736 matches found
CVE-2026-23318
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Use correct version for UAC3 header validation The entry of the validators table for UAC3 AC header descriptor is defined with the wrong protocol version UACVERSION2, while it should have been UACVERSION3. This...
CVE-2026-23318
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Use correct version for UAC3 header validation The entry of the validators table for UAC3 AC header descriptor is defined with the wrong protocol version UACVERSION2, while it should have been UACVERSION3. This...
PT-2026-28126
Name of the Vulnerable Software and Affected Versions IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 Description The software is susceptible to HTTP header injection due to inadequate input validation of the HOST headers. This could enable an attacker to perform various...
IBM InfoSphere Information Server 安全漏洞
IBM InfoSphere Information Server is IBM's enterprise-class data integration platform for data quality governance, data integration and master data management. A security vulnerability exists in IBM InfoSphere Information Server that stems from improper validation of HOST header input. An attacke...
EUVD-2026-15002
HCL Traveler is susceptible to a weak default HTTP header validation vulnerability, which could allow an attacker to bypass additional authentication checks...
CVE-2026-21790
HCL Traveler is susceptible to a weak default HTTP header validation vulnerability, which could allow an attacker to bypass additional authentication checks...
CVE-2026-21790 HCL Traveler is susceptible to a weak default HTTP header validation vulnerability
HCL Traveler is susceptible to a weak default HTTP header validation vulnerability, which could allow an attacker to bypass additional authentication checks...
CVE-2026-21790
HCL Traveler is susceptible to a weak default HTTP header validation vulnerability, which could allow an attacker to bypass additional authentication checks...
CVE-2026-21790 HCL Traveler is susceptible to a weak default HTTP header validation vulnerability
HCL Traveler is susceptible to a weak default HTTP header validation vulnerability, which could allow an attacker to bypass additional authentication checks...
CVE-2026-21790
HCL Traveler is affected by CVE-2026-21790, a weak default HTTP header validation vulnerability that could allow bypassing authentication checks. The CVSS v3.1 base score is 6.3 (MEDIUM), with network attack vector, low attack complexity, and privileges required. The impact is low for confidentia...
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Undertow
Summary Multiple vulnerabilities in Undertow that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2024-3884 DESCRIPTION: A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the...
CVE-2026-33252
A flaw was found in the Go MCP SDK's Streamable HTTP transport, which uses Go's standard encoding/json package. In deployments without authorization, a remote attacker can exploit this Cross-Site Request Forgery CSRF vulnerability. By sending browser-generated cross-site POST requests to a local...
PT-2026-27498
HCL Traveler is susceptible to a weak default HTTP header validation vulnerability, which could allow an attacker to bypass additional authentication checks...
HCL Traveler 安全漏洞
HCL Traveler is a software from HCL India. It is used to provide automatic, bi-directional, wireless synchronization between HCL Domino servers and wireless handheld devices. HCL Traveler has a security vulnerability that stems from weak HTTP header validation, which can be exploited by an attack...
CVE-2026-32913
OpenClaw before 2026.3.7 contains an improper header validation vulnerability in fetchWithSsrFGuard that forwards custom authorization headers across cross-origin redirects. Attackers can trigger redirects to different origins to intercept sensitive headers like X-Api-Key and Private-Token intend...
CVE-2026-32913
OpenClaw prior to version 2026.3.7 has an improper header validation in fetchWithSsrFGuard that forwards custom authorization headers across cross-origin redirects. This allows an attacker to trigger redirects to different origins and intercept headers such as X-Api-Key and Private-Token intended...
EUVD-2026-14599
OpenClaw before 2026.3.7 contains an improper header validation vulnerability in fetchWithSsrFGuard that forwards custom authorization headers across cross-origin redirects. Attackers can trigger redirects to different origins to intercept sensitive headers like X-Api-Key and Private-Token intend...
PT-2026-26779
Name of the Vulnerable Software and Affected Versions Ory Oathkeeper affected versions not specified Description Ory Oathkeeper, when deployed behind components like CDNs or reverse proxies, may incorrectly evaluate rules due to improper handling of the X-Forwarded-Proto header. The configuration...
CVE-2026-32632 Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding
Glances is an open-source system cross-platform monitoring tool. Glances recently added DNS rebinding protection for the MCP endpoint, but prior to version 4.5.2, the main REST/WebUI FastAPI application still accepts arbitrary Host headers and does not apply TrustedHostMiddleware or an equivalent...
undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF
A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without...