GHSA-3G8H-86W9-WVMQ Next.js's Middleware / Proxy redirects can be cache-poisoned

Impact Next.js uses the x-nextjs-data request header for internal data requests. On affected versions, an external client could send this header on a normal request to a path handled by middleware that returns a redirect. When that happened, the middleware/proxy could treat the request as a data...

CVE-2025-25235

Server-Side Request Forgery SSRF in Omnissa Secure Email Gateway SEG in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks...

SUSE CVE-2022-2835

A flaw was found in coreDNS. This flaw allows a malicious user to reroute internal calls to some internal services that were accessed by the FQDN in a format of ..svc...

CVE-2018-0063

A vulnerability in the IP next-hop index database in Junos OS 17.3R3 may allow a flood of ARP requests, sent to the management interface, to exhaust the private Internal routing interfaces IRIs next-hop limit. Once the IRI next-hop database is full, no further next hops can be learned and existin...

Design/Logic Flaw

A vulnerability in the IP next-hop index database in Junos OS 17.3R3 may allow a flood of ARP requests, sent to the management interface, to exhaust the private Internal routing interfaces IRIs next-hop limit. Once the IRI next-hop database is full, no further next hops can be learned and existin...

Arbitrary Code Execution Through The "internal" Routes

Symfony is vulnerable to arbitrary code execution attacks. When the @FrameworkBundle/Resources/config/routing/internal.xml internal routing configuration is used without securing its routes properly, attackers can trigger the vulnerability by using a URI beginning with a /internal substring...