[SECURITY] [DSA 6312-1] symfony security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6312-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 31, 2026 https://www.debian.org/security/faq -...

SUSE SLES12 Security Update : python-urllib3 (SUSE-SU-2026:2065-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2065-1 advisory. This update for python-urllib3 fixes the following issue - CVE-2026-44431: sensitive information disclosure due to sensitive headers being...

CVE-2026-40895

A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect a redirection to a different domain, custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect...

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2025-32049: denial of Service attack to websocket server bsc1240751. CVE-2026-2369: buffer overread due to integer underflow when handling zero-length resources bsc1258120. CVE-2026-2443: out-of-bounds read when processing specially crafted...

CVE-2026-25523

Magento-lts is a long-term support alternative to Magento Community Edition CE. Prior to version 20.16.1, the admin url can be discovered without prior knowledge of it's location by exploiting the X-Original-Url header on some configurations. This issue has been patched in version 20.16.1...

EUVD-2026-5330

Magento-lts is a long-term support alternative to Magento Community Edition CE. Prior to version 20.16.1, the admin url can be discovered without prior knowledge of it's location by exploiting the X-Original-Url header on some configurations. This issue has been patched in version 20.16.1...

Sensitive Information Disclosure

Sentry-Javascript is vulnerable to Sensitive Information Disclosure. The vulnerability is due to over-collection of sensitive HTTP headers when sendDefaultPii is enabled, where headers such as Cookie can be sent to and stored in Sentry traces, allowing users with access to the Sentry organization...

PT-2025-53409

CVE-2025-13074 - Apache Server Header Information Disclosure CVE ID : CVE-2025-13074 Published : Dec. 23, 2025, 6:15 p.m. | 43 minutes ago Description : Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in...

PT-2025-44037

Name of the Vulnerable Software and Affected Versions PILOS versions prior to 4.8.0 Description PILOS, a frontend for BigBlueButton, reveals the PHP version through the X-Powered-By header. This information disclosure allows attackers to fingerprint the server and identify potential exploits. The...

EUVD-2022-7062

Malicious code in bioql PyPI...

Portainer 信息泄露漏洞

Portainer is a lightweight user management interface for managing Docker environments and Docker hosts from Portainer Open Source. An information disclosure vulnerability exists in Portainer Community Edition versions prior to 2.31.0 and prior to 2.27.7, which stems from the fact that registering...

CVE-2025-46421 Libsoup: information disclosure may leads libsoup client sends authorization header to a different host when being redirected by a server

A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect...

Security Bulletin: Multiple vulnerabilities found in IBM TXSeries for Multiplatforms.

Summary IBM TXSeries for Multiplatforms has been updated in order to address multiple vulnerabilities. Vulnerability Details CVEID:CVE-2024-56475 DESCRIPTION: IBM TXSeries for Multiplatforms is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary...

Security update for wget

This update for wget fixes the following issues: CVE-2021-31879: Authorization header disclosed upon redirects to different origins. bsc1185551 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you...

Mutt 安全漏洞

Mutt is a text-based e-mail client for Unix-like systems by Michael Elkins, a personal developer. A security vulnerability exists in Mutt, which stems from PGP encryption that does not use the --hive-recipient mode, thereby disclosing the header field of a cc'd e-mail message...

RHEL 6 : wget (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - wget: Lack of filename checking allows arbitrary file upload via FTP redirect CVE-2016-4971 - wget:...

RHEL 7 : wget (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - wget: Information exposure in setfilemetadata function in xattr.c CVE-2018-20483 - wget: authorization...

Fluture Node 输入验证错误漏洞

Fluture Node is a Fp style Http and streaming processing tool based on Fluture. Fluture Node suffers from a security vulnerability that stems from the fact that if the target server redirects a request to a third-party domain name server, the header will be included in subsequent requests and...

CVE-2021-20585

IBM Security Verify Access 20.07 could disclose sensitive information in HTTP server headers that could be used in further attacks against the system. IBM X-Force ID: 199398...

CVE-2020-11021

CVE-2020-11021 (Actions Http-Client) : The npm package @actions/http-client, prior to version 1.0.8, can disclose the Authorization header when a request with an Authorization header is redirected (302) to a different domain. The issue arises during redirects across hosts, allowing header leakage...