CLSA-2026-1774622460 squid: Fix of 3 CVEs

CVE-2025-59362: fix ASN.1 encoding of long SNMP OIDs - CVE-2026-33526: do not escape malformed URI twice when sending ICP errors - CVE-2026-33515: fix validation of ICP packet sizes and URLs...

BIT-GITLAB-2026-2973 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to execute arbitrary JavaScript in a user's browser due to improper sanitization of entity-encoded content in...

CVE-2025-59028

When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes hea...

Interpretation Conflict

github.com/traefik/traefik is vulnerable to Interpretation Conflict. The vulnerability is due to improper path normalization when handling Path, PathPrefix, or PathRegex matchers, which allows an attacker to use URL-encoded characters to bypass middleware and access unintended backend services...

[SECURITY] Fedora 43 Update: rust-asn1-0.22.0-1.fc43

ASN.1 DER parser and writer for Rust...

Netty 环境问题漏洞

Netty is a non-blocking I/O client-server framework from the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.1.132.Final and 4.2.10.Final contained environmental issues. These issues were caused by...

CVE-2026-33911

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the POST parameter title is reflected back in a JSON response built with jsonencode. Because the response is served with a text/html Content-Type, the browser...

CVE-2026-33148

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the FDC USDA FoodData Central search endpoint constructs an upstream API URL by directly interpolating the user-supplied query parameter into the URL string without...

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling in the parsing of quoted strings within chunked transfer encoding extension values. An attacker can inject arbitrary HTTP requests into a connection by crafting chunk extensions containing carriage return or line...

HTTP Request Smuggling

Overview io.netty:netty-codec-http is a network application framework for rapid development of maintainable high performance protocol servers & clients. Affected versions of this package are vulnerable to HTTP Request Smuggling in the parsing of quoted strings within chunked transfer encoding...

GHSA-PWQR-WMGM-9RR8 Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing

Summary Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Background This vulnerability is a new variant discovered during research into the "Funky Chunks" HTTP request smuggling techniques: - - The original researc...

CVE-2026-2973

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to execute arbitrary JavaScript in a user's browser due to improper sanitization of entity-encoded content in...

CVE-2026-32031

OpenClaw versions prior to 2026.2.26 server-http contains an authentication bypass vulnerability in gateway authentication for plugin channel endpoints due to path canonicalization mismatch between the gateway guard and plugin handler routing. Attackers can bypass authentication by sending reques...

CVE-2026-31381

An attacker can extract user email addresses PII exposed in base64 encoding via the state parameter in the OAuth callback URL...

CVE-2026-0809

Use of a custom token encoding algorithm in Streamsoft Prestiż software allows the value of the KSeF Krajowy System e-Faktur token to be guessed after analyzing how tokens with know values are encoded. This issue was fixed in version 20.0.380.92...

CVE-2026-32811

Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. When using Heimdall in envoy gRPC decision API mode with versions 0.7.0-alpha through 0.17.10, wrong encoding of the query URL string allows rules with non-wildcard path expressions to be bypassed. Envoy splits t...

CVE-2026-33024

AVideo is a video-sharing Platform. Versions prior to 8.0 contain a Server-Side Request Forgery vulnerability CWE-918 in the public thumbnail endpoints getImage.php and getImageMP4.php. Both endpoints accept a base64Url GET parameter, base64-decode it, and pass the resulting URL to ffmpeg as an...

CVE-2026-31846

Missing authentication in the /goform/ate endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows an adjacent unauthenticated attacker to retrieve sensitive device information, including the administrator password. The endpoint returns a raw response containing...

CLSA-2026-1774528630 openssh: Fix of 3 CVEs

CVE-2018-20685: fix a vulnerability scp client where a malicious server could bypass intended access restrictions and modify target directory permissions via crafted filenames - CVE-2019-6109: fix scp client where a malicious server could manipulate the client's progress display output due to...

HTTP Request Smuggling

Next.js is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper handling of Transfer-Encoding: chunked and Content-Length headers during proxy rewrites, which allows an attacker to craft malicious DELETE/OPTIONS requests and smuggle unauthorized requests to unintended backen...