736 matches found
CVE-2026-25151 Qwik City has a CSRF Protection Bypass via Content-Type Header Validation
Qwik is a performance focused javascript framework. Prior to version 1.19.0, Qwik City’s server-side request handler inconsistently interprets HTTP request headers, which can be abused by a remote attacker to circumvent form submission CSRF protections using specially crafted or multi-valued...
CVE-2026-25151 Qwik City has a CSRF Protection Bypass via Content-Type Header Validation
Qwik is a performance focused javascript framework. Prior to version 1.19.0, Qwik City’s server-side request handler inconsistently interprets HTTP request headers, which can be abused by a remote attacker to circumvent form submission CSRF protections using specially crafted or multi-valued...
RLSA-2026:1148 Important: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: Bluetooth: hcievent: call disconnect callback before deleting conn CVE-2023-53673 kernel: ASoC: Intel: bytcrrt5640: Fix invalid...
EUVD-2026-5307
Summary An Insecure Direct Object Reference has been found to exist in createHeaderBasedEmailResolver function within the Cloudflare Agents SDK. The issue occurs because the Message-ID and References headers are parsed to derive the target agentName and agentId without proper validation or origin...
PT-2026-6054
Name of the Vulnerable Software and Affected Versions Cloudflare Agents SDK versions prior to 0.3.7 Description An Insecure Direct Object Reference exists in the createHeaderBasedEmailResolver function. The issue arises because the Message-ID and References headers are parsed to determine the...
Important: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: Bluetooth: hcievent: call disconnect callback before deleting conn CVE-2023-53673 kernel: ASoC: Intel: bytcrrt5640: Fix invalid...
ALGO 8180 IP Audio Alerter security vulnerability
ALGO 8180 IP Audio Alerter is an IP speaker developed by ALGO Corporation. The ALGO 8180 IP Audio Alerter has a security vulnerability. This vulnerability stems from the lack of data length validation when processing SIP INVITE requests’ Alert-Info headers, which may lead to stack buffer overflow...
Azure Linux 3.0 Security Update: libsoup (CVE-2025-32908)
The version of libsoup installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-32908 advisory. - A flaw was found in libsoup. The HTTP/2 server in libsoup May not fully validate the values of pseudo-...
MiracleLinux 8 : java-11-openjdk-11.0.24.0.8-3.el8 (AXSA:2024-8581:14)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8581:14 advisory. OpenJDK: RangeCheckElimination array index overflow 8323231 CVE-2024-21147 OpenJDK: potential UTF8 size overflow 8314794 CVE-2024-21131 OpenJDK:...
MiracleLinux 8 : java-1.8.0-openjdk-1.8.0.422.b05-2.el8 (AXSA:2024-8592:14)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8592:14 advisory. OpenJDK: RangeCheckElimination array index overflow 8323231 CVE-2024-21147 OpenJDK: potential UTF8 size overflow 8314794 CVE-2024-21131 OpenJDK:...
CVE-2025-67647
CVE-2025-67647 affects SvelteKit. Before 2.49.5, it allows server-side request forgery (SSRF) and DoS under prerender conditions. From 2.44.0 to 2.49.4, a DoS can occur if at least one prerendered route exists (export const prerender = true). From 2.19.0 to 2.49.4, DoS/SSRF can occur when there i...
CVE-2025-67647
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.49.5, SvelteKit is vulnerable to a server side request forgery SSRF and denial of service DoS under certain conditions. From 2.44.0 through 2.49.4, the vulnerability results in a DoS when...
Server-side Request Forgery (SSRF)
Overview @sveltejs/kit is a SvelteKit framework and CLI Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the improper decoding of protocol headers in resolved path. An attacker can cause the server process to terminate or access internal services by...
PT-2026-3088
Name of the Vulnerable Software and Affected Versions SvelteKit versions 2.19.0 through 2.49.4 Description SvelteKit is susceptible to server side request forgery SSRF and denial of service DoS under specific conditions. The framework, downloaded over 800,000 times per week, is affected in versio...
CVE-2025-68925
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the code doesn't validate that the JWT header specifies "alg":"RS256". This vulnerability is fixed in 2.2...
EUVD-2026-2451
BlackSheep is an asynchronous web framework to build event based web applications with Python. Prior to 2.4.6, the HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests e.g. insert a new...
CVE-2026-22779
BlackSheep is an asynchronous web framework to build event based web applications with Python. Prior to 2.4.6, the HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests e.g. insert a new...
PT-2026-2925
Name of the Vulnerable Software and Affected Versions BlackSheep versions prior to 2.4.6 Description BlackSheep, an asynchronous web framework for building event-based web applications with Python, has an issue in its HTTP Client implementation. Missing validation of headers allows an attacker to...
BlackSheep 注入漏洞
BlackSheep is an open source web application framework from Neoteroi. BlackSheep version 2.4.6 before the injection vulnerability , the vulnerability stems from the HTTP client-side implementation of the lack of header validation , which could lead to an attacker to modify the HTTP request or...
CVE-2025-68925 Jervis has a JWT Algorithm Confusion Vulnerability
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the code doesn't validate that the JWT header specifies "alg":"RS256". This vulnerability is fixed in 2.2...