netty-codec-haproxy: Netty HAProxy PROXY protocol v2 codec: Denial of Service via memory leak from crafted PROXY protocol headers

A flaw was found in the Netty HAProxy PROXY protocol v2 codec. A remote attacker can exploit this vulnerability by sending a specially crafted HAProxy PROXY protocol v2 header with nested PP2TYPESSL type-length-value TLV records. This can lead to a memory leak, causing the underlying cumulation...

CVE-2026-12043

A flaw was found in the AWS Common Runtime aws-c-http library. A remote attacker, by operating a malicious server, could send a crafted sequence of HTTP/2 HEADERS frames that improperly handle HPACK dynamic table size updates. This could lead to memory corruption on a connecting client applicatio...

EUVD-2026-35908

JsonKafkaHeaderMapper and the deprecated DefaultKafkaHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Combined with Jackson's default bean deserialization, a producer could supply crafted...

Exploit for CVE-2026-8181

EN: Controlled PoC and brief technical notes for authorized secu...

CVE-2026-42355

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the Electron Archive ASAR parser in NanaZip. When opening a crafted .asar file with deeply nested JSON in the header, both nlohmann::json::parse and the handler's...

PT-2026-40355

Name of the Vulnerable Software and Affected Versions NanaZip versions 5.0.1252.0 through 6.0.1697.0 Description An uncontrolled recursion issue exists in the Electron Archive ASAR parser. When opening a specially crafted .asar file containing deeply nested JSON in the header, the...

Astra Linux – Vulnerability in Ruby-Rack

Rack is a modular Ruby web server interface. Carefully crafted headers may cause header parsing in Rack to take longer than expected, potentially leading to a denial-of-service issue. The Accept and Forwarded headers are affected. Ruby 3.2 includes fixes for this problem, so Rack applications tha...

Server-side Request Forgery (SSRF)

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the AxiosHeaders normalization path and shouldBypassProxy helper. An attacker can smuggle CRLF and other control characters into...

nodejs:20 security update

An update is available for nodejs, module.nodejs-packaging, nodejs-packaging, module.nodejs, nodejs-nodemon, module.nodejs-nodemon. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Denial of Service (DoS)

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

CVE-2026-1540 Spam Protect for Contact Form 7 < 1.2.10 - Editor+ Remote Code Execution

The Spam Protect for Contact Form 7 WordPress plugin before 1.2.10 allows logging to a PHP file, which could allow an attacker with editor access to achieve Remote Code Execution by using a crafted header...

CVE-2026-28356

The CVE affects the Python library multipart (fast multipart/form-data parser). Before versions 1.2.2, 1.3.1, and 1.4.0-dev, parse_options_header() uses a regex with an ambiguous alternation that can cause exponential backtracking (ReDoS) when processing malicious HTTP headers or multipart/form-d...

DEBIAN-CVE-2025-69649

GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into displayrelocations, resulting in a segmentation fault SIGSEGV and...

CVE-2025-69649

GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into displayrelocations, resulting in a segmentation fault SIGSEGV and...

Fortinet FortiOS 环境问题漏洞

Fortinet FortiOS is a security operating system developed by Fortinet Corporation, specifically for use on the FortiGate network security platform. This system provides users with various security features, including firewalls, antivirus protection, IPSec/SSL VPN, web content filtering, and...

Oracle HTTP Server and Weblogic Proxy Plug-in vulnerability

Added: 01/23/2026 Background Oracle HTTP Server is the web server component for Oracle Fusion Middleware. Problem A vulnerability in Oracle HTTP Server and Weblogic Proxy Plug-in could allow a remote attacker to execute arbitrary commands by requesting a specially crafted path which allows...

MiracleLinux 3 : dovecot-1.0.7-7.1.0.1.AXS3 (AXSA:2011-295:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2011-295:01 advisory. Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in eith...

SUSE-SU-2026:20028-1 Security update for python-tornado6

This update for python-tornado6 fixes the following issues: - CVE-2025-67724: unescaped reason argument used in HTTP headers and in HTML default error pages can be used by attackers to launch header injection or XSS attacks bsc1254903. - CVE-2025-67725: quadratic complexity of string concatenatio...

CVE-2008-7166

Buffer overflow in the web interface in BitTorrent 6.0.1 build 7859 and earlier, and uTorrent 1.7.6 build 7859 and earlier, allows remote attackers to cause a denial of service memory consumption and crash via a crafted Range header. NOTE: this is probably a different vulnerability than...

free5GC 安全漏洞

free5GC is a 5th Generation 5G mobile core network open source project by free5GC Open Source. A security vulnerability exists in free5GC version 4.1.0, which stems from an issue with the handling of specially crafted headers by the LocalNode.Sess function, which could result in a denial of servi...