[SECURITY] Fedora 43 Update: cpp-httplib-0.38.0-1.fc43

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include the httplib.h file in your code!...

Amazon Linux 2023 : nodejs22, nodejs22-devel, nodejs22-full-i18n (ALAS2023-2026-1525)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1525 advisory. Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 request...

PT-2026-29602

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4 Description AIOHTTP, an asynchronous HTTP client/server framework, is susceptible to excessive memory usage due to an unbounded DNS cache. This can potentially lead to a Denial of Service DoS situation if an...

PT-2026-29603

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4 Description AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. An attacker controlling the content type parameter in aiohttp could inject extra headers or similar exploits. If an...

JeecgBoot 安全漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. Versions of JeecgBoot from 3.0.0 to 3.5.3 have security vulnerabilities. These vulnerabilities stem from lax character filtering, which could allow attackers to execute arbitrary code o...

IBM Verify Identity Access Container和IBM Verify Identity Access 环境问题漏洞

IBM Verify Identity Access Container and IBM Verify Identity Access are products of IBM Corporation. IBM Verify Identity Access Container is a containerized software that provides authentication and authorization functions for applications. IBM Verify Identity Access is an enterprise-level securi...

PT-2026-29610

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4 Description Multiple Host headers were permitted in AIOHTTP, potentially allowing a reverse proxy's security rules to be bypassed. This could lead to a request being processed by AIOHTTP in a privileged sub...

Amazon Linux 2023 : python3.13-tornado (ALAS2023-2026-1528)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1528 advisory. Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for head...

CVE-2024-40489

There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on components through specially crafted HTTP requests...

PT-2026-29619

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive...

PT-2026-29547

There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on components through specially crafted HTTP requests...

SUSE CVE-2026-4789

Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions...

SUSE CVE-2026-24030

An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in a denial of service. In setups with a large quantity of memory available this usually results in an exception and the QUIC connection is properly...

CVE-2026-32696

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.httpauth HTTP authentication, when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the placeholders %u / %P...

DEBIAN-CVE-2026-34441

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread...

Security update for python-tornado

This update for python-tornado fixes the following issues: CVE-2025-67724: missing validation of the supplied reason phrase bsc1254903. CVE-2025-67725: Denial of Service DoS via maliciously crafted HTTP request caused by the HTTPHeaders.add method bsc1254905. CVE-2026-31958: parsing large multipa...

CVE-2026-34441 cpp-httplib: HTTP Request Smuggling via Unconsumed GET Request Body

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread...

CVE-2026-34441

cpp-httplib (C++11 single-file header-only HTTP/HTTPS library) is vulnerable to HTTP Request Smuggling prior to version 0.40.0. The server’s static file handler serves GET responses without consuming the request body, so on HTTP/1.1 keep-alive connections unread body bytes remain on the TCP strea...

CVE-2026-34441

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread...

EUVD-2026-17672

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread...