CLSA-2026-1770310264 java-1.8.0-openjdk: Fix of 3 CVEs

Upgrade to shenandoah-jdk8u482-b08 GA fixing the following CVE: - CVE-2026-21945: enhance certificate checking - CVE-2026-21925: improve JMX connections - CVE-2026-21933: improve HttpServer request handling...

CLSA-2026-1775779143 java-11-openjdk: Fix of 5 CVEs

Upgrade to openjdk-11.0.30+7 GA. The following CVEs were fixed: - CVE-2026-21945: enhance Certificate Checking - CVE-2026-21933: improve HttpServer Request handling - CVE-2026-21925: improve JMX connections - CVE-2025-65018: fix LIBPNG heap buffer overflow - CVE-2025-64720: fix LIBPNG buffer...

MAL-2026-2714 Malicious code in @gameforge/http-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5c80f200c1cbaa194dfc83e5a8c911c182ff110b7451512013646d9414429b4 The package @gameforge/http-server was found to contain malicious code...

Malicious code in @gameforge/http-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5c80f200c1cbaa194dfc83e5a8c911c182ff110b7451512013646d9414429b4 The package @gameforge/http-server was found to contain malicious code...

@adonisjs/http-server 安全漏洞

@adonisjs/http-server is an HTTP server framework based on Node.js, open-sourced by the AdonisJS Framework. Versions of @adonisjs/http-server prior to 7.8.1, as well as versions 8.0.0-next.0 to 8.1.3, along with @adonisjs/core version 7.4.0 and earlier, have security vulnerabilities. These...

CVE-2026-33096

Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM DevOps Code ClearCase [CVE-2026-32776, CVE-2026-32777, CVE-2026-32778]

Summary IBM HTTP Server IHS is shipped as a component of IBM DevOps Code ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. CVE-2026-32776, CVE-2026-32777, CVE-2026-32778 Vulnerability Details Refer to the security bulletins listed in th...

@adonisjs/core (>=5.0.5-canary-rc-1 <=6.1.5-26), @djpfs/adonisjs-microservices (>=1.0.1 <=2.0.1) +34 more potentially affected by CVE-2026-40255 via @adonisjs/http-server (>=5.12.0 <=6.8.2-14)

@adonisjs/http-server NPM version =5.12.0, =5.0.5-canary-rc-1, =1.0.1, =1.0.0, =0.0.3, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1, =1.0.3, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.1.5 and more Source cves: CVE-2026-40255 Source advisory: OSV:GHSA-6QVV-PJ99-48QM...

@adonisjs/http-server has an Open Redirect vulnerability

Impact The response.redirect.back method in @adonisjs/http-server is vulnerable to open redirects. The method reads the Referer header from the incoming HTTP request and redirects to that URL without validating the host. An attacker who can influence the Referer header for example, by linking a...

Open Redirect

Overview @adonisjs/http-server is an AdonisJS HTTP server with support packed with Routing and Cookies Affected versions of this package are vulnerable to Open Redirect via the response.redirect.back function. An attacker can redirect users to malicious external sites by manipulating the Referer...

GHSA-6QVV-PJ99-48QM @adonisjs/http-server has an Open Redirect vulnerability

Impact The response.redirect.back method in @adonisjs/http-server is vulnerable to open redirects. The method reads the Referer header from the incoming HTTP request and redirects to that URL without validating the host. An attacker who can influence the Referer header for example, by linking a...

CVE-2026-5440

A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...

CVE-2026-40188

goshs is a SimpleHTTPServer written in Go. From 1.0.7 to before 2.0.0-beta.4, the SFTP command rename sanitizes only the source path and not the destination, so it is possible to write outside of the root directory of the SFTP. This vulnerability is fixed in 2.0.0-beta.4...

CVE-2026-40086

Rembg is a tool to remove images background. Prior to 2.0.75, a path traversal vulnerability in the rembg HTTP server allows unauthenticated remote attackers to read arbitrary files from the server's filesystem. By sending a crafted request with a malicious modelpath parameter, an attacker can...

CVE-2026-40086 Rembg has a Path Traversal via Custom Model Loading

Rembg is a tool to remove images background. Prior to 2.0.75, a path traversal vulnerability in the rembg HTTP server allows unauthenticated remote attackers to read arbitrary files from the server's filesystem. By sending a crafted request with a malicious modelpath parameter, an attacker can...

Vulnerabilities fixed in Synology SSL VPN Client

Synology has fixed vulnerabilities in Synology SSL VPN Client. A malicious party can exploit these vulnerabilities because Synology SSL VPN Client with version before 1.4.5-0684 stores PINs insecurely and does not adequately shield files via a local HTTP server component. This can lead to...

CVE-2021-47960

A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web pag...

CVE-2021-47960

A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web pag...

CVE-2021-47960

A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web pag...

PT-2026-31984

Rembg is a tool to remove images background. Prior to 2.0.75, a path traversal vulnerability in the rembg HTTP server allows unauthenticated remote attackers to read arbitrary files from the server's filesystem. By sending a crafted request with a malicious model path parameter, an attacker can...