RMCP 访问控制错误漏洞

RMCP is an open-source Rust model context protocol SDK based on Tokio’s asynchronous runtime. Versions prior to RMCP 1.4.0 contained an access control vulnerability. This vulnerability stemmed from the Streamable HTTP server transmitting unvalidated incoming Host headers, allowing malicious publi...

TencentOS Server 4: libsoup3 (TSSA-2026:0274)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0274 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

libcurl 安全漏洞

libcurl is a free and easy-to-use client URL transfer library for cURL, which is open-source. There is a security vulnerability in libcurl, caused by improper handling of custom Host headers. This vulnerability may lead to the incorrect transmission of cookies from the first request during the...

OESA-2026-2192 python-aiohttp security update

Async http client/server framework asyncio. Security Fixes: Insufficient restrictions in header/trailer handling could cause uncapped memory usage.CVE-2026-22815 An unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation.CVE-2026-34513 An attacker who...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libsoup (UTSA-2026-014646)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014646 advisory. A flaw in libsoups HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies...

Unity Linux 20.1070a Security Update: libsoup (UTSA-2026-007256)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007256 advisory. A flaw in libsoups HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies...

aioHTTP < 3.13.4 Multiple Vulnerabilities (CVE-2026-22815)

The version of aioHTTP installed on the remote host is prior to 3.13.4. It is, therefore, affected by a request smuggling vulnerability: - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling...

Improper Validation of Syntactic Correctness of Input

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

Signal K Server 安全漏洞

The Signal K Server is an open-source marine central server developed by Signal K. Versions of the Signal K Server prior to 2.24.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of unvalidated Host headers in constructing redirect URIs, which could lead to the thef...

CVE-2025-66485 Multiple vulnerabilities have been addressed in IBM Aspera Shares

IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...

CVE-2026-34525

A flaw was found in aiohttp, an asynchronous HTTP client/server framework for Python. This vulnerability allows a remote attacker to send multiple Host headers in a single request. This can lead to unexpected behavior, potentially bypassing security controls or causing cache poisoning, which may...

GHSA-C427-H43C-VF67 AIOHTTP accepts duplicate Host headers

Summary Multiple Host headers were allowed in aiohttp. Impact Mostly this doesn't affect aiohttp security itself, but if a reverse proxy is applying security rules depending on the target Host, it is theoretically possible that the proxy and aiohttp could process different host names, possibly...

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the processing of duplicate Host headers. An attacker can bypass security checks enforced by a reverse proxy by sending requests with multiple Host headers, potentially causing the proxy and the backend to...

AIOHTTP accepts duplicate Host headers

Summary Multiple Host headers were allowed in aiohttp. Impact Mostly this doesn't affect aiohttp security itself, but if a reverse proxy is applying security rules depending on the target Host, it is theoretically possible that the proxy and aiohttp could process different host names, possibly...

CVE-2026-34525

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4...

DEBIAN-CVE-2026-34525

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4...

CVE-2026-34525

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4...

CVE-2026-34525

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4...

CVE-2026-34525

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4...

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.211 contained security vulnerabilities, which were due to unvalidated host header operations, potentially leading to external...