CVE-2022-50954

creationtimestamp| type| source ---|---|--- 2026-05-10 14:48:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mliywj5zzg2i...

CVE-2026-27829

Astro is a web framework. In versions 9.0.0 through 9.5.3, a bug in Astro's image pipeline allows bypassing image.domains / image.remotePatterns restrictions, enabling the server to fetch content from unauthorized remote hosts. Astro provides an inferSize option that fetches remote images at rend...

CVE-2026-27829 Astro is vulnerable to SSRF due to missing allowlist enforcement in remote image inferSize

Astro is a web framework. In versions 9.0.0 through 9.5.3, a bug in Astro's image pipeline allows bypassing image.domains / image.remotePatterns restrictions, enabling the server to fetch content from unauthorized remote hosts. Astro provides an inferSize option that fetches remote images at rend...

CVE-2026-27729 Astro has memory exhaustion DoS due to missing request body size limit in Server Actions

Astro is a web framework. In versions 9.0.0 through 9.5.3, Astro server actions have no default request body size limit, which can lead to memory exhaustion DoS. A single large POST to a valid action endpoint can crash the server process on memory-constrained deployments. On-demand rendered sites...

EUVD-2026-7455

Astro is a web framework. Prior to version 9.5.4, Server-Side Rendered pages that return an error with a prerendered custom error page eg. 404.astro or 500.astro are vulnerable to SSRF. If the Host: header is changed to an attacker's server, it will be fetched on /500.html and they can redirect...

CVE-2026-25545 Astro has Full-Read SSRF in error rendering via Host: header injection

Astro is a web framework. Prior to version 9.5.4, Server-Side Rendered pages that return an error with a prerendered custom error page eg. 404.astro or 500.astro are vulnerable to SSRF. If the Host: header is changed to an attacker's server, it will be fetched on /500.html and they can redirect...

CVE-2026-25545 Astro has Full-Read SSRF in error rendering via Host: header injection

Astro is a web framework. Prior to version 9.5.4, Server-Side Rendered pages that return an error with a prerendered custom error page eg. 404.astro or 500.astro are vulnerable to SSRF. If the Host: header is changed to an attacker's server, it will be fetched on /500.html and they can redirect...

Astro 代码问题漏洞

Astro is a content-driven website framework developed by Astro OpenSource. Versions of Astro prior to 9.5.4 had code vulnerabilities. These vulnerabilities stemmed from server-side rendering of pages, where errors were handled through server-side request forgeing, potentially allowing attackers t...

Linux Distros Unpatched Vulnerability : CVE-2021-21325

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI befor...

GLPI 跨站脚本漏洞

GLPI is a free asset and IT management software package that provides ITIL service desk functionality, license tracking and software auditing. A cross-site scripting vulnerability exists in GLPi version 9.5.4. The vulnerability stems from GLPi unvalidated metadata. An attacker can exploit the...

UBUNTU-CVE-2021-21327

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 non-authenticated user can remotely instantiate object of any class existing in the GLPI environment that can be used to...

PT-2021-14411 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.4 Description: The issue concerns a vulnerability in the "/ajax/common.tabs.php" endpoint, where at least two parameters, target and id, are not properly sanitized. This can be exploited using specific payloads,...

GLPI 跨站脚本漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

UBUNTU-CVE-2021-21258

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI from version 9.5.0 and before version 9.5.4, there is a cross-site scripting injection vulnerability when using ajax/kanban.php. This is fixed...

PT-2021-14365 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions 9.5.3 Description: GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI, it was possible to switch entities with IDOR from a...

GHSA-X56P-C8CG-Q435 Open Redirect in Next.js versions

Impact - Affected: Users of Next.js between 9.5.0 and 9.5.3 - Not affected: Deployments on Vercel https://vercel.com are not affected - Not affected: Deployments using next export We recommend everyone to upgrade regardless of whether you can reproduce the issue or not. Patches...

IBM BigFix Platform Information Disclosure Vulnerability (CNVD-2017-33742)

IBM BigFix platform is a dynamic set of IBM's integrated messaging content-driven and management system multi-technology platform. An information disclosure vulnerability exists in IBM BigFix Platform versions 9.5.4 and earlier and 9.2.9 and earlier, which stems from the program's failure to...