33750 matches found
CVE-2026-45339
Open WebUI (self-hosted offline AI platform) has a vulnerability where endpoint access restrictions on API keys could be bypassed by using the x-api-key header, even when the key was restricted from sensitive endpoints like /api/v1/messages. Prior to version 0.9.0, requests with Authorization: Be...
CVE-2026-46364
phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captc...
CVE-2026-46364 phpMyFAQ - SQL Injection via User-Agent Header in BuiltinCaptcha
phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captc...
CVE-2026-46364 phpMyFAQ - SQL Injection via User-Agent Header in BuiltinCaptcha
phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captc...
CVE-2026-46364
phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captc...
CVE-2026-46364
phpMyFAQ prior to version 4.1.2 is affected by an unauthenticated SQL injection in BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha(), where unsanitized User-Agent headers are interpolated into DELETE/INSERT queries. An attacker can target the public GET /api/captcha endpoint by...
CVE-2026-41181 Traefik: Errors middleware forwards Authorization and Cookie headers to separate error page service
Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.44, 3.6.15, and 3.7.0-rc.3, there is an information disclosure vulnerability in Traefik's errors custom error pages middleware. When the backend returns a response matching the configured status range, the middleware forwards the...
CVE-2026-41181
CVE-2026-41181 affects Traefik before 2.11.44, 3.6.15, and 3.7.0-rc.3. The information disclosure stems from the errors middleware in which, when a response matches a configured status range, the middleware forwards the full request header set (including Authorization and Cookies) to the separate...
CLSA-2026-1778847162 httpd: Fix of CVE-2026-28780
CVE-2026-28780: heap-based buffer overflow in ajpmsgcheckheader in modproxyajp when proxying to a malicious AJP backend that returns an oversized response, allowing a 4-byte out-of-bounds write past the heap buffer...
OESA-2026-2339 libsoup3 security update
Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. Security Fixes: A flaw was found in the asynchronous message queue handling of the...
OESA-2026-2338 libsoup3 security update
Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. Security Fixes: A flaw was found in the asynchronous message queue handling of the...
OESA-2026-2337 libsoup3 security update
Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. Security Fixes: A flaw was found in the asynchronous message queue handling of the...
OESA-2026-2300 python-urllib3 security update
HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen...,...
OESA-2026-2299 python-urllib3 security update
HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen...,...
OESA-2026-2296 tomcat security update
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Allocation of Resources Without...
CLSA-2026-1778820779 tar: Fix of CVE-2023-39804
CVE-2023-39804: fix crash on PAX archive with malformed extended header attributes in locatehandler and xattrdecoder...
BIT-NGINX-GATEWAY-2026-42926 NGINX ngx_http_proxy_v2_module vulnerability
When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...
BIT-NGINX-2026-42926 NGINX ngx_http_proxy_v2_module vulnerability
When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...
CLSA-2026-1778828497 tar: Fix of CVE-2023-39804
CVE-2023-39804: fix crash on PAX archive with malformed extended header attributes in locatehandler and xattrdecoder...
CLSA-2026-1778811697 wget: Fix of CVE-2021-31879
CVE-2021-31879: do not propagate Authorization/Cookie headers across HTTP 3xx redirects openSUSE patch...