Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header

A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named proto. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an...

CVE-2026-5673

A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability exists within the AVI Audio Video Interleave parser, specifically in the aviparseinputfile function. A local attacker could exploit this by tricking a user into opening a specially crafted AVI file containing a...

CVE-2026-1540

The Spam Protect for Contact Form 7 WordPress plugin before 1.2.10 allows logging to a PHP file, which could allow an attacker with editor access to achieve Remote Code Execution by using a crafted header...

EUVD-2026-18128

The Spam Protect for Contact Form 7 WordPress plugin before 1.2.10 allows logging to a PHP file, which could allow an attacker with editor access to achieve Remote Code Execution by using a crafted header...

CVE-2026-1540

The Spam Protect for Contact Form 7 WordPress plugin before 1.2.10 allows logging to a PHP file, which could allow an attacker with editor access to achieve Remote Code Execution by using a crafted header...

CVE-2026-1540

The CVE-2026-1540 entry concerns the WordPress plugin Spam Protect for Contact Form 7. Versions before 1.2.10 are affected. Vulnerability: Logging data to a PHP file creates a potential Remote Code Execution (RCE) path when an attacker with editor access can craft headers to trigger code executio...

PT-2026-29683

CVE-2026-1540 The Spam Protect for Contact Form 7 WordPress plugin before 1.2.10 allows logging to a PHP file, which could allow an attacker with editor access to achieve Remote Code… https://t.co/IMmhcpMAZ9...

Uncaught Exception

Overview Haraka is an email server with a modular plugin architecture. Affected versions of this package are vulnerable to Uncaught Exception in the header parsing. An attacker can cause the server process to crash by sending an email with a specially crafted header name such as proto, which...

Denial Of Service (DoS)

Nodemailer is vulnerable to a denial of service DoS. The vulnerability is due to improper handling of a crafted email address header that triggers infinite recursion in the address parser, which allows an attacker to exhaust resources and disrupt service availability...

CVE-2025-55018

An inconsistent interpretation of http requests 'http request smuggling' vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated attacker to smuggle an unlogged http request...

CVE-2025-55018

An inconsistent interpretation of http requests 'http request smuggling' vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated attacker to smuggle an unlogged http request...

CVE-2025-55018

An inconsistent interpretation of http requests 'http request smuggling' vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated attacker to smuggle an unlogged http request...

CVE-2025-55018

An inconsistent interpretation of http requests 'http request smuggling' vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated attacker to smuggle an unlogged http request...

MiracleLinux 3 : procmail-3.22-17.1.2.0.1 (AXSA:2014-528:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2014-528:01 advisory. Description: Procmail can be used to create mail-servers, mailing lists, sort your incoming mail into separate folders/files real convenient when subscribing ...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001983)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001983 advisory. The ieee80211radiotapiteratorinit function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of t...

CVE-2026-22198

GestSup versions prior to 3.2.60 contain a pre-authentication stored cross-site scripting XSS vulnerability in the API error logging functionality. By sending an API request with a crafted X-API-KEY header value for example, to /api/v1/ticket.php, an unauthenticated attacker can cause...

CVE-2026-22198

GestSup versions prior to 3.2.60 contain a pre-authentication stored cross-site scripting XSS vulnerability in the API error logging functionality. By sending an API request with a crafted X-API-KEY header value for example, to /api/v1/ticket.php, an unauthenticated attacker can cause...

CVE-2025-69230

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, reading multiple invalid cookies can lead to a logging storm. If the cookies attribute is accessed in an application, then an attacker may be able to trigger a storm of warning-level logs...

UBUNTU-CVE-2025-69230

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, reading multiple invalid cookies can lead to a logging storm. If the cookies attribute is accessed in an application, then an attacker may be able to trigger a storm of warning-level logs...

EUVD-2025-204250

Nodemailer is vulnerable to DoS through Uncontrolled Recursion...