BIT-THRIFT-2026-43870 Apache Thrift: Node.js web_server.js multi-vulnerability

Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting', Uncontrolled Resource Consumption vulnerability in Apache Thrift. This issue affects Apache Thrift:...

BIT-APACHE-2026-28780 Apache HTTP Server: buffer overflow in mod_proxy_ajp via ajp_msg_check_header()

Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to modproxyajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue...

Apache HTTP Server: Off-by-one OOB reads in AJP getter functions

...

Apache HTTP Server: mod_md unrestricted OCSP response

...

Apache HTTP Server: mod_dav_lock indirect lock crash

...

Apache HTTP Server: mod_authn_socache crash

...

Apache HTTP Server: mod_auth_digest timing attack

...

Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string)

...

Security update for rmt-server

This update for rmt-server fixes the following issues: Update to version 2.27. Security issues fixed: CVE-2026-26961: rack: greedy multipart boundary parsing can lead to parser differentials and WAF bypass bsc1261398. CVE-2026-26962: rack: improper unfolding of folded multipart headers can lead t...

MGASA-2026-0120 Updated perl-Starlet packages fix security vulnerability

Starlet versions through 0.31 for Perl allow HTTP Request Smuggling via Improper Header Precedence. CVE-2026-40561...

Updated perl-Starlet packages fix security vulnerability

Starlet versions through 0.31 for Perl allow HTTP Request Smuggling via Improper Header Precedence. CVE-2026-40561...

MGASA-2026-0111 Updated nginx packages fix security vulnerabilities

Buffer overflow in ngxhttpdavmodule CVE-2026-27654 Buffer overflow in the ngxhttpmp4module CVE-2026-27784 Buffer overflow in the ngxhttpmp4module CVE-2026-32647 NULL pointer dereference while using CRAM-MD5 or APOP CVE-2026-27651 Injection in authhttp and XCLIENT CVE-2026-28753 OCSP result bypass...

Bandit HTTP/2 Frame Size Limit Bypass via Late Buffer Check Enables Memory Exhaustion

Summary Bandit's HTTP/2 parser checks frame size after it has already buffered the full body, instead of when it sees the 9-byte header. A peer can announce a 16 MiB frame on a connection that agreed to 16 KiB frames and the server will silently buffer up to 1024× the agreed budget per connection...

EUVD-2026-26716

Bandit HTTP/2 Frame Size Limit Bypass via Late Buffer Check Enables Memory Exhaustion...

GHSA-375F-4R2H-F99J Bandit trusts client-supplied URI scheme on plaintext connections

Summary Bandit reflects the client-supplied URI scheme into conn.scheme without verifying the actual transport. Over a plaintext HTTP/1.1 connection or h2c, an unauthenticated attacker can send an absolute-form request target like GET https://victim/path HTTP/1.1 and the application observes...

EUVD-2026-26714

Bandit trusts client-supplied URI scheme on plaintext connections...

EUVD-2026-26712

Bandit is vulnerable to CL.CL request smuggling via unrejected duplicate Content-Length header...

Open Redirect

Overview microsoft-kiota-http is a python HTTP implementation with HTTPX library. Affected versions of this package are vulnerable to Open Redirect in the RedirectHandler function. An attacker can obtain sensitive information such as session cookies, proxy credentials, and API keys by inducing a...

adk-utils (=0.0.1), admyral (>=0.1.0 <=0.1.43) +95 more potentially affected by CVE-2026-44503 via microsoft-kiota-http (>=1.10.1 <=1.9.2)

microsoft-kiota-http PYPI version =1.10.1, =0.1.0, =0.2.9, =0.2.9, =0.2.9, =20221202.9.0, =0.2.0, =10.1.0, =3.0.1, =3.0.1, =0.1.1, =0.2.1, =0.1.0, =2.0.0 and more Source cves: CVE-2026-44503 Source advisory: SNYK:PYTHON-MICROSOFTKIOTAHTTP-16699940...

adk-utils (=0.0.1), admyral (>=0.1.0 <=0.1.43) +101 more potentially affected by CVE-2026-44503 via microsoft-kiota-http (>=0.4.4 <=1.9.2)

microsoft-kiota-http PYPI version =0.4.4, =0.1.0, =0.2.9, =0.2.9, =0.2.9, =20221202.9.0, =0.2.0, =10.1.0, =2.4.2, =2.4.2, =3.0.1, =0.1.1, =0.2.0 and more Source cves: CVE-2026-44503 Source advisory: OSV:GHSA-7J59-V9QR-6FQ9...