Vulnerabilities > Varnish Software > Varnish Enterprise
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-21 | CVE-2025-30346 | HTTP Request Smuggling vulnerability in multiple products Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests. | 4.8 |
| 2025-03-21 | CVE-2025-30347 | Out-of-bounds Read vulnerability in Varnish-Software Varnish Enterprise 6.0.13 Varnish Enterprise before 6.0.13r13 allows remote attackers to obtain sensitive information via an out-of-bounds read for range requests on ephemeral MSE4 stevedore objects. | 7.5 |
| 2023-08-23 | CVE-2023-41104 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Varnish-Software Varnish Enterprise and Vmod Digest libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure; however, the exact attack surface will depend on the particular VCL (Varnish Configuration Language) configuration in use. | 6.5 |