CVE-2026-45028 Astro: Server island encrypted parameters vulnerable to cross-component replay

Astro is a web framework. Astro versions prior to 6.1.10 used AES-GCM encryption to protect the confidentiality and integrity of server island props and slots parameters, but did not bind the ciphertext to its intended component or parameter type. An attacker could replay one component's encrypte...

CVE-2026-45028 Astro: Server island encrypted parameters vulnerable to cross-component replay

Astro is a web framework. Astro versions prior to 6.1.10 used AES-GCM encryption to protect the confidentiality and integrity of server island props and slots parameters, but did not bind the ciphertext to its intended component or parameter type. An attacker could replay one component's encrypte...

CVE-2026-45028

Astro prior to 6.1.10 used AES-GCM to protect server island props and slots but did not bind ciphertext to the target component/type, enabling replay of an encrypted props value as a slots value (and vice versa). This could cause XSS when overlapping prop/slot keys occur in dynamically rendered p...

NPM: Astro: Server island encrypted parameters vulnerable to cross-component replay

NPM: Astro: Server island encrypted parameters vulnerable to cross-component replay vulnerability discovered by ? in WordPress Npm astro versions 6.1.10...

EUVD-2026-30054

Astro: Server island encrypted parameters vulnerable to cross-component replay...

GHSA-XR5H-PHRJ-8VXV Astro: Server island encrypted parameters vulnerable to cross-component replay

Impact Astro versions prior to 6.1.10 used AES-GCM encryption to protect the confidentiality and integrity of server island props and slots parameters, but did not bind the ciphertext to its intended component or parameter type. An attacker could replay one component's encrypted props p value as...

Astro: Server island encrypted parameters vulnerable to cross-component replay

Impact Astro versions prior to 6.1.10 used AES-GCM encryption to protect the confidentiality and integrity of server island props and slots parameters, but did not bind the ciphertext to its intended component or parameter type. An attacker could replay one component's encrypted props p value as...

RockyLinux 10 : thunderbird (RLSA-2025:21843)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:21843 advisory. firefox: Mitigation bypass in the DOM: Security component CVE-2025-13018 firefox: Use-after-free in the Audio/Video component CVE-2025-13014 firefox:...