CVE-2026-20123 Cisco Prime Infrastructure and Evolved Programmable Network Manager Open Redirect Vulnerability

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the...

CVE-2026-20098

Cisco Meeting Management is affected in the Certificate Management feature. The CVE-2026-20098 issue arises from improper input validation in the web-based management interface, allowing an authenticated remote attacker (with at least the video operator role) to upload arbitrary files, execute co...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.17.48 bug fix and security update

Red Hat OpenShift Container Platform release 4.17.48 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...

Login Disable - Less critical - Access bypass - SA-CONTRIB-2026-008

The Login Disable module prevents users from logging in to your Drupal site unless they know the access key to add to the end of the login form page. default: http://example.com/user/login?admin If they provide the access key and have a specific role they can log in. The module does not check for...

PT-2026-6656

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.121.0 Description n8n is a workflow automation platform. A flaw in the HTTP Request node’s credential domain validation could allow an authenticated attacker to send requests with credentials to unintended domains,...

AZL-76700 CVE-2026-1801 affecting package libsoup for versions less than 3.4.4-12

A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soupfilterinputstreamreadline logic, where libsoup accepts malformed chunk headers, such as lone line feed LF characters instead of the required...

AZL-76736 CVE-2026-1801 affecting package libsoup 3.0.4-12

A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soupfilterinputstreamreadline logic, where libsoup accepts malformed chunk headers, such as lone line feed LF characters instead of the required...

CVE-2026-1801

A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soupfilterinputstreamreadline logic, where libsoup accepts malformed chunk headers, such as lone line feed LF characters instead of the required...

EUVD-2026-5176

A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soupfilterinputstreamreadline logic, where libsoup accepts malformed chunk headers, such as lone line feed LF characters instead of the required...

CVE-2026-1801

A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soupfilterinputstreamreadline logic, where libsoup accepts malformed chunk headers, such as lone line feed LF characters instead of the required...

Security update for python-h2 (moderate)

openSUSE security update: security update for python-h2 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20122-1 Rating: moderate References: bsc1248737 Cross-References: CVE-2025-57804 CVSS scores: CVE-2025-57804 SUSE : 5.3...

CVE-2026-1760

A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client can exploit this by sending specially crafted requests,...

CVE-2026-1760

CVE-2026-1760 – SoupServer HTTP request smuggling . A flaw in SoupServer allows a remote unauthenticated attacker to smuggle additional requests over a persistent connection by exploiting combined Transfer-Encoding: chunked and Connection: keep-alive handling, potentially causing DoS. The vulnera...

CVE-2025-63651

A use-after-free in the mkstringcharsearch function mkcore/mkstring.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...

CVE-2025-63650

An out-of-bounds read in the mkptrtobuf in mkcore function mkmemory.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...

CVE-2025-63653

An out-of-bounds read in the mkvhostfdtclose function mkserver/mkvhost.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...

Security Bulletin: IBM Operational Decision Manager for December 2025 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed Vulnerability Details CVEID:CVE-2025-58056...

CVE-2025-63650

An out-of-bounds read in the mkptrtobuf in mkcore function mkmemory.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...

CVE-2025-63651

A use-after-free in the mkstringcharsearch function mkcore/mkstring.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...

EUVD-2025-206528

A use-after-free in the mkstringcharsearch function mkcore/mkstring.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...