CVE-2026-22741

Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all the following are true: the application is using Spring MVC or Spring WebFlux the application is configuring the resource chain support...

CVE-2026-22741

CVE-2026-22741 – cache poisoning in static resources (Spring MVC/WebFlux) . When an app uses Spring MVC/WebFlux with resource chain caching enabled and encoded resource resolution, and the resource cache is empty, an attacker can poison the cache by sending crafted requests with incorrect encodin...

Security update for openCryptoki

This update for openCryptoki fixes the following issue: CVE-2026-40253: malformed BER-encoded cryptographic objects can lead to information disclosure and denial of service bsc1262283. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

CVE-2026-35366

A flaw was found in the printenv utility within uutils coreutils. This vulnerability allows an attacker to conceal malicious environment variables by using invalid UTF-8 byte sequences. As a result, security tools and administrators may not detect these hidden variables, which could enable...

CVE-2026-42517

This vulnerability exists in e-Sushrut due to the use of reversible Base64 encoding for protecting sensitive data. An authenticated attacker could exploit this vulnerability by decoding and manipulating Base64-encoded parameters in the request URL to gain unauthorized access to sensitive...

CVE-2025-10503

The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of malicious JavaScript payloads, enabling reflected cross-site scripting. An attacker can leverage this...

CVE-2026-42517 Cryptographic Failure Vulnerability in e-Sushrut HMIS

This vulnerability exists in e-Sushrut due to the use of reversible Base64 encoding for protecting sensitive data. An authenticated attacker could exploit this vulnerability by decoding and manipulating Base64-encoded parameters in the request URL to gain unauthorized access to sensitive...

CVE-2026-42517

The CVE-2026-42517 entry affects the e-Sushrut HMIS system, where a vulnerability arises from using reversible Base64 encoding to protect sensitive data. The root cause is that sensitive parameters in the request URL are Base64-encoded rather than securely protected, allowing an authenticated att...

CVE-2026-42517

This vulnerability exists in e-Sushrut due to the use of reversible Base64 encoding for protecting sensitive data. An authenticated attacker could exploit this vulnerability by decoding and manipulating Base64-encoded parameters in the request URL to gain unauthorized access to sensitive...

CVE-2026-42517 Cryptographic Failure Vulnerability in e-Sushrut HMIS

This vulnerability exists in e-Sushrut due to the use of reversible Base64 encoding for protecting sensitive data. An authenticated attacker could exploit this vulnerability by decoding and manipulating Base64-encoded parameters in the request URL to gain unauthorized access to sensitive...

EUVD-2025-209586

The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of malicious JavaScript payloads, enabling reflected cross-site scripting. An attacker can leverage this...

CVE-2025-10503

WSO2 Identity Server: CVE-2025-10503 is a reflected cross-site scripting flaw in the authentication endpoint caused by insufficient output encoding for user-supplied input. This allows injection of malicious JavaScript payloads that can redirect users, alter the UI, or retrieve information from t...

MAL-2026-3160 Malicious code in apple-internal-pki-utils (npm)

Malicious npm package published by threat actor "raya4321" as part of a coordinated typosquatting campaign impersonating Apple internal infrastructure services authentication, PKI, telemetry, CloudKit, and cloud infrastructure. All packages in this campaign execute credential-theft payloads durin...

Exploit for Command Injection in Github Enterprise_Server

CVE-2026-3854 PoC — GitHub RCE via X-Stat Push Option Injectio...

DEBIAN-CVE-2026-40560

Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

CVE-2026-40560

Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

PT-2026-35889

Name of the Vulnerable Software and Affected Versions e-Sushrut affected versions not specified Description e-Sushrut uses reversible Base64 encoding to protect sensitive data. An authenticated attacker can decode and manipulate Base64-encoded parameters in the request URL to gain unauthorized...

PT-2026-35879

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allo...

CDAC e-Sushrut 安全漏洞

CDAC e-Sushrut is a system platform provided by the Indian CDAC company that handles hospital information management and medical process support. There is a security vulnerability in CDAC e-Sushrut. This vulnerability stems from the use of reversible Base64 encoding to protect sensitive data. It...

CVE-2026-40560 Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence

Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...