CVE-2026-42587

Netty CVE-2026-42587 affects HttpContentDecompressor and DelegatingDecompressorFrameListener. Before 4.2.13.Final and 4.1.133.Final, maxAllocation is enforced for gzip/deflate but ignored for br, zstd, or snappy, allowing an attacker to bypass the decompression limit via Content-Encoding: br and ...

RHEL 7 : python-s3transfer (RHSA-2026:2911)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:2911 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

RLSA-2026:1239 Important: fence-agents security update

The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fixes: urllib3: urllib3: Unbounded decompression chain leads to resource...

CVE-2026-24673

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a file upload validation bypass vulnerability allows attackers to upload files with prohibited extensions by embedding them inside ZIP archives and extracting them using the...

Fedora: Security Advisory (FEDORA-2026-724d1b1044)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-37168

CVE-2024-37168 affects @grpc/grpc-js (pure JavaScript implementation of gRPC). Before the fixes, two code paths could buffer or decompress messages that exceed grpc.max_receive_message_length, potentially causing memory allocation in excess of the limit. This could occur when a message arrives la...