PT-2026-49999

Name of the Vulnerable Software and Affected Versions Oracle JD Edwards EnterpriseOne Human Resources Management version 9.2 Description An issue in the Human Resources component allows an unauthenticated attacker with network access via HTTP to compromise the system. Successful exploitation can...

CVE-2026-43973

CVE-2026-43973 concerns the Erlang/Elixir library gun_http in the Gun framework. The vulnerability is an uncontrolled resource consumption: three code paths in gun_http:handle/5 accumulate TCP data into a connection buffer using binary concatenation with no upper bound. If a malicious server send...

CVE-2026-43974 gun HTTP/1.1 client accepts unsolicited 101 Switching Protocols response allowing server-driven protocol hijack and OOM

Unexpected Status Code or Return Value vulnerability in ninenines gun gunhttp module allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Protocols response. In gunhttp:handleinform/8, when a 101 Switching Protocols response is received over...

CVE-2026-43974

The CVE concerns the gun_http module of the Erlang-based Gun library (gun_http) in the Gun HTTP client. Affected versions: Gun 2.0.0 up to but not including 2.4.0. Root cause: when a 101 Switching Protocols response arrives over HTTP/1.1, Gun only validates the Upgrade header syntax and the strea...

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.18 for Quarkus 3.33 update is now available (RHBQ 3.33.1.GA)

An update for Red Hat Build of Apache Camel 4.18 for Quarkus 3.33 update is now available RHBQ 3.33.1.GA. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product...

CVE-2026-38967

CVE-2026-38967 affects CrowCpp Crow through v1.3.1 HTTP and is caused by unvalidated response header values, leading to response header injection. The vulnerability has a CVSS v3.1 score of 9.8 (CRITICAL) with network attack vector, no user interaction, and impacts on confidentiality, integrity, ...

jmc security update

An update is available for jmc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list JDK Mission Control is a powerful profiler for HotSpot JVMs and has an advanced s...

RHCOS 4 : OpenShift Container Platform 4.15.55 (RHSA-2025:11352)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:11352 advisory. - net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Note that Nessus has not tested for this...

RHCOS 4 : OpenShift Container Platform 4.17.35 (RHSA-2025:10295)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:10295 advisory. - podman: podman missing TLS verification CVE-2025-6032 - net/http: Request smuggling due to acceptance of invalid chunked data in...

RHCOS 4 : OpenShift Container Platform 4.12.78 (RHSA-2025:10271)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:10271 advisory. - net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Note that Nessus has not tested for this...

RHCOS 4 / 8 : OpenShift Container Platform 4.11.0 (RHSA-2022:5068)

The remote Red Hat Enterprise Linux CoreOS 4 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5068 advisory. - golang.org/x/crypto: empty plaintext packet causes panic CVE-2021-43565 - golang: net/http: improper sanitization of...

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in jetty-http (CVE-2025-11143)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-11143 reported for jetty-http-12.0.25.jar. Vulnerability Details CVEID:CVE-2025-11143 DESCRIPTION: The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differentia...

CVE-2026-23486

creationtimestamp| type| source ---|---|--- 2026-04-28 00:08:54+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-23486.yaml 2026-04-28 21:03:04+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mklibctkvh2z...

CVE-2026-34274

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successf...

Unity Linux 20.1060a / 20.1070a Security Update: grafana (UTSA-2026-007098)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007098 advisory. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is us...

BIT-NODE-2026-21710

A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called on a non-array...

MGASA-2026-0081 Updated thunderbird packages fix security vulnerabilities

Denial-of-service in the XML component. CVE-2025-59375 Spoofing issue in Thunderbird. CVE-2026-3889 Race condition, use-after-free in the Graphics: WebRender component. CVE-2026-4684 Incorrect boundary conditions in the Graphics: Canvas2D component. CVE-2026-4685 Incorrect boundary conditions in...

OPENSUSE-SU-2026:20301-1 Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues: - Update to version 1.25.7 jscSLE-18320 - CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level bsc1256821 - CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain bsc1256820 ...

Exploit for Improper Access Control in Oracle Http_Server

CVE-2026-21962 Concurrent WebLogic Scanner/Exploiter High-per...

CVE-2024-3231

creationtimestamp| type| source ---|---|--- 2026-02-08 10:45:23+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-3231.yaml 2026-02-11 21:03:07+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3memet7yse324...