CLSA-2026-1778858907 mod_proxy_cluster: Fix of 2 CVEs

CVE-2023-6710: stored XSS in modcluster-manager HTML output via virtual host and context names rendered without HTML escaping - CVE-2024-10306: unauthorized MCMP requests due to directive being ignored for protocol-handler filtering; runtime guard now refuses siblings of EnableMCPMReceive, and...

PT-2025-33862 · Unknown · Nginx-Defender

Name of the Vulnerable Software and Affected Versions: nginx-defender versions prior to 1.5.0 Description: nginx-defender deployments are susceptible to a configuration issue due to the presence of default credentials in example configuration files, such as config.yaml and docker-compose.yml. The...