Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an improper Allocation of Resources in encoding/asn1 (CVE-2025-58185)

Summary IBM Watson Speech Services Cartridge is vulnerable to an improper Allocation of Resources in encoding/asn1, caused by an issue which allows parsing of a maliciously crafted DER payload that could allocate large amounts of memory CVE-2025-58185. Encoding/asn1 is used in our speech-utilitie...

CVE-2026-2404

CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /jsecurity check request payload...

EUVD-2025-209440

The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications. OECH1 encodings should be considered exploitable and immediately replaced by any other...

CVE-2026-2404

CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /jsecurity check request payload...

CVE-2026-2404

CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /jsecurity check request payload...

io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass...

CVE-2025-8095

The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications. OECH1 encodings should be considered exploitable and immediately replaced by any other...

CVE-2025-8095 Recoverable obfuscation using the OECH1 prefix encoding in OpenEdge

The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications. OECH1 encodings should be considered exploitable and immediately replaced by any other...

CVE-2025-8095

CVE-2025-8095 describes a vulnerability in the OECH1 prefix encoding used by the OpenEdge platform. The encoding is cryptographically weak and unsuitable for stored encodings or enterprise applications; OECH1 should be considered exploitable and immediately replaced with a supported prefix encodi...

CVE-2025-8095

The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications. OECH1 encodings should be considered exploitable and immediately replaced by any other...

CVE-2025-8095 Recoverable obfuscation using the OECH1 prefix encoding in OpenEdge

The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications. OECH1 encodings should be considered exploitable and immediately replaced by any other...

CVE-2026-2332

In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: https://w4ke.info/2025/06/18/funky-chunks.html https://w4ke.info/2025/10/29/funky-chunks-2.html Jetty terminates chunk extension parsing...

UBUNTU-CVE-2026-2332

In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: https://w4ke.info/2025/06/18/funky-chunks.html https://w4ke.info/2025/10/29/funky-chunks-2.html Jetty terminates chunk extension parsing...

HTTP Request Smuggling

Overview org.eclipse.jetty:jetty-http is an is a http module for jetty server. Affected versions of this package are vulnerable to HTTP Request Smuggling in the HTTP/1.1 parser HttpParser.java. An attacker can inject additional HTTP requests with chunked transfer encoding with improperly terminat...

USN-8174-1 libxml-parser-perl vulnerabilities

It was discovered that XML::Parser incorrectly handled certain multi-byte UTF-8 characters. If a user or automated system were tricked into processing specially crafted XML data, a remote attacker could use this issue to cause XML::Parser to crash, resulting in a denial of service or to possibly...

MINI-H264-V6XQ-9GFG

Bulletin has no description...

CVE-2025-70936

Vtiger CRM 8.4.0 contains a reflected cross-site scripting XSS vulnerability in the MailManager module. Improper handling of user-controlled input in the folder parameter allows a specially crafted, double URL-encoded payload to be reflected and executed in the context of an authenticated user s...

PT-2026-32625

Name of the Vulnerable Software and Affected Versions OpenEdge affected versions not specified Description The OECH1 prefix encoding, used to obfuscate values across the platform, is cryptographically weak. This makes it unsuitable for enterprise applications and stored encodings, as the...

Medium: libvncserver

Issue Overview: LibVNCServer versions 0.9.15 and prior fixed in commit 009008e contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows a malicious VNC server to cause information disclosure or application crash. Attackers can exploit improper bounds checking i...

Progress OpenEdge 安全漏洞

Progress OpenEdge is an enterprise-level application development and database management platform provided by the American company Progress. There is a security vulnerability in Progress OpenEdge, which stems from the weak encryption strength of the OECH1 prefix encoding. This vulnerability may...