Amazon Linux 2023 : nerdctl (ALAS2023-2026-1401)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1401 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processe...

urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion

A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...

CLEANSTART-2026-IA37596 net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines

Multiple security vulnerabilities affect the consul-k8s-fips package. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. See references for individual vulnerability details...

Security update for nodejs22

This update for nodejs22 fixes the following issues: Security fixes: CVE-2026-22036: Fixed unbounded decompression chain in HTTP response leading to resource exhaustion bsc1256848 CVE-2026-21637: Fixed synchronous exceptions thrown during callbacks that bypass TLS error handling and causing denia...

Oracle Primavera Gateway (January 2026 CPU)

The versions of Primavera Gateway installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2026 CPU advisory. - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering component: Admin Apache Log4j. Supported versions that ar...

PT-2026-3674

Name of the Vulnerable Software and Affected Versions Oracle Utilities Application Framework versions 4.4.0.3.0 through 4.5.0.2.0 Oracle Utilities Application Framework versions 25.4 and 25.10 Description A flaw exists within the Oracle Utilities Application Framework component of Oracle Utilitie...

MiracleLinux 8 : container-tools:3.0 (AXSA:2022-4431:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4431:02 advisory. golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 cri-o: memory exhaustion on the node when access to the kube api...

Oracle PeopleSoft security vulnerabilities

Oracle PeopleSoft is a corporate human capital management solution developed by Oracle Corporation in the United States. This product offers functions such as human capital management, financial management, and supplier relationship management. PeopleSoft Enterprise PeopleTools is a tool and...

MiracleLinux 8 : go-toolset:rhel8 (AXSA:2025-9997:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9997:01 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block direct...

CVE-2021-28937

The /password.html page of the Web management interface of the Acexy Wireless-N WiFi Repeater REV 1.0 28.08.06.1 contains the administrator account password in plaintext. The page can be intercepted on HTTP...

CVE-2019-2768

Vulnerability in the BI Publisher formerly XML Publisher component of Oracle Fusion Middleware subcomponent: BI Publisher Security. The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI...

CVE-2019-2896

Vulnerability in the MICROS Relate CRM Software product of Oracle Retail Applications component: Internal Operations. Supported versions that are affected are 7.1.0, 15.0.0, 16.0.0, 17.0.0, and 18.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP...

CVE-2019-2878

Vulnerability in the Sun ZFS Storage Appliance Kit AK component of Oracle Sun Systems Products Suite subcomponent: HTTP data path subsystems. The supported version that is affected is 8.8.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromis...

CVE-2019-2704

Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite subcomponent: IPS Package Manager. The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Solaris. Successfu...

CVE-2020-10827

A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request...

CVE-2021-2272

Vulnerability in the Oracle Subledger Accounting product of Oracle E-Business Suite component: Inquiries. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Subledger Accounting...

CVE-2025-15284 arrayLimit bypass in bracket notation allows DoS via memory exhaustion

Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation a=1&a=2, only for indexed notation a0=1. This is a consistency bug; arrayLimit should apply uniformly across a...

CVE-2024-3469

creationtimestamp| type| source ---|---|--- 2025-12-24 19:20:31+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-3469.yaml 2025-12-28 21:02:59+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mb37traf3v22...

CVE-2017-17762

creationtimestamp| type| source ---|---|--- 2025-12-18 05:19:12+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2017/CVE-2017-17762.yaml 2025-12-18 21:03:00+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mac36lei5a2l 2026-01-15...

TencentOS Server 3: go-toolset:rhel8 (TSSA-2025:0457)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0457 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...