111 matches found
EUVD-2025-210393
Hono before 4.10.2 fixed in 4.10.3 contains a flaw in its CORS middleware: when the origin is not set to "", the middleware copies the Vary header from the incoming request into the response. Because Vary is a response header that should be managed by the server, an attacker can supply arbitrary...
CVE-2025-71381
Hono before 4.10.2 fixed in 4.10.3 contains a flaw in its CORS middleware: when the origin is not set to "", the middleware copies the Vary header from the incoming request into the response. Because Vary is a response header that should be managed by the server, an attacker can supply arbitrary...
CVE-2025-71381 Hono - Vary Header Injection in CORS Middleware
Hono before 4.10.2 fixed in 4.10.3 contains a flaw in its CORS middleware: when the origin is not set to "", the middleware copies the Vary header from the incoming request into the response. Because Vary is a response header that should be managed by the server, an attacker can supply arbitrary...
CVE-2025-71381 Hono - Vary Header Injection in CORS Middleware
Hono before 4.10.2 fixed in 4.10.3 contains a flaw in its CORS middleware: when the origin is not set to "", the middleware copies the Vary header from the incoming request into the response. Because Vary is a response header that should be managed by the server, an attacker can supply arbitrary...
CVE-2025-71381
Hono up to version 4.10.2 contains a vulnerability in its CORS middleware. If the origin is not set to “*”, the middleware copies the Vary header from the request into the response, allowing an attacker to reflect arbitrary Vary values. This can lead to cache key pollution and inconsistent CORS e...
Exploit for CVE-2026-31431
CVE-2026-31431 Copy Fail Exploit A Linux kernel page cache co...
CVE-2026-2833
CVE-2026-2833 / Pingora HTTP request smuggling via premature Upgrade . Affected product: Pingora proxy in standalone deployments. Vulnerability: HTTP/1.1 upgrade handling allows forwarding the bytes after an Upgrade header to the backend before the backend accepts the upgrade (CWE-444), potential...
FreeBSD : powerdns-recursor -- cache pollution (c4fb21e4-b579-11f0-871c-6805ca2fa271)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the c4fb21e4-b579-11f0-871c-6805ca2fa271 advisory. PowerDNS Team reports: It has been brought to our attention that the Recursor does not apply...
PowerDNS Recursor Multiple Cache Pollution Vulnerabilities (2025-06)
PowerDNS Recursor is prone to multiple cache pollution vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
[SECURITY] [DSA 6045-1] pdns-recursor security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6045-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 29, 2025 https://www.debian.org/security/faq -...
Debian dsa-6045 : pdns-recursor - security update
The remote Debian 13 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-6045 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6045-1 [email protected] https://www.debian.org/securit...
Discourse 安全漏洞
Discourse is an open source community discussion platform from Discourse Open Source. The platform includes features such as communities, email and chat rooms. A security vulnerability exists in Discourse versions prior to 3.6.2 and 3.6.0.beta2, which stems from the lack of a default Cache-Contro...
Hono vulnerable to Vary Header Injection leading to potential CORS Bypass
Summary A flaw in the CORS middleware allowed request Vary headers to be reflected into the response, enabling attacker-controlled Vary values and potentially affecting cache behavior. Details The middleware previously copied the Vary header from the request when origin was not set to "". Since...
GHSA-Q7JF-GF43-6X6P Hono vulnerable to Vary Header Injection leading to potential CORS Bypass
Summary A flaw in the CORS middleware allowed request Vary headers to be reflected into the response, enabling attacker-controlled Vary values and potentially affecting cache behavior. Details The middleware previously copied the Vary header from the request when origin was not set to "". Since...
powerdns-recursor -- cache pollution
PowerDNS Team reports: It has been brought to our attention that the Recursor does not apply strict enough validation of received delegation information. The malicious delegation information can be sent by an attacker spoofing packets...
EUVD-2016-9577
Malware in sbrugna...
EUVD-2018-6532
Malware in sbrugna...
EUVD-2019-0733
Malware in sbrugna...
EUVD-2022-1051
Malicious code in bioql PyPI...
curl 安全漏洞
curl is cURL open source a tool for transferring data from or to the server . There is a security vulnerability in curl that can be exploited by attackers that may cause malicious server-induced traffic to be mistaken for real HTTP traffic by proxy servers, thereby polluting their caches...