245 matches found
Important: Red Hat Security Advisory: nodejs:22 security update
An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
nodejs:22 security update
An update is available for nodejs, module.nodejs-packaging, nodejs-packaging, module.nodejs, nodejs-nodemon, module.nodejs-nodemon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
NVIDIA Triton Inference Server 安全漏洞
NVIDIA Triton Inference Server is an open-source software developed by NVIDIA Corporation. It helps standardize model deployment and provide fast, scalable AI in production environments. NVIDIA Triton Inference Server has a security vulnerability. This vulnerability arises from the possibility of...
aiohttp 环境问题漏洞
aiohttp is an open-source framework developed by aio-libs, used for asynchronous HTTP client/server interactions with asyncio and Python. Versions of aiohttp prior to 3.13.4 contained environmental issues; these issues stemmed from aiohttp’s ability to allow multiple host headers...
CVE-2026-33223
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, the NATS message header Nats-Request-Info: is supposed to be a guarantee of identity by the NATS server, but the stripping of this header from inbound messages was...
Moderate: Red Hat Security Advisory: python3.9 security update
An update for python3.9 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...
OESA-2026-1682 python-aiohttp security update
Async http client/server framework asyncio. Security Fixes: AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the...
SUSE CVE-2026-30852
Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...
CVE-2026-29046
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.04, TinyWeb accepts request header values and later maps them into CGI environment variables HTTP. The parser did not strictly reject dangerous control characters in header lines and header values, including CR, L...
Caddy 数据伪造问题漏洞
Caddy is an open-source, cross-platform HTTP/Web server developed by the Caddy company. Versions of Caddy 2.10.0 to 2.11.2 had a data manipulation vulnerability. This vulnerability stemmed from the forwardauth copyheaders function not stripping the headers provided by the client, which could lead...
CVE-2026-27443 S/MIME Decryption Tag Sanitization Bypass
SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers...
CVE-2026-1698 HTTP Host header vulnerability in WebClient and WebScheduler web apps
A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints...
CVE-2026-1698 HTTP Host header vulnerability in WebClient and WebScheduler web apps
A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints...
PcVue 安全漏洞
PcVue is a reliable, secure, and powerful operational software platform developed by PcVue Corporation. It is specifically designed for monitoring and controlling applications in markets such as building management and park management. Versions of PcVue from 15.0.0 to 16.3.3 have security...
Caddy: MatchHost becomes case-sensitive for large host lists (>100), enabling host-based route/auth bypass
Summary Caddy's HTTP host request matcher is documented as case-insensitive, but when configured with a large host list 100 entries it becomes case-sensitive due to an optimized matching path. An attacker can bypass host-based routing and any access controls attached to that route by changing the...
Advisory ROSA-SA-2026-3190
Software: libsndfile 1.0.28 OS: ROSA Virtualization 2.1 unaffected versions = libsndfile-1.0.28-16.0.2.rv3 affected versions libsndfile-1.0.28-16.0.2.rv3 CVE-ID: CVE-2017-14634 BDU-ID: 2021-03755 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the double64init function of the libsndfile library is...
Advisory ROSA-SA-2026-3151
Software: libsoup 2.62.3 OS: ROSA Virtualization 3.1 unaffected versions = libsoup-2.62.3-11.rv31 affected versions libsoup-2.62.3-11.rv31 CVE-ID: CVE-2025-4945 BDU-ID: 2025-10260 CVE-Crit: LOW CVE-DESC.: A vulnerability in the libsoup library of the GNOME GUI is related to integer overflow durin...
EUVD-2025-206781
Water-Melon Melon commit 9df9292 and below is vulnerable to Denial of Service. The HTTP component doesn't have any maximum length. As a result, an excessive request header could cause a denial of service by consuming RAM memory...
Altitude Communication Server injection vulnerability
Altitude Communication Server is an IP contact center software developed by the American company Altitude. Version 8.5.3290.0 of Altitude Communication Server has a vulnerability that stems from operations on the Host header in HTTP requests. This vulnerability may lead to redirection to arbitrar...
CVE-2026-0791
Summary (CVE-2026-0791) : The ALGO 8180 IP Audio Alerter is affected by a stack-based buffer overflow in the handling of the SIP INVITE Replaces header. The issue arises from insufficient validation of the length of user-supplied data before copying it into a fixed-length stack buffer, enabling r...