Varnish Enterprise

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-30347 MEDIUM This Month

Varnish Enterprise before 6.0.13r13 allows remote attackers to obtain sensitive information via an out-of-bounds read for range requests on ephemeral MSE4 stevedore objects. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Buffer Overflow Varnish Enterprise
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2025-30346 MEDIUM PATCH This Month

Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Request Smuggling Varnish Enterprise Varnish Cache Redhat +1
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-30347
EPSS 0% CVSS 4.0
MEDIUM This Month

Varnish Enterprise before 6.0.13r13 allows remote attackers to obtain sensitive information via an out-of-bounds read for range requests on ephemeral MSE4 stevedore objects. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Buffer Overflow Varnish Enterprise
NVD
CVE-2025-30346
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Request Smuggling Varnish Enterprise +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy