CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

[SECURITY] Fedora 43 Update: haproxy-3.0.23-2.fc43

HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...

[SECURITY] Fedora 44 Update: perl-HTTP-Tiny-0.094-1.fc44

This is a very simple HTTP/1.1 client, designed for doing simple GET requests without the overhead of a large framework like LWP::UserAgent. It is more correct and more complete than HTTP::Lite. It supports proxies currently only non-authenticating ones and redirection. It also correctly resumes...

GHSA-VHJM-W67Q-G75C @hapi/wreck leaks sensitive `Proxy-Authorization` header across cross-hostname redirects

Impact When @hapi/wreck follows a 3xx redirect to a different hostname, only the Authorization and Cookie headers are stripped. The standard credential header Proxy-Authorization is forwarded intact to the redirect target, potentially exposing forward-proxy credentials to a host outside the...

Insufficiently Protected Credentials

Overview @hapi/wreck is a HTTP Client Utilities library. Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to leaking the sensitive Proxy-Authorization header across cross-hostname redirects. An attacker can obtain sensitive proxy credentials by inducing...

@hapi/wreck leaks sensitive `Proxy-Authorization` header across cross-hostname redirects

Impact When @hapi/wreck follows a 3xx redirect to a different hostname, only the Authorization and Cookie headers are stripped. The standard credential header Proxy-Authorization is forwarded intact to the redirect target, potentially exposing forward-proxy credentials to a host outside the...

@11ty/eleventy (=3.0.0-alpha.16), @agiflowai/aicode-toolkit (>=0.6.0 <=1.1.0) +99 more potentially affected by CVE-2026-44646 via liquidjs (>=10.10.0 <=10.25.7)

liquidjs NPM version =10.10.0, =0.6.0, =0.1.0, =0.0.0, =0.5.5, =0.8.0, =1.0.1, =1.6.3, =3.11.0, =3.11.0, =3.11.0, =1.0.0, =1.0.0-beta.5 - @clairview/api =23.1.0 and more Source cves: CVE-2026-44646 Source advisory: OSV:GHSA-9X9P-QF8F-MVJG...

SUSE SLED15 / SLES15 Security Update : rsync (SUSE-SU-2026:2038-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2038-1 advisory. This update for rsync fixes the following issues - CVE-2026-29518: Symlink-Race TOCTOU in Daemon bsc1264511. -...

SUSE SLES15 Security Update : python312 (SUSE-SU-2026:2055-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2055-1 advisory. This update for python312 fixes the following issues - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF...

Amazon Linux 2 : openssh, --advisory ALAS2-2026-3320 (ALAS-2026-3320)

The version of openssh installed on the remote host is prior to 7.4p1-22. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3320 advisory. OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions. CVE-2026-35388 OpenS...

PT-2026-43476

Name of the Vulnerable Software and Affected Versions OpenStack Swift versions 2.36.0 through 2.36.1 OpenStack Swift versions 2.37.0 through 2.37.1 Description The s3api middleware contains a flaw where the StreamingInput class enters an infinite loop when processing a truncated aws-chunked PUT...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a resource management vulnerability. This vulnerability stemmed from the Proxy component’s ability to reuse resources after they were released, potentially allowing remote attackers...

PT-2026-43631

Impact When @hapi/wreck follows a 3xx redirect to a different hostname, only the Authorization and Cookie headers are stripped. The standard credential header Proxy-Authorization is forwarded intact to the redirect target, potentially exposing forward-proxy credentials to a host outside the...

PT-2026-44008

Name of the Vulnerable Software and Affected Versions Gradio versions prior to 6.15.0 Description A cookie injection issue exists due to a shared module-level HTTP client used across all users in the reverse proxy endpoint. This allows remote attackers who control any HF Space to return a...

PT-2026-44596

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue exists in the Proxy component. This allows a remote attacker to execute arbitrary code by utilizing a specially crafted PAC Proxy Auto-Config script, which is a...

Amazon Linux 2 : oci-add-hooks, --advisory ALAS2ECS-2026-118 (ALASECS-2026-118)

The version of oci-add-hooks installed on the remote host is prior to 0-0.10.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-118 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a...

Amazon Linux 2 : oci-add-hooks, --advisory ALAS2DOCKER-2026-122 (ALASDOCKER-2026-122)

The version of oci-add-hooks installed on the remote host is prior to 0-0.10.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-122 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a...

Amazon Linux 2 : soci-snapshotter, --advisory ALAS2DOCKER-2026-123 (ALASDOCKER-2026-123)

The version of soci-snapshotter installed on the remote host is prior to 0.13.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-123 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C...

Amazon Linux 2023 : golist (ALAS2023-2026-1742)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1742 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport...