httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash

A flaw was found in the modauthnsocache module of httpd. This vulnerability allows an unauthenticated remote user to crash a child process due to a NULL pointer dereference when the server is operating in a caching forward proxy configuration...

httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash

A flaw was found in the modauthnsocache module of httpd. This vulnerability allows an unauthenticated remote user to crash a child process due to a NULL pointer dereference when the server is operating in a caching forward proxy configuration...

Astra Linux - уязвимость в squid

Squid is a caching proxy for the web that supports HTTP, HTTPS, FTP, and other protocols. Due to an out-of-bounds write vulnerability when assigning ESI variables, Squid is susceptible to a memory corruption error. This error can lead to a denial-of-service attack...

Next.js's Middleware / Proxy redirects can be cache-poisoned

Impact Next.js uses the x-nextjs-data request header for internal data requests. On affected versions, an external client could send this header on a normal request to a path handled by middleware that returns a redirect. When that happened, the middleware/proxy could treat the request as a data...

Astra Linux - уязвимость в flask

Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client’s session...

[SECURITY] Fedora 42 Update: trafficserver-10.1.2-1.fc42

Traffic Server is a high-performance building block for cloud services. It's more than just a caching proxy server; it also has support for plugins to build large scale web applications. Key features: Caching - Improve your response time, while reducing server load and bandwidth needs by caching...

CVE-2026-27205

A flaw was found in Flask, a Web Server Gateway Interface WSGI web application framework. When a Flask application accesses the session object using certain methods, it may fail to set the Vary: Cookie header. This oversight can cause sensitive, user-specific information to be improperly cached b...

CVE-2026-27205

Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerability. The logic instructs caches not to cache...

CVE-2026-27205

Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerability. The logic instructs caches not to cache...

CVE-2025-62168

Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to...

CVE-2025-61925

Astro is a web framework. Prior to version 5.14.2, Astro reflects the value in X-Forwarded-Host in output when using Astro.url without any validation. It is common for web servers such as nginx to route requests via the Host header, and forward on other request headers. As such as malicious reque...

EUVD-2025-33766

Astro's X-Forwarded-Host is reflected without validation...

CVE-2025-61925

Astro is a web framework. Prior to version 5.14.2, Astro reflects the value in X-Forwarded-Host in output when using Astro.url without any validation. It is common for web servers such as nginx to route requests via the Host header, and forward on other request headers. As such as malicious reque...

CVE-2025-61925 Astro's `X-Forwarded-Host` is reflected with no validation

Astro is a web framework. Prior to version 5.14.2, Astro reflects the value in X-Forwarded-Host in output when using Astro.url without any validation. It is common for web servers such as nginx to route requests via the Host header, and forward on other request headers. As such as malicious reque...

CVE-2025-61925

CVE-2025-61925 affects Astro (on-demand rendering) where headers x-forwarded-proto and x-forwarded-port are used unsafely to build URLs, enabling URL manipulation that can bypass middleware protections and potentially cause SSRF, cache-poisoning, or URL-based attacks. The issue is discussed acros...

CVE-2025-61925 Astro's `X-Forwarded-Host` is reflected with no validation

Astro is a web framework. Prior to version 5.14.2, Astro reflects the value in X-Forwarded-Host in output when using Astro.url without any validation. It is common for web servers such as nginx to route requests via the Host header, and forward on other request headers. As such as malicious reque...

CVE-2025-61925 Astro's `X-Forwarded-Host` is reflected with no validation

Astro is a web framework. Prior to version 5.14.2, Astro reflects the value in X-Forwarded-Host in output when using Astro.url without any validation. It is common for web servers such as nginx to route requests via the Host header, and forward on other request headers. As such as malicious reque...

PT-2025-41598

Name of the Vulnerable Software and Affected Versions Astro versions prior to 5.14.2 Description Astro, a web framework, does not validate the X-Forwarded-Host header when using Astro.url, leading to potential manipulation of output values. A malicious request with a differing Host and...

EUVD-2002-1153

Malware in sbrugna...

EUVD-2008-0727

Malware in sbrugna...