CVE-2026-41171 SSRF via Jint Scripting Engine HTTP Functions Due to Missing SSRF Protection on "Jint" HttpClient

Squidex is an open source headless content management system and content management hub. Versions prior to 7.23.0 have a Server-Side Request Forgery SSRF vulnerability due to missing SSRF protection on the Jint HTTP client used by scripting engine functions getJSON, request, etc.. An authenticate...

CVE-2026-41171 SSRF via Jint Scripting Engine HTTP Functions Due to Missing SSRF Protection on "Jint" HttpClient

Squidex is an open source headless content management system and content management hub. Versions prior to 7.23.0 have a Server-Side Request Forgery SSRF vulnerability due to missing SSRF protection on the Jint HTTP client used by scripting engine functions getJSON, request, etc.. An authenticate...

@ainsleydev/payload-helper (>=0.0.1 <=0.0.2), @bsct/payload (=1.0.0) +97 more potentially affected by CVE-2026-41683 via i18next-http-middleware (>=1.0.4 <=3.9.2)

i18next-http-middleware NPM version =1.0.4, =0.0.1, =1.0.1, =0.0.1, =0.0.1, =0.0.1, =0.1.2, =0.1.1, =8.0.0, =3.0.0, =1.0.0, =1.0.6, =1.0.8 and more Source cves: CVE-2026-41683 Source advisory: OSV:GHSA-C3H8-G69V-PJRG...

HTTP Response Splitting

Overview i18next-http-middleware is an i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Affected versions of this package are vulnerable to HTTP Response Splitting via the lng parameter, which is passed through to the...

@ainsleydev/payload-helper (>=0.0.1 <=0.0.2), @bsct/payload (=1.0.0) +94 more potentially affected by CVE-2026-41683 via i18next-http-middleware (>=3.0.2 <=3.9.2)

i18next-http-middleware NPM version =3.0.2, =0.0.1, =1.0.1, =0.0.1, =0.0.1, =0.0.1, =0.1.2, =0.1.1, =8.0.0, =3.0.0, =1.0.0, =1.0.6, =1.0.8 and more Source cves: CVE-2026-41683 Source advisory: SNYK:JS-I18NEXTHTTPMIDDLEWARE-16415527...

i18next-http-middleware: HTTP response splitting and DoS via unsanitised Content-Language header

Summary Versions of i18next-http-middleware prior to 3.9.3 wrote user-controlled language values into the Content-Language response header after passing them through utils.escape, which is an HTML-entity encoder that does not strip carriage return, line feed, or other control characters. When the...

org.webjars.npm:adal-node (=0.1.28), org.webjars.npm:canvg (>=1.5.2 <=1.5.3) +14 more potentially affected by CVE-2026-41675 via org.webjars.npm:xmldom (>=0.1.31 <=0.6.0)

org.webjars.npm:xmldom MAVEN version =0.1.31, =1.5.2, =0.7.2, =0.14.0, =0.11.0, =7.14.0, =2.7.0, =2.9.2 and more Source cves: CVE-2026-41675 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16134553...

UBUNTU-CVE-2026-6019

http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value...

free5GC PCF: Memory Leak via CORS Middleware Registration in HTTP Handler Leads to Denial of Service

Summary A memory leak vulnerability in the free5GC PCF Policy Control Function allows any unauthenticated attacker with network access to the PCF SBI interface to cause uncontrolled memory growth by sending repeated HTTP requests to the OAM endpoint. The root cause is a router.Use call inside an...

GHSA-98CP-84M9-Q3QP free5GC PCF: Memory Leak via CORS Middleware Registration in HTTP Handler Leads to Denial of Service

Summary A memory leak vulnerability in the free5GC PCF Policy Control Function allows any unauthenticated attacker with network access to the PCF SBI interface to cause uncontrolled memory growth by sending repeated HTTP requests to the OAM endpoint. The root cause is a router.Use call inside an...

CVE-2026-41468

Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these primitives allow attackers to escape the AngularJS sandbox and achieve arbitrary JavaScript executi...

CVE-2026-41468 Beghelli Sicuro24 SicuroWeb AngularJS Sandbox Escape via Template Injection

Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these primitives allow attackers to escape the AngularJS sandbox and achieve arbitrary JavaScript executi...

SUSE-SU-2026:21289-1 Security update for haproxy

This update for haproxy fixes the following issue: - CVE-2026-33555: improper validation when matching a received body length to a previously announced Content-Length can lead to request smuggling due to HTTP/3 parser desynchronization bsc1262103...

@armenak/aa (=1.0.1), @armenak/ui-kit (>=1.0.0 <=1.0.5) +73 more potentially affected by CVE-2026-41691 via i18next-http-backend (>=3.0.1 <=3.0.4)

i18next-http-backend NPM version =3.0.1, =1.0.0, =1.0.2, =3.12.2-pre.0a3e0d524e, =3.2.9, =3.2.9, =10.0.0, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =3.42.3, =3.8.2, =3.7.3, =3.7.11 - @eternal-baguette/sample-component =0.0.3 and more Source cves: CVE-2026-41691 Source advisory:...

i18next-http-backend has Path Traversal & URL Injection via Unsanitised lng/ns

Summary Versions of i18next-http-backend prior to 3.0.5 interpolate the lng and ns values directly into the configured loadPath / addPath URL template without any encoding, validation, or path sanitisation. When an application exposes the language-code selection to user-controlled input the defau...

Directory Traversal

Overview org.webjars.npm:i18next-http-backend is an i18next-http-backend is a backend layer for i18next using in Node.js, in the browser and for Deno. Affected versions of this package are vulnerable to Directory Traversal or other URL manipulation, via unsanitized interpolation of lng and ns...

@ainsleydev/payload-helper (>=0.0.1 <=0.0.2), @bsct/payload (=1.0.0) +97 more potentially affected by CVE-2026-41690 via i18next-http-middleware (>=1.0.4 <=3.9.2)

i18next-http-middleware NPM version =1.0.4, =0.0.1, =1.0.1, =0.0.1, =0.0.1, =0.0.1, =0.1.2, =0.1.1, =8.0.0, =3.0.0, =1.0.0, =1.0.6, =1.0.8 and more Source cves: CVE-2026-41690 Source advisory: OSV:GHSA-5FGG-JCPF-8JJW...

i18next-http-middleware: Prototype pollution and path traversal via user-controlled language and namespace parameters

Summary Versions of i18next-http-middleware prior to 3.9.3 pass user-controlled lng and ns parameters to two internal paths that use them in ways that enable prototype pollution and, depending on the configured backend, path traversal or SSRF. The vulnerable entry points are unauthenticated HTTP...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the HTTP vhost routing process when routeByHTTPUser is used for access control. An attacker can gain unauthorized access to protected backend services by sending proxy-style requests that use a known or guesse...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of AsyncHttpClient

Summary Due to use of AsyncHttpClient, DevOps Test Performance and Rational Performance Tester contain a potential vulnerability where Authorization/Proxy-Authorization headers are improperly leaked. Vulnerability Details CVEID:CVE-2026-40490 DESCRIPTION: The AsyncHttpClient AHC library allows Ja...