USN-8182-1: Rack vulnerabilities

Andrew Lacambra discovered that Rack did not properly parse certain regular expressions. An attacker could possibly use this issue to bypass network security filters. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. CVE-2026-26961 William T. Nelson...

Linux Distros Unpatched Vulnerability : CVE-2026-39855

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an integer underflow vulnerability exists in osslsigncode version...

CVE-2026-21790

HCL Traveler is susceptible to a weak default HTTP header validation vulnerability, which could allow an attacker to bypass additional authentication checks...

SUSE CVE-2025-14550

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. ASGIRequest allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not...

CVE-2025-62396 Moodle: router (r.php) could expose application directories

An error-handling issue in the Moodle router r.php could cause the application to display internal directory listings when specific HTTP headers were not properly configured...

EUVD-2022-4417

Malicious code in bioql PyPI...

EUVD-2022-5398

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-7339

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may result in response headers being...

RLSA-2025:10672 Moderate: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: net/http: Sensitive headers not cleared on cross-origin redirect in net/http CVE-2025-4673 For more details about the security issues, including the impact, a CVSS score,...

Fabio 安全漏洞

Fabio is a Fabio open source application. A security vulnerability exists in Fabio versions prior to 1.6.6 that stems from allowing clients to remove X-Forwarded headers when processing hop-by-hop headers, which could lead to a security hole...

CVE-2024-24753

Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two headers having the same key but different values only the latest one is kept. If an application relie...

PT-2025-17414 · Markdown · Qmarkdown

Name of the Vulnerable Software and Affected Versions: QMarkdown aka quasar-ui-qmarkdown versions prior to 2.0.5 Description: The issue allows for XSS via headers, even when the no-html option is set. This could potentially lead to malicious script execution. Recommendations: For versions prior t...

Azure Linux 3.0 Security Update: bpftrace (CVE-2024-2313)

The version of bpftrace installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-2313 advisory. - If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An...

Azure Linux 3.0 Security Update: php (CVE-2025-1734)

The version of php installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-1734 advisory. - In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when...

Linux Distros Unpatched Vulnerability : CVE-2024-44999

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gtp: pull network headers in gtpdevxmit syzbot/KMSAN reported use of uninit-value in getdevxmit 1 We must make sure the IPv4 or Ipv6 header is pulled in skb-hea...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-49948)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49948 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: add more sanity checks to...

DEBIAN-CVE-2023-34981

A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SENDHEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy modproxyajp would use the response heade...

The vulnerability of the Jenkins automation server, related to errors in handling HTTP headers, allows attackers to perform cross-site scripting (XSS) attacks.

The vulnerability of the Jenkins automation server is related to errors in handling HTTP headers. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting XSS attacks remotely...

OPENSUSE-SU-2021:4104-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2021-3426: Fixed information disclosure via pydoc bsc1183374. - CVE-2021-3733: Fixed infinitely reading potential HTTP headers after a 100 Continue status response from the server bsc1189241. - CVE-2021-3737: Fixed ReDoS in urllib.request...

SUSE-SU-2015:0974-1 Security update for apache2

Apache2 updated to fix four security issues and one non-security bug. The following vulnerabilities have been fixed: - modheaders rules could be bypassed via chunked requests. Adds 'MergeTrailers' directive to restore legacy behavior. bsc871310, CVE-2013-5704 - An empty value in Content-Type coul...