MiracleLinux 7 : rh-nodejs12-nodejs-nodemon-2.0.3-1.el7, rh-nodejs12-nodejs-12.20.1-1.el7 (AXSA:2021-1451:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1451:01 advisory. nodejs-mixin-deep: prototype pollution in function mixin-deep CVE-2019-10746 nodejs-set-value: prototype pollution in function set-value...

MiracleLinux 8 : [security - high] nodejs:16 (AXSA:2022-3898:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3898:01 advisory. nodejs: weak randomness in WebCrypto keygen CVE-2022-35255 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields CVE-2022-35256...

MiracleLinux 7 : rh-nodejs12-nodejs-12.16.1-1.el7 (AXSA:2020-4480:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-4480:02 advisory. nodejs: HTTP request smuggling using malformed Transfer-Encoding header CVE-2019-15605 nodejs: Remotely trigger an assertion on a TLS server with a...

MiracleLinux 7 : http-parser-2.7.1-8.el7.2 (AXSA:2020-4489:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-4489:01 advisory. nodejs: HTTP request smuggling using malformed Transfer-Encoding header CVE-2019-15605 Tenable has extracted the preceding description block directly from th...

MiracleLinux 8 : httpd:2.4 (AXSA:2022-3127:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3127:01 advisory. httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling CVE-2022-22720 Tenable has extracted the preceding description...

CVE-2026-23744 REC in MCPJam inspector due to HTTP Endpoint exposes

MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution RCE vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. Since MCPJam...

MiracleLinux 4 : tomcat6-6.0.24-72.AXS4 (AXSA:2014-451:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-451:03 advisory. Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Jav...

PT-2026-3321

Name of the Vulnerable Software and Affected Versions MCPJam inspector versions prior to 1.4.3 Description MCPJam inspector, a local-first development platform for MCP servers, contains a flaw that allows remote code execution RCE. The software by default listens on 0.0.0.0 instead of 127.0.0.1,...

MiracleLinux 7 : tomcat-7.0.69-11.el7 (AXSA:2017-1603:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-1603:01 advisory. Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Ja...

HTTP Request Smuggling

Overview io.vertx:vertx-core is a tool-kit for building reactive applications on the JVM. Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper handling of / in the output buffer by removeDots function in Static Handler. An attacker can prevent access to stati...

GHSA-MP2G-9VG9-F4CG h3 v1 has Request Smuggling (TE.TE) issue

I was digging into h3 v1 specifically v1.15.4 and found a critical HTTP Request Smuggling vulnerability. Basically, readRawBody is doing a strict case-sensitive check for the Transfer-Encoding header. It explicitly looks for "chunked", but per the RFC, this header should be case-insensitive. The...

h3 v1 has Request Smuggling (TE.TE) issue

I was digging into h3 v1 specifically v1.15.4 and found a critical HTTP Request Smuggling vulnerability. Basically, readRawBody is doing a strict case-sensitive check for the Transfer-Encoding header. It explicitly looks for "chunked", but per the RFC, this header should be case-insensitive. The...

MiracleLinux 8 : grafana-pcp-5.1.1-10.el8_10 (AXSA:2025-10022:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10022:01 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block...

MiracleLinux 9 : buildah-1.39.4-2.el9_6 (AXSA:2025-10547:03)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10547:03 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block...

MiracleLinux 8 : weldr-client-35.12-3.el8_10 (AXSA:2025-10404:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10404:01 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block...

MiracleLinux 9 : podman-5.4.0-10.el9_6 (AXSA:2025-10671:08)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10671:08 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block...

MiracleLinux 9 : golang-1.23.9-1.el9_6 (AXSA:2025-10534:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10534:02 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block...

curl: CRLF Injection in HTTP header values allows arbitrary header injection

curl allows carriage return \r and line feed \n characters inside HTTP header values. When attacker-controlled data is used in a header value e.g., Authorization: Bearer , curl construct and sends a malformed HTTP request containing injected headers. This violates HTTP specification RFC 7320 /RFC...

CVE-2026-0731

A vulnerability has been found in TOTOLINK WA1200 5.9c.2914. The impacted element is an unknown function of the file cstecgi.cgi of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been...

CVE-2023-43323

mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple - messageText, datawallphoto, datauserShareVideo and datauserShareLink...