EUVD-2026-36039

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints POST /api/service/haproxy//section/ and the PUT / global / defaults variants accept a JSON option field that is not validated, not escaped, and ...

Microsoft PC Manager 后置链接漏洞

Microsoft PC Manager is a computer management software developed by Microsoft Corporation. It offers features such as one-click acceleration, system space management, pop-up management, and comprehensive health checks. Microsoft PC Manager has a post-release link vulnerability. Attackers can...

Microsoft PC Manager 权限许可和访问控制问题漏洞

Microsoft PC Manager is a computer management software developed by Microsoft Corporation. It offers features such as one-click acceleration, system space management, pop-up management, and comprehensive health checks. However, Microsoft PC Manager has an access control vulnerability. Attackers c...

CVE-2026-34457

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions prior to 7.15.2 contain a configuration-dependent authentication bypass in deployments where OAuth2 Proxy is used with an authrequest-style integration such as nginx authrequest and either...

Authentication Bypass

github.com/oauth2-proxy/oauth2-proxy is vulnerable to an authentication bypass. The vulnerability is due to improper handling of health check User-Agent values in authrequest-style integrations when --ping-user-agent or --gcp-healthchecks is enabled, which allows an unauthenticated remote attacke...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the isHealthCheckRequest function in pkg/middleware/healthcheck.go. An attacker can reach protected endpoints by sending a request with a configured health-check User-Agent, causing the middleware to treat the...

GHSA-5HVV-M4W4-GF6V OAuth2 Proxy's Health Check User-Agent Matching Bypasses Authentication in auth_request Mode

Impact A configuration-dependent authentication bypass exists in OAuth2 Proxy. Deployments are affected when all of the following are true: - OAuth2 Proxy is used with an authrequest-style integration for example, nginx authrequest - --ping-user-agent is set or --gcp-healthchecks is enabled In...

PT-2026-32955

Name of the Vulnerable Software and Affected Versions OAuth2 Proxy versions prior to 7.15.2 Description A configuration-dependent authentication bypass exists in deployments using auth request-style integration, such as nginx auth request. The issue occurs when either the --ping-user-agent variab...

CVE-2026-4989

Improper input validation in the gateway health check feature in Devolutions Server allows a low-privileged authenticated user to perform server-side request forgery SSRF, potentially leading to information disclosure, via a crafted API request. This issue affects Server: from 2026.1.1 through...

389-ds:1.4 security update

1.4.3.39-23 - Resolves: RHEL-137074 - CVE-2025-14905 389-ds:1.4/389-ds-base: 389-ds-base: Remote Code Execution and Denial of Service via heap buffer overflow rhel-8.10.z - Resolves: RHEL-152098 - Scalability issue of replication online initialization with large database rhel-8.10.z 1.4.3.39-22 -...

AWS VDP: Health check errors silently dropped when channel buffer full

Component: pkg/plugin/plugin.go:153-156, pkg/plugin/pluginv2.go:156-158 Affected Version: aws-encryption-provider @ 4341c70 all versions Found by: Source audit TLP: TLP:Amber --- Summary When KMS operations fail, the error is sent to a buffered channel healthCheckErrc, size 100 via a non-blocking...

io.quarkus/quarkus-rest: Quarkus REST Worker Thread Exhaustion Vulnerability

A flaw was found in the Quarkus REST HTTP layer. This vulnerability allows remote attackers to cause an application level denial of service by repeatedly dropping client connections while response chunks are being transmitted, leading to worker thread exhaustion...

GHSA-5RFX-CP42-P624 Quarkus REST has potential worker thread starvation when HTTP connection is closed while waiting to write

A vulnerability exists in the HTTP layer of Quarkus REST related to response handling. When a response is being written, the framework waits for previously written response chunks to be fully transmitted before proceeding. If the client connection is dropped during this waiting period, the...

httpd security update

2.4.62-7.0.1.3 - Replace index.html with Oracle's index page oracleindex.html. 2.4.62-7.3 - Resolves: RHEL-135063 - httpd: Apache HTTP Server: moduserdir+suexec bypass via AllowOverride FileInfo CVE-2025-66200 - Resolves: RHEL-135048 - httpd: Apache HTTP Server: CGI environment variable override...

EUVD-2014-3524

Malware in sbrugna...

EUVD-2023-1057

Malicious code in bioql PyPI...

EUVD-2024-1206

Malicious code in bioql PyPI...

EUVD-2023-12373

Malicious code in bioql PyPI...

cassandra-mesos

This is a repository for the Cassandra-Mesos framework, which is a distributed database system that allows for the deployment of Apache Cassandra on Apache Mesos. The framework is designed to provide a scalable and fault-tolerant way to run Cassandra on Mesos, and it includes features such as...

Security update for podman

This update for podman fixes the following issues: CVE-2024-6104: Fixed dependency issue with go-retryablehttp: url might write sensitive information to log file bsc1227052. Update to version 4.9.5: Bump to v4.9.5 Update release notes for v4.9.5 fix "concurrent map writes" in network ls compat...