CVE-2026-33012 Micronaut Framework vulnerable to a Denial of Service in HTML error response caching

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Versions 4.7.0 through 4.10.16 used an unbounded ConcurrentHashMap cache with no eviction policy in its DefaultHtmlErrorResponseBodyProvider. If the application throws an...

CVE-2026-33012 Micronaut Framework vulnerable to a Denial of Service in HTML error response caching

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Versions 4.7.0 through 4.10.16 used an unbounded ConcurrentHashMap cache with no eviction policy in its DefaultHtmlErrorResponseBodyProvider. If the application throws an...

CVE-2026-25480

Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, FileStore maps cache keys to filenames using Unicode NFKD normalization and ord substitution without separators, creating key collisions. When FileStore is used as response-cache backend, an unauthenticated remo...

CVE-2026-25480

Litestar prior to 2.20.0 uses FileStore cache keys derived from Unicode NFKD normalization and ord() substitution without separators, enabling cache key collisions when used as a response-cache backend. An unauthenticated remote attacker can craft paths to trigger collisions, causing one URL to s...

CVE-2026-25480 FileStore key canonicalization collisions allow response cache mixup/poisoning (ASCII ord + Unicode NFKD)

Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, FileStore maps cache keys to filenames using Unicode NFKD normalization and ord substitution without separators, creating key collisions. When FileStore is used as response-cache backend, an unauthenticated remo...

EUVD-2000-0248

Malware in sbrugna...

EUVD-2025-0179

Malicious code in bioql PyPI...

CVE-2025-24794

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. The OCSP response cache uses pickle as the...

CVE-2025-24794

Technical details such as affected products, versions, root cause, impact and fixes for CVE-2025-24794 are not provided in the connected documents. Please monitor for updates from relevant advisories to obtain concrete vulnerability data and remediation guidance.

CVE-2025-24794 The Snowflake Connector for Python uses insecure deserialization of the OCSP response cache

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. The OCSP response cache uses pickle as the...

CVE-2025-24794 The Snowflake Connector for Python uses insecure deserialization of the OCSP response cache

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. The OCSP response cache uses pickle as the...

Interesting new filters on Spring Cloud Gateway 4.0

Spring Cloud Gateway 4.0 is finally here! Thanks to our community contributions we have introduced new features and interesting filters. This blog post details new noteworthy and explains some of the new filters included, how they work and how you can use it to provide more insights into your...

Starbucks: [newscdn.starbucks.com] CRLF Injection, XSS

PoC FireFox http://newscdn.starbucks.com/%0d%0aContent-Length:35%0d%0aX-XSS-Protection:0%0d%0a%0d%0a23%0d%0a%0d%0a0%0d%0a/%2e%2e After sending the request through FireFox this query is saved in cache and using a small trick can be made to work it in another browser. PoC Chrome Make sure you send...

CVE-2001-0122

Kernel leak in AfpaCache module of the Fast Response Cache Accelerator FRCA component of IBM HTTP Server 1.3.x and Websphere 3.52 allows remote attackers to cause a denial of service via a series of malformed HTTP requests that generate a "bad request" error...

CVE-2000-0249

The FRCA vulnerability in AIX allows local users to modify arbitrary files via the frcactrl configuration capability when the FRCA kernel module is loaded. A root-privilege escalation is possible because the setuid frcactrl enables non-root users to manipulate FRCA configuration and log files. Af...

CVE-2000-0249

The AIX Fast Response Cache Accelerator FRCA allows local users to modify arbitrary files via the configuration capability in the frcactrl program...