CVE-2026-10517

A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not configured opt-in, not enforced by default, an unauthenticated attacker can submit a manifest with...

Azure Blob Storage for Craft CMS Potential Sensitive Information Disclosure vulnerability

Unauthenticated users can view a list of buckets the plugin has access to. The DefaultController-actionLoadContainerData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin is allowed to see. Because Azure can return sensitive data in error...

PT-2026-25818

The Azure Blob Storage for Craft CMS plugin provides an Azure Blob Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.1.1, unauthenticated users can view a list of buckets the plugin has access to. The DefaultController-actionLoadContainerData endpoint allows...

OESA-2026-1551 squid security update

Squid is a high-performance proxy caching server. It handles all requests in a single, non-blocking, I/O-driven process and keeps meta data and implements negative caching of failed requests. Security Fixes: Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: squid (UTSA-2026-005211)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005211 advisory. Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information...

MiracleLinux 7 : squid-3.5.20-17.0.5.99.0.2.el7.AXS7 (AXSA:2025-11536:06)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-11536:06 advisory. CVE-2025-62168: fix failure to redact HTTP authentication credentials in error handling to prevent information disclosure emailerrdata directive now default...

CLSA-2025-1764281284 squid: Fix of CVE-2025-62168

CVE-2025-62168: fix failure to redact HTTP authentication credentials in error handling to prevent information disclosure - emailerrdata directive now defaults to 'off' for security previously 'on'...

CLSA-2025-1764151964 squid: Fix of CVE-2025-62168

CVE-2025-62168: fix failure to redact HTTP authentication credentials in error handling to prevent information disclosure - emailerrdata directive now defaults to 'off' for security previously 'on'...

ROS-20251112-01

Squid proxy server vulnerability related to data boundary checking errors during encoding processing ASN.1 long SNMP OIDs in asnbuildobjid function in lib/snmplib/asn1.c. Exploitation of the of the vulnerability could allow an attacker to cause a denial of service Vulnerability of emailerrdata...

OESA-2025-2606 squid security update

Squid is a high-performance proxy caching server. It handles all requests in a single, non-blocking, I/O-driven process and keeps meta data and implements negative caching of failed requests. Security Fixes: Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact...

CVE-2025-58189

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security...

Squid < 7.2 Information Disclosure (SQUID-2025:2)

The version of Squid on the remote host is prior to 7.2. It is, therefore, affected by an information disclosure vulnerability: - Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information...

CVE-2025-58189

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...

Amazon Linux 2 : squid, --advisory ALAS2-2025-3045 (ALAS-2025-3045)

The version of squid installed on the remote host is prior to 3.5.20-17. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3045 advisory. Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error...

Linux Distros Unpatched Vulnerability : CVE-2025-62168

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information...

Important: squid

Issue Overview: Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. . This potentially allows a remote client to identify security tokens or credentials used internally by a web...

Important: squid

Issue Overview: Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. . This potentially allows a remote client to identify security tokens or credentials used internally by a web...

EUVD-2025-34983

The PowerBI Embed Reports plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.2.0. This is due to missing capability checks and authentication verification on the 'testUser' endpoint accessible via the moepbradminobserver function hooked ...

CVE-2025-10750 PowerBI Embed Reports <= 1.2.0 - Unauthenticated Sensitive Information Disclosure

The PowerBI Embed Reports plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.2.0. This is due to missing capability checks and authentication verification on the 'testUser' endpoint accessible via the moepbradminobserver function hooked ...

CVE-2025-10750

The CVE CVE-2025-10750 concerns the WordPress PowerBI Embed Reports plugin (