EUVD-2026-33757

Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the webfetch tool that allows remote attackers to reach internal or private network hosts by supplying a URL that redirects to a loopback or private address via a 3xx Location header. Attackers can exploit the...

[SECURITY] [DSA 6317-1] symfony security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6317-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 01, 2026 https://www.debian.org/security/faq -...

CVE-2026-43623

CVE-2026-43623 affects microtar up to version 0.1.0. A stack-based buffer overflow in the raw_to_header() function (src/microtar.c) can be triggered by crafted TAR archives with non-null-terminated name or linkname fields. The function uses strcpy() to copy 100-byte ustar fields, which can write ...

EUVD-2026-33741

microtar through 0.1.0 contains a stack-based buffer overflow vulnerability in the rawtoheader function in src/microtar.c that allows attackers to corrupt adjacent stack memory by supplying a crafted TAR archive with non-null-terminated name or linkname fields. The function uses strcpy to copy...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in axios-1.12.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in axios-1.12.2.tgz Vulnerability Details CVEID:CVE-2026-40175 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1 are vulnerable to a specific gadget-style attack chain ...

EUVD-2026-33685

A security vulnerability has been detected in decolua 9router up to 0.4.0. This issue affects the function isAuthenticated of the file src/dashboardGuard.js of the component HTTP Header Handler. The manipulation of the argument Host leads to improper authorization. The attack is possible to be...

CVE-2026-10269 decolua 9router HTTP Header dashboardGuard.js isAuthenticated improper authorization

A security vulnerability has been detected in decolua 9router up to 0.4.0. This issue affects the function isAuthenticated of the file src/dashboardGuard.js of the component HTTP Header Handler. The manipulation of the argument Host leads to improper authorization. The attack is possible to be...

CVE-2026-10269 decolua 9router HTTP Header dashboardGuard.js isAuthenticated improper authorization

A security vulnerability has been detected in decolua 9router up to 0.4.0. This issue affects the function isAuthenticated of the file src/dashboardGuard.js of the component HTTP Header Handler. The manipulation of the argument Host leads to improper authorization. The attack is possible to be...

CVE-2026-10269

Summary (CVE-2026-10269) : A vulnerability in decolua 9router

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in follow-redirects-1.15.11.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in follow-redirects-1.15.11.tgz Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. Prior to 1.16.0,...

CVE-2026-9759

A flaw was found in the ROHC dissector in Wireshark. This issue occurs when malformed packets are decoded from a pcap file or the network, causing a NULL pointer dereference, resulting in a denial of service. Mitigation If the ROHC protocol dissector is not being used, it can be disabled via the...

CVE-2026-46527

A flaw was found in cpp-httplib, a C++ HTTP/HTTPS library. When a server using cpp-httplib has configured trusted proxies, a remote attacker can send a specially crafted HTTP request with a malformed X-Forwarded-For header. This can lead to undefined behavior, resulting in abnormal process...

CVE-2026-45372

A flaw was found in cpp-httplib, a C++ library for handling web requests. A remote attacker could exploit this vulnerability by sending a specially crafted web request. The server incorrectly processes certain encoded characters within the request's header information before checking their...

UBUNTU-CVE-2026-42253

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies every JMS message property into an HTTP response header without any validation. This can allow...

OPENSUSE-SU-2026:20861-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issue - CVE-2026-44431: sensitive information disclosure due to sensitive headers being forwarded across origins in proxied low-level redirects bsc1265267...

SUSE-SU-2026:21955-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issue - CVE-2026-44431: sensitive information disclosure due to sensitive headers being forwarded across origins in proxied low-level redirects bsc1265267...

CVE-2026-42253 Apache ActiveMQ, Apache ActiveMQ Web: HTTP Response Header Injection via JMS Message Properties

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies every JMS message property into an HTTP response header without any validation. This can allow...

EUVD-2026-33578

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies every JMS message property into an HTTP response header without any validation. This can allow...

CVE-2026-42253

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies every JMS message property into an HTTP response header without any validation. This can allow...

CVE-2026-42253

CVE-2026-42253 affects Apache ActiveMQ and Apache ActiveMQ Web. The vulnerability arises in the MessageServlet of the web console API, which copies every JMS message property into HTTP response headers without validation, enabling potential HTTP header injection and cross-site scripting via JMS m...