cpp-httplib 环境问题漏洞

cpp-httplib is a C++ library developed by Yhirose, which includes HTTP/HTTPS server and client components. Versions of cpp-httplib prior to 0.44.0 contained an environmental issue vulnerability. This vulnerability stemmed from the server’s request parsing process, where percent signs were decoded...

CVE-2026-47675

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the serialize function in hono/cookie validates domain and path options against characters that corrupt Set-Cookie header syntax ;, \r, \n, but does not apply the same validation to sameSite an...

UserSpice 跨站脚本漏洞

UserSpice is an open-source PHP framework for user management and identity authentication developed by UserSpice. Version 4.3.24 of userSpice contains a cross-site scripting vulnerability. This vulnerability stems from the injection of malicious scripts through the X-Forwarded-For HTTP header,...

CVE-2026-2955

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' header in versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

EUVD-2026-31064

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' header in versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

cpython: wsgiref.headers.Headers allows header newline injection in Python

Missing newline filtering has been discovered in Python. User-controlled header names and values containing newlines can allow injecting HTTP headers...

Exploit for CRLF Injection in Useplunk Plunk

CVE-2026-34975 — CRLF Email Header Injection in Plunk via raw...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Proxy process. An attacker can access internal services, retrieve sensitive cloud metadata, port-scan internal networks, or trigger internal-only endpoints by creating a cluster node with an...

RHEL 9 : nodejs:20 (RHSA-2026:9874)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:9874 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

RHEL 8 : nodejs:20 (RHSA-2026:8339)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:8339 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

EUVD-2026-21918

Server-Side Request Forgery via SW-URL Header vulnerability in Apache SkyWalking MCP. This issue affects Apache SkyWalking MCP: 0.1.0. Users are recommended to upgrade to version 0.2.0, which fixes this issue...

ALSA-2026:7896 Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 minimatch: Minimatch: Denial of Service via catastrophi...

RockyLinux 10 : nodejs22 (RLSA-2026:7080)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:7080 advisory. brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion CVE-2026-25547 minimatch: minimatch: Denial of Service via...

DEBIAN-CVE-2026-1502

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

Important: Red Hat Security Advisory: nodejs22 security update

An update for nodejs22 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

Important: Red Hat Security Advisory: nodejs:22 security update

An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

nodejs:22 security update

An update is available for nodejs, module.nodejs-packaging, nodejs-packaging, module.nodejs, nodejs-nodemon, module.nodejs-nodemon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

NVIDIA Triton Inference Server 安全漏洞

NVIDIA Triton Inference Server is an open-source software developed by NVIDIA Corporation. It helps standardize model deployment and provide fast, scalable AI in production environments. NVIDIA Triton Inference Server has a security vulnerability. This vulnerability arises from the possibility of...

aiohttp 环境问题漏洞

aiohttp is an open-source framework developed by aio-libs, used for asynchronous HTTP client/server interactions with asyncio and Python. Versions of aiohttp prior to 3.13.4 contained environmental issues; these issues stemmed from aiohttp’s ability to allow multiple host headers...

CVE-2026-33223

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, the NATS message header Nats-Request-Info: is supposed to be a guarantee of identity by the NATS server, but the stripping of this header from inbound messages was...