126 matches found
Astro Cloudflare Adapter - Server Side Request Forgery
Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URL...
CVE-2026-49136
Banana Slides (v0.4.0) contains a path traversal in ai service backend’s generate_image() that lets unauthenticated attackers read arbitrary image files outside the uploads directory. Root cause: incomplete path prefix check via os.path.startswith(), without a trailing separator, allowing crafted...
PT-2026-45559
Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generate image function within the AI service backend that allows unauthenticated attackers to read arbitrary image-format files outside the intended uploads directory by exploiting an incomplet...
VulnCheck KEV: CVE-2025-58179
Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URL...
PT-2026-34823
Summary The fetch call for remote images in packages/integrations/cloudflare/src/utils/image-binding-transform.ts line 28 uses the default redirect: 'follow' behavior. This allows the Cloudflare Worker to follow HTTP redirects to arbitrary URLs, bypassing the isRemoteAllowed domain allowlist chec...
EUVD-2015-0036
Malware in sbrugna...
EUVD-2000-0838
Malware in sbrugna...
EUVD-2013-1565
Malware in sbrugna...
Server-side Request Forgery
astrojs/cloudflare is vulnerable to Server-side Request Forgery. The vulnerability is due to insufficient URL validation in the generated image optimization endpoint when the adapter is used with output: 'server' and the default imageService: 'compile', an attacker can exploit this to have the...
EUVD-2022-4293
Malicious code in bioql PyPI...
EUVD-2022-4907
Malicious code in bioql PyPI...
EUVD-2022-4019
Malicious code in bioql PyPI...
EUVD-2025-26878
Malicious code in bioql PyPI...
CVE-2025-58179
Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URL...
CVE-2025-58179
Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URL...
CVE-2025-58179 Astro Cloudflare adapter is vulnerable to Server-Side Request Forgery via /_image endpoint
Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URL...
CVE-2025-58179 Astro Cloudflare adapter is vulnerable to Server-Side Request Forgery via /_image endpoint
Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URL...
PT-2025-36102
Name of the Vulnerable Software and Affected Versions Astro versions 11.0.3 through 12.6.5 Description Astro, a web framework for content-driven websites, is susceptible to a Server-Side Request Forgery SSRF issue when utilizing the Cloudflare adapter. When configured with output: 'server' and th...
Capture, Replicate, Deploy: Image Service Upgrades Now Available
...
RHEL 7 : openstack-cinder, openstack-glance, and openstack-nova update (Moderate) (RHSA-2016:2991)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:2991 advisory. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute...