolved by upgrading to 8.1.11 or 9.2.5. Certified advisories f...

8.2CVSS6.6AI score0.01085EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/26 9:11 a.m.26 views

CVE-2024-35296 Apache Traffic Server: Invalid Accept-Encoding can force forwarding requests

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue...

7.2AI score0.01085EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/26 9:11 a.m.35 views

CVE-2024-35296 Apache Traffic Server: Invalid Accept-Encoding can force forwarding requests

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue...

0.01085EPSS
Exploits0References1
OSV
OSV
added 2024/07/26 9:11 a.m.21 views

CVE-2024-35296 Apache Traffic Server: Invalid Accept-Encoding can force forwarding requests

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue...

8.2CVSS6.6AI score0.01085EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/07/25 12:0 a.m.5 views

PT-2024-5532 · Apache · Apache Traffic Server

Name of the Vulnerable Software and Affected Versions: Apache Traffic Server versions 8.0.0 through 8.1.10 Apache Traffic Server versions 9.0.0 through 9.2.4 Description: The issue is related to insufficient input validation, allowing a remote attacker to execute arbitrary requests using the HTTP...

9.1CVSS7.8AI score0.01085EPSS
Exploits0References26
UbuntuCve
UbuntuCve
added 2022/09/26 12:0 a.m.49 views

CVE-2022-3204

A vulnerability named 'Non-Responsive Delegation Attack' NRDelegation Attack has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for...

7.5CVSS6.9AI score0.01293EPSS
Exploits0References3
Rows per page
Query Builder