103597 matches found
Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a HTTP Request Smuggling Vulnerability in Netty (CVE-2026-33870)
Summary Netty is used by IBM DevOps Deploy / IBM UrbanCode Deploy UCD as part of the Server/Agent/Relay communication system. CVE-2026-33870. Vulnerability Details CVEID:CVE-2026-33870 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to...
CVE-2026-58477
Sustainable Irrigation Platform SIP through version 5.2.16 contains a mass assignment vulnerability that allows unauthenticated attackers to overwrite sensitive configuration settings by supplying arbitrary parameter names in HTTP requests. Attackers can manipulate parameters corresponding to...
ROOT-APP-MAVEN-CVE-2026-42584 CVE-2026-42584 in io.root.io.netty:netty-codec-http - Patched by Root
Root has patched CVE-2026-42584 in the io.root.io.netty:netty-codec-http package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-42587 CVE-2026-42587 in io.root.io.netty:netty-codec-http - Patched by Root
Root has patched CVE-2026-42587 in the io.root.io.netty:netty-codec-http package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2025-67735 CVE-2025-67735 in io.root.io.netty:netty-codec-http - Patched by Root
Root has patched CVE-2025-67735 in the io.root.io.netty:netty-codec-http package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-33870 CVE-2026-33870 in io.root.io.netty:netty-codec-http - Patched by Root
Root has patched CVE-2026-33870 in the io.root.io.netty:netty-codec-http package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-42580 CVE-2026-42580 in io.root.io.netty:netty-codec-http - Patched by Root
Root has patched CVE-2026-42580 in the io.root.io.netty:netty-codec-http package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-42581 CVE-2026-42581 in io.root.io.netty:netty-codec-http - Patched by Root
Root has patched CVE-2026-42581 in the io.root.io.netty:netty-codec-http package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-41417 CVE-2026-41417 in io.root.io.netty:netty-codec-http - Patched by Root
Root has patched CVE-2026-41417 in the io.root.io.netty:netty-codec-http package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-42585 CVE-2026-42585 in io.root.io.netty:netty-codec-http - Patched by Root
Root has patched CVE-2026-42585 in the io.root.io.netty:netty-codec-http package for Root:Maven. Multiple fixed versions available...
CVE-2026-58319
Certain Apache Doris FE HTTP REST administrative APIs were accessible without proper authentication. An unauthenticated attacker with network access to the FE HTTP service could perform unauthorized administrative operations, potentially affecting cluster integrity and availability and leading to...
CVE-2026-6790
In Eclipse Jetty, for HTTP/1, HTTP/2 and HTTP/3 requests, there is no strict check that the request authority host and port matches what provided in the Host header if present. This was not enforced in earlier HTTP RFC for example, in RFC 2616, but it is in the latest RFC 9110 and 9112. This...
EUVD-2026-43646
In Eclipse Jetty, for HTTP/1, HTTP/2 and HTTP/3 requests, there is no strict check that the request authority host and port matches what provided in the Host header if present. This was not enforced in earlier HTTP RFC for example, in RFC 2616, but it is in the latest RFC 9110 and 9112. This...
CVE-2026-59246 Zero-length HTTP/2 CONTINUATION frames bypass Mint's header-block byte-size cap and exhaust client memory
Allocation of resources without limits vulnerability in elixir-mint mint allows a remote HTTP/2 server to exhaust memory on the client host and cause a denial of service. The Mint.HTTP2.handlecontinuation/3 function in lib/mint/http2.ex accumulates the header-block fragment carried by each HTTP/2...
EUVD-2026-43643
Allocation of resources without limits vulnerability in elixir-mint mint allows a remote HTTP/2 server to exhaust memory on the client host and cause a denial of service. The Mint.HTTP2.handlecontinuation/3 function in lib/mint/http2.ex accumulates the header-block fragment carried by each HTTP/2...
CVE-2026-58229
The CVE-2026-58229 issue affects the Elixir Mint HTTP client. Mint.HTTP1.decode_headers/5 and Mint.HTTP1.decode_trailer_headers/4 accumulate all parsed response headers and trailer fields into a request.headers_buffer without a cap, and decoding uses unlimited per-line/packet limits. A malicious ...
CVE-2026-12606
Eclipse Grizzly in versions before 5.0.2, cannot properly parse the trailer section in malformed trailer header's line, which can be leveraged to perform HTTP request smuggling...
CVE-2026-15075
In Eclipse Vert.x versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, DefaultRedirectHandler vertx-core propagates all request headers as-is across cross-origin HTTP 30x redirects. Only Content-Length is stripped; no origin comparison scheme, host, port is performed before copyin...
McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting
McAfee Network Data Loss Prevention User-Agent 9.3.x contains a cross-site scripting vulnerability which allows remote attackers to get session/cookie information via modification of the HTTP request. id: CVE-2017-4011 info: name: McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting...
osTicket < v1.16.6 - Cross-Site Scripting
Cross-site Scripting XSS - Generic in GitHub repository osticket/osticket prior to v1.16.6. id: CVE-2023-1318 info: name: osTicket v1.16.6 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Cross-site Scripting XSS - Generic in GitHub repository osticket/osticket prior to...