324 matches found
CVE-2026-5078
Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...
PT-2026-45901
Name of the Vulnerable Software and Affected Versions morgan versions 1.2.0 through 1.10.1 Description The logging middleware fails to neutralize control characters when the :remote-user token extracts the Basic auth username from the Authorization request header. An unauthenticated attacker can...
Unity Linux 20.1060e / 20.1070e Security Update: rubygem-nokogiri (UTSA-2026-016661)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016661 advisory. Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE...
PT-2026-40607
Name of the Vulnerable Software and Affected Versions bandit versions 1.4.0 through 1.11.0 Description An unauthenticated remote attacker can cause a denial of service via memory exhaustion. The read data/2 function in Elixir.Bandit.HTTP1.Socket ignores the :length option when processing HTTP/1...
CVE-2026-42645
Cross-Site Request Forgery CSRF vulnerability in Dmitry V. CEO of "UKR Solution" Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Cross Site Request Forgery.This issue affects Barcode Scanner with Inventory & Order Manager: fro...
EUVD-2026-26715
Bandit Buffers Unbounded WebSocket Continuation Frames, Allowing Unauthenticated Memory Exhaustion...
CVE-2026-39805
Inconsistent Interpretation of HTTP Requests vulnerability in mtrudel bandit allows HTTP request smuggling via duplicate Content-Length headers. 'Elixir.Bandit.Headers':getcontentlength/1 in lib/bandit/headers.ex uses List.keyfind/3, which returns only the first matching header. When a request...
CVE-2026-39805
CVE-2026-39805 describes an HTTP request smuggling flaw in Elixir Bandit (bandit) due to Bandit.Headers:get_content_length/1 using List.keyfind/3. If a request carries two Content-Length headers with different values, Bandit may read the body using the first value and dispatch the remaining bytes...
CVE-2026-39805 CL.CL HTTP request smuggling via duplicate Content-Length in bandit
Inconsistent Interpretation of HTTP Requests vulnerability in mtrudel bandit allows HTTP request smuggling via duplicate Content-Length headers. 'Elixir.Bandit.Headers':getcontentlength/1 in lib/bandit/headers.ex uses List.keyfind/3, which returns only the first matching header. When a request...
EEF-CVE-2026-42786 WebSocket fragmented message reassembly unbounded in bandit
Summary Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion. The fragment reassembly path in 'Elixir.Bandit.WebSocket.Connection':handleframe/3 in lib/bandit/websocket/connection.ex appends ever...
CVE-2026-42786 WebSocket fragmented message reassembly unbounded in bandit
Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion. The fragment reassembly path in 'Elixir.Bandit.WebSocket.Connection':handleframe/3 in lib/bandit/websocket/connection.ex appends every incomi...
Bandit 安全漏洞
Bandit is a high-performance HTTP and WebSocket server from the individual developer Mat Trudel. A security vulnerability exists in Bandit versions 0.5.9 through 1.11.0 and earlier, which stems from an unrestricted resource allocation when WebSocket permessage-deflate compression is enabled, whic...
Bandit 安全漏洞
Bandit is a high-performance HTTP and WebSocket server from the individual developer Mat Trudel. A security vulnerability exists in Bandit version 0.5.0 through versions prior to 1.11.0, which stems from a fragment reorganization path in a WebSocket connection that does not set a size cap on the...
PT-2026-36543
Name of the Vulnerable Software and Affected Versions bandit versions 0.5.0 through 1.10.x Description An allocation of resources without limits or throttling allows unauthenticated remote denial of service via memory exhaustion. The fragment reassembly path in the handle frame/3 function within...
Bandit 环境问题漏洞
Bandit is a high-performance HTTP and WebSocket server from the individual developer Mat Trudel. An environmental issue vulnerability exists in Bandit versions prior to 1.11.0, which stems from inconsistent handling of duplicate Content-Length headers and could lead to HTTP request entrapment...
CVE-2025-60889
Insecure deserialization of untrusted input in StellarGroup HPX 1.11.0 under certain conditions may allow attackers to execute arbitrary code or other unspecified impacts...
CVE-2026-42645
Cross-Site Request Forgery CSRF vulnerability in Dmitry V. CEO of "UKR Solution" Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Cross Site Request Forgery.This issue affects Barcode Scanner with Inventory & Order Manager: fro...
CVE-2026-42645
Cross-Site Request Forgery CSRF vulnerability in Dmitry V. CEO of "UKR Solution" Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Cross Site Request Forgery.This issue affects Barcode Scanner with Inventory & Order Manager: fro...
WordPress Plugin Barcode Scanner with Inventory & Order Manager 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2025-60889
The CVE-2025-60889 entry concerns StellarGroup HPX 1.11.0 and a vulnerability in insecure deserialization of untrusted input. Under certain conditions, this could allow an attacker to execute arbitrary code or cause other unspecified impacts. The documents do not provide specific vulnerable compo...