Ollama 路径遍历漏洞

Ollama is an open-source tool developed by Ollama that can be run locally, used for managing and customizing large language models. Versions of Ollama from 0.12.10 to 0.17.5 have a path traversal vulnerability. This vulnerability stems from the improper handling of HTTP response headers in the...

PT-2026-35898

Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description When using libcurl to perform a transfer over a specific HTTP proxy proxyA with Digest authentication and subsequently changing the proxy host to a second one proxyB while reusing the same handl...

FreeBSD-SA-26:17.libnv

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:17.libnv Security Advisory The FreeBSD Project Topic: Heap overflow in libnv Category: core Module: libnv Announced: 2026-04-29 Credits: Mariusz Zaborski...

CVE-2026-40560

CVE-2026-40560 affects Starman for Perl prior to 0.4018. The vulnerability arises from improper header precedence: when both Content-Length and Transfer-Encoding: chunked are present, Starman incorrectly prioritizes Content-Length instead of the Transfer-Encoding rule, violating RFC 7230 section ...

CVE-2026-40560 Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence

Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

CVE-2026-40560

Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

CVE-2026-31256

A null pointer dereference vulnerability exists in the RTSP service of the MERCURY MIPC252W 1.0.5 Build 230306 Rel.79931n. During the processing of a SETUP request for the path rtsp://:554/stream1/track2, the device fails to properly validate the Transport header field. When this header is...

CVE-2026-40575

A flaw was found in OAuth2 Proxy. When configured with --reverse-proxy and either --skip-auth-regex or --skip-auth-route, the proxy may trust a client-supplied X-Forwarded-Uri header. An unauthenticated remote attacker can exploit this by spoofing the header, leading to an authentication bypass...

CLSA-2026-1777394614 nodejs: Fix of 3 CVEs

CVE-2022-25883: fix ReDoS in bundled npm semver new Range and parseComparator caused by unbounded whitespace expansion in version ranges - CVE-2026-21710: fix HTTP prototype pollution in http.get/request via headersDistinct option by using null-prototype objects for header storage -...

Exploit for Code Injection in Vmware Spring_Cloud_Function

CVE-2022-22963 — Demo Methodology ⚠️ Overview This demo s...

USN-8217-1: follow-redirects vulnerabilities

It was discovered that follow-redirects did not properly protect sensitive user information during redirects. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2022-0155 It was discovered that...

CVE-2026-41481

A flaw was found in LangChain and langchain-text-splitters. This vulnerability, a Server-Side Request Forgery SSRF bypass, allows a remote attacker to redirect a seemingly safe URL to internal network resources. By exploiting unvalidated redirects, an attacker could access sensitive data from...

RLSA-2026:10950 Important: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

python3.12 security update

An update is available for python3.12. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming languag...

Linux Distros Unpatched Vulnerability : CVE-2026-31472

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xfrm: iptfs: validate inner IPv4 header length in IPTFS payload Add validation of the inner IPv4 packet totlen and ihl fields parsed from decrypted IPTFS payloa...

RockyLinux 8 : python3.12 (RLSA-2026:10950)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:10950 advisory. expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375...

Integer Underflow (Wrap or Wraparound)

Overview Affected versions of this package are vulnerable to Integer Underflow Wrap or Wraparound in the parsemessage function when the NegoEx mechanism is registered in /etc/gss/mech. An attacker can cause process termination by sending specially crafted requests with a short headerlen that...

CVE-2026-7022

A security vulnerability has been detected in SmythOS sre up to 0.0.15. Affected is the function AgentRuntime of the file packages/core/src/subsystems/AgentManager/AgentRuntime.class.ts of the component HTTP Header Handler. Such manipulation of the argument X-DEBUG-RUN/X-DEBUG-INJ leads to improp...

CVE-2026-31256

A null pointer dereference vulnerability exists in the RTSP service of the MERCURY MIPC252W 1.0.5 Build 230306 Rel.79931n. During the processing of a SETUP request for the path rtsp://:554/stream1/track2, the device fails to properly validate the Transport header field. When this header is...

Exploit for CVE-2026-33453

Apache Camel 4.18.0 — CVE Security Assessment Three critical...