CVE-2026-31842

Tinyproxy 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive Transfer-Encoding check in is_chunked_transfer() (strcmp against "chunked"). RFC 7230 requires case-insensitive transfer-coding names. An unauthenticated attacker sending Transfer-Encoding: Chunked ca...

CVE-2026-31842

Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The ischunkedtransfer function uses strcmp to compare the header value against "chunked", even though RFC 7230 specifies that...

CVE-2026-31842

Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The ischunkedtransfer function uses strcmp to compare the header value against "chunked", even though RFC 7230 specifies that...

Linux Distros Unpatched Vulnerability : CVE-2026-31789

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A...

dbt 操作系统命令注入漏洞

Dbt is a data encoding tool open source by Dbt Labs. Dbt has a vulnerability related to operating system command injection. This vulnerability arises from directly inserting text controlled by the attacker into shell syntax without escaping it, which may lead to the execution of arbitrary shell...

Linux Distros Unpatched Vulnerability : CVE-2026-33033

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by...

PT-2026-30894

Name of the Vulnerable Software and Affected Versions Emissary versions prior to 8.39.0 Description Emissary is a P2P based data-driven workflow engine. Prior to version 8.39.0, the configuration API endpoint /api/configuration/name validated configuration names using a blacklist approach that...

PT-2026-30811

Name of the Vulnerable Software and Affected Versions Tinyproxy versions 1.0 through 1.11.3 Description An issue exists in the way the Transfer-Encoding header is parsed in src/reqs.c. The is chunked transfer function uses strcmp to compare the header value against "chunked", failing to account f...

PT-2026-30850

Name of the Vulnerable Software and Affected Versions Django versions 4.2 through 4.2.29, 5.2 through 5.2.12, and 6.0 through 6.0.3 Description The MultiPartParser component is susceptible to performance degradation when processing multipart uploads containing Content-Transfer-Encoding: base64 wi...

Emissary 路径遍历漏洞

Emissary is a distributed P2P data-driven workflow framework developed by the National Security Agency. Versions of Emissary prior to 8.39.0 contained a path traversal vulnerability. This vulnerability stemmed from the use of a blacklist method to validate configuration names in the configuration...

RHEL 8 : freerdp (RHSA-2026:6764)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6764 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to R...

CVE-2026-35180

WWBN AVideo (versions 26.0 and prior) is affected by CVE-2026-35180 due to a CSRF vulnerability in the site customization endpoint (admin/customize_settings_nativeUpdate.json.php) that lacks CSRF validation and writes uploaded logo files to disk before ORM domain checks. Combined with SameSite=No...

freerdp: FreeRDP: Arbitrary code execution via heap out-of-bounds write in RLE planar decode path

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A malicious RDP server can exploit a heap out-of-bounds write vulnerability in the planardecompressplanerle function. This vulnerability allows the server to write past the end of a temporary buffer, potentiall...

Improper Encoding or Escaping of Output

Overview glpi/glpi is a free Asset and IT Management Software package with ITIL Service Desk, licenses tracking and software auditing. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the Website field in the supplier component. An attacker can execu...

EUVD-2026-19350

vLLM is an inference and serving engine for large language models LLMs. From 0.7.0 to before 0.19.0, the VideoMediaIO.loadbase64 method at vllm/multimodal/media/video.py splits video/jpeg data URLs by comma to extract individual JPEG frames, but does not enforce a frame count limit. The numframes...

is-localhost-ip 2.0.0 - SSRF

Titles: is-localhost-ip 2.0.0 - SSRF Author: nu11secur1ty Date: 11/09/2025 Vendor: https://github.com/tinovyatkin/is-localhost-ip Software: https://github.com/tinovyatkin/is-localhost-ip/releases/tag/v2.0.0 Reference: https://portswigger.net/web-security/ssrf Description: SSRF PoC — Professional...

Improper Privilege Management

ci4-cms-erp/ci4ms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization and output encoding of user-controlled profile name input, which allows an attacker to inject and execute malicious JavaScript in application views...

Linux Distros Unpatched Vulnerability : CVE-2026-34230

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.selectbestencoding processes Accept-Encoding values with...

SUSE SLES12 Security Update : perl-Crypt-URandom (SUSE-SU-2026:1170-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:1170-1 advisory. This update for perl-Crypt-URandom fixes the following issue: Update to 0.550.0 0.55: - CVE-2026-2474: heap buffer overflow in the XS function...

Linux Distros Unpatched Vulnerability : CVE-2026-34786

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Staticapplicablerules evaluates several headerrules types agains...