EUVD-2026-33941

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser, Mint.HTTP1.Parse.contentlengthheader/1 in...

Apache Tomcat: Apache Tomcat: Open Redirect vulnerability via LoadBalancerDrainingValve

A flaw was found in Apache Tomcat. This open redirect vulnerability allows an attacker to redirect a user to an untrusted site. This occurs through the LoadBalancerDrainingValve, which can be exploited to manipulate URL redirection. The primary impact is that users may be unknowingly directed to...

MAL-2026-4653 Malicious code in qaq-core-util-v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41cf368bbc06ee2a9e0d2a9b2030d7604a41af7ed5fed253d48a0d9ff41f92f6 lib/memcached.js exports getCacheRedis, getCacheDataRedis, and setCacheRedis. Each function's signature accepts a cachedUrl parameter, but the...

SUSE CVE-2021-25736

Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port “spec.ports.port” as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress.ip” field. Clusters where the LoadBalancer controller sets the...

Astra Linux - уязвимость в tomcat9

There is an occasional URL redirection to untrusted sites, a vulnerability in Apache Tomcat via the LoadBalancerDrainingValve mechanism. This issue affects Apache Tomcat: versions from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, and from 8.5.30 throu...

CLEANSTART-2026-SW24654 Security fixes for CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283 applied in versions: 3.2.1-r0

Multiple security vulnerabilities affect the aws-load-balancer-controller package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-42920

creationtimestamp| type| source ---|---|--- 2026-05-14 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/f5-products-multiple-vulnerabilities20260515...

GHSA-J8H8-75H3-JG53 Fleet has a rate limiting bypass via untrusted client IP headers

Impact Fleet trusted client-supplied IP address headers when determining the source IP for incoming requests. This allowed authenticated and unauthenticated clients to spoof their apparent IP address and bypass per-IP rate limiting controls. Fleet determines a client’s public IP address using HTT...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: vmxnet3: Fixed malformed packet sizes in vmxnet3processxdp. The XDP handling of the vmxnet3 driver is buggy for packet sizes using ring0 i.e., packet sizes between 128 and 3k bytes. We observed connectivity issues related to M...

[SECURITY] [DSA 6233-1] pdns security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6233-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 28, 2026 https://www.debian.org/security/faq -...

[SECURITY] Fedora 44 Update: dnsdist-2.0.3-1.fc44

dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in life is to route traffic to the best server, delivering top performance to legitimate users while shunting or blocking abusive traffic...

CVE-2026-40344

MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's Snowball auto-extract handler PutObjectExtractHandler allows any user who knows a valid access key to write...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013673)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013673 advisory. In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix deadlock issue when externellb and reset are executed together When externellb and...

Radware Alteon has a reflected XSS vulnerability that can execute JavaScript in the host browser

Overview Radware Alteon has a reflected Cross-Site Scripting XSS vulnerability in the parameter ReturnTo of the route /protected/login. This vulnerability allows an attacker to execute JavaScript in the host browser. Description CVE-2026-5754: Reflected Cross-Site Scripting XSS vulnerability in...

Virtuozzo Infrastructure 7.3 Hotfix 1 (7.3.0-177)

This update provides stability fixes. Vulnerability id: VSTOR-127496 Improved error messages for QEMU updates. Vulnerability id: VSTOR-128436 Creating a load balancer could fail with "Unable to find securitygroup". Vulnerability id: VSTOR-129065 Neutron could consume excessive memory when listing...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-007581)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007581 advisory. In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix deadlock issue when externellb and reset are executed together When externellb and...

CVE-2026-5754

Reflected Cross-Site Scripting XSS Vulnerability in Radware Alteon 34.5.4.0 vADC load-balancer allows an attacker to inject malicious scripts into the website, potentially leading to unauthorized actions, data theft, or other malicious activities...

CLEANSTART-2026-BZ28794 Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service

Multiple security vulnerabilities affect the aws-load-balancer-controller package. Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. See references for...

EUVD-2026-22677

Reflected Cross-Site Scripting XSS Vulnerability in Radware Alteon 34.5.4.0 vADC load-balancer allows an attacker to inject malicious scripts into the website, potentially leading to unauthorized actions, data theft, or other malicious activities...

CVE-2026-5754

Reflected Cross-Site Scripting XSS Vulnerability in Radware Alteon 34.5.4.0 vADC load-balancer allows an attacker to inject malicious scripts into the website, potentially leading to unauthorized actions, data theft, or other malicious activities...