VYPR
Vendor

Cloudflare

Products
24
CVEs
49
Across products
52
Status
Private

Products

24

Recent CVEs

49
View all 49 CVEs →
  • CVE-2026-1664MedFeb 3, 2026
    risk 0.45cvss epss 0.00

    Summary An Insecure Direct Object Reference has been found to exist in `createHeaderBasedEmailResolver()` function within the Cloudflare Agents SDK. The issue occurs because the `Message-ID` and `References` headers are parsed to derive the target agentName and agentId without…

  • CVE-2026-1721MedFeb 13, 2026
    risk 0.33cvss epss 0.00

    Summary A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground's OAuth callback handler. The `error_description` query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary…

  • CVE-2025-8556LowAug 6, 2025
    risk 0.24cvss 3.7epss 0.00

    A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange.

  • CVE-2021-3910MedNov 11, 2021
    risk 0.22cvss 4.4epss 0.01

    OctoRPKI crashes when encountering a repository that returns an invalid ROA (just an encoded NUL (\0) character).

  • CVE-2025-59427LowSep 19, 2025
    risk 0.12cvss epss 0.00

    The Cloudflare Vite plugin enables a full-featured integration between Vite and the Workers runtime. When utilising the Cloudflare Vite plugin in its default configuration, all files are exposed by the local dev server, including files in the root directory that contain secret…

  • CVE-2026-11941Jun 19, 2026
    risk 0.00cvss epss 0.00

    Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI functions. The “quiche_connection_id_iter_next” and “quiche_conn_retired_scid_next” functions would return a pointer to a “ConnectionId” to the applications via…

  • CVE-2026-1229Feb 24, 2026
    risk 0.00cvss epss 0.00

    The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas. ECDH and ECDSA signing relying on this curve are not affected. The bug was fixed in v1.6.3…

  • CVE-2026-0933Jan 20, 2026
    risk 0.00cvss epss 0.01

    SummaryA command injection vulnerability (CWE-78) has been found to exist in the `wrangler pages deploy` command. The issue occurs because the `--commit-hash` parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with…

  • CVE-2025-13353Dec 2, 2025
    risk 0.00cvss epss 0.00

    In gokey versions <0.2.0, a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM authentication tag of the key seed. This issue has been fixed in gokey version 0.2.0. This is a breaking change. The…

  • CVE-2025-7054Aug 7, 2025
    risk 0.00cvss epss 0.00

    Cloudflare quiche was discovered to be vulnerable to an infinite loop when sending packets containing RETIRE_CONNECTION_ID frames. QUIC connections possess a set of connection identifiers (IDs); see Section 5.1 of RFC 9000 https://datatracker.ietf.org/doc/html/rfc9000#section-5…

  • CVE-2025-4821Jun 18, 2025
    risk 0.00cvss epss 0.01

    Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a…

  • CVE-2025-4820Jun 18, 2025
    risk 0.00cvss epss 0.01

    Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a…

  • CVE-2025-4366May 22, 2025
    risk 0.00cvss epss 0.00

    A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning. Fixed in: …

  • CVE-2025-4144May 1, 2025
    risk 0.00cvss epss 0.00

    PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp . However, it was found that an attacker could cause the check to be skipped. Fixed in: …

  • CVE-2025-4143May 1, 2025
    risk 0.00cvss epss 0.00

    The OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp , did not correctly validate that redirect_uri was on the allowed list of redirect URIs for the given client registration. Fixed in: …

  • CVE-2021-3978Jan 29, 2025
    risk 0.00cvss epss 0.00

    When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root ( https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service ) this could allow…

  • CVE-2024-1410Mar 12, 2024
    risk 0.00cvss epss 0.01

    Cloudflare quiche was discovered to be vulnerable to unbounded storage of information related to connection ID retirement, which could lead to excessive resource consumption. Each QUIC connection possesses a set of connection Identifiers (IDs); see RFC 9000 Section 5.1…

  • CVE-2024-1765Mar 12, 2024
    risk 0.00cvss epss 0.01

    Cloudflare Quiche (through version 0.19.1/0.20.0) was affected by an unlimited resource allocation vulnerability causing rapid increase of memory usage of the system running quiche server or client. A remote attacker could take advantage of this vulnerability by repeatedly…

  • CVE-2023-7080Dec 29, 2023
    risk 0.00cvss epss 0.01

    The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and…

  • CVE-2023-7079Dec 29, 2023
    risk 0.00cvss epss 0.01

    Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also…