CVE-2026-25108

FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Services on OpenShift 18.0 (python-eventlet) security update

An update for python-eventlet is now available for Red Hat OpenStack Services on OpenShift 18.0 Antelope. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

python-eventlet: Eventlet HTTP request smuggling

A request smuggling flaw was found in the Eventlet PyPI library. The Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability allows attackers to bypass front-end security controls, launch targeted attacks against active si...

PT-2026-8279

CVE-2025-68126 - Cisco ASA HTTP Request Smuggling CVE ID : CVE-2025-68126 Published : Feb. 13, 2026, 9:16 p.m. | 2 hours, 19 minutes ago Description : Rejected reason: reserved but not needed Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, an...

RHEL 9 : Red Hat OpenStack Services on OpenShift 18.0 (python-eventlet) (RHSA-2026:1959)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:1959 advisory. Eventlet is a networking library written in Python. It achieves high scalability by using non-blocking io while at the same time retaining high...

CVE-2025-55018

An inconsistent interpretation of http requests 'http request smuggling' vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated attacker to smuggle an unlogged http request...

CVE-2025-55018

An inconsistent interpretation of http requests 'http request smuggling' vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated attacker to smuggle an unlogged http request...

Fortinet Fortigate (FG-IR-25-667)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-667 advisory. - An inconsistent interpretation of http requests 'http request smuggling' vulnerability in Fortinet FortiOS 7.6.0, FortiOS...

CVE-2026-22903

An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to crash and potentially enabling remote code execution due to missing stack protections...

CVE-2026-25631

n8n is an open source workflow automation platform. Prior to 1.121.0, there is a vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send requests with credentials to unintended domains, potentially leading to credential exfiltration. This on...

EUVD-2026-5569

n8n is an open source workflow automation platform. Prior to 1.121.0, there is a vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send requests with credentials to unintended domains, potentially leading to credential exfiltration. This on...

CVE-2026-25631 Domain allowlist bypass enables credential exfiltration

n8n is an open source workflow automation platform. Prior to 1.121.0, there is a vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send requests with credentials to unintended domains, potentially leading to credential exfiltration. This on...

CVE-2026-25631

n8n is an open source workflow automation platform. Prior to 1.121.0, there is a vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send requests with credentials to unintended domains, potentially leading to credential exfiltration. This on...

[actix-files] Panic triggered by empty Range header in GET request for static file

Summary A GET request for a static file served by actix-files with an empty Range header triggers a panic. With panic = "abort", a remote user may crash the process on-demand. Details actix-files assumes that HttpRange::parse, when Ok, always returns a vector with at least one element. When parse...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.15.61 bug fix and security update

Red Hat OpenShift Container Platform release 4.15.61 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...

HTTP Request Smuggling

Overview std/cmd/cgo is a Go standard library package std/cmd/cgo Affected versions of this package are vulnerable to HTTP Request Smuggling. Go Vulnerability Report: A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary. Remediation...

Important: golang

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 cmd/go: bypass of flag sanitization ca...

n8n's domain allowlist bypass enables credential exfiltration

Impact A vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send requests with credentials to unintended domains, potentially leading to credential exfiltration. This only might affect user who have credentials that use wildcard domain...

Improper Input Validation

Overview n8n-workflow is a Workflow base code of n8n Affected versions of this package are vulnerable to Improper Input Validation via the credential domain validation process. An attacker can access sensitive credentials by sending requests to unintended domains using wildcard domain patterns in...

GHSA-2XCX-75H9-VR9H n8n's domain allowlist bypass enables credential exfiltration

Impact A vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send requests with credentials to unintended domains, potentially leading to credential exfiltration. This only might affect user who have credentials that use wildcard domain...