EUVD-2026-32016

Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks...

DEBIAN-CVE-2026-23941

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/7. The...

EUVD-2023-2225

Malicious code in bioql PyPI...

EUVD-2021-28629

Malicious code in bioql PyPI...

CVE-2023-53333 netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one Eric Dumazet says: nfconntrackdccppacket has an unique: dh = skbheaderpointerskb, dataoff, sizeofdh, &dh; And nothing more is 'pulled' from the...

Update of tzdata

Upgrade to tzdata-2025b - New zone for Aysén Region in Chile which moves from -04/-03 to -03. - Paraguay adopted permanent -03 starting spring 2024. - Improve pre-1991 data for the Philippines. - Etc/Unknown is now reserved. - Improve historical data for Mexico, Mongolia, and Portugal. - System V...

EulerOS 2.0 SP11 : python3 (EulerOS-SA-2025-1676)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid...

CVE-2019-6631

On BIG-IP 11.5.1-11.6.4, iRules performing HTTP header manipulation may cause an interruption to service when processing traffic handled by a Virtual Server with an associated HTTP profile, in specific circumstances, when the requests do not strictly conform to RFCs...

CVE-2025-36557

When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

OESA-2025-1490 erlang security update

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fixes: Erlang/OTP is a set of libraries for the Erlang...

CVE-2025-36557

When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-36557 BIG-IP HTTP vulnerability

When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-36557

CVE-2025-36557 affects F5 BIG-IP BIG-IP Next and related platforms where an HTTP profile configured with Enforce RFC Compliance can cause the Traffic Management Microkernel (TMM) to terminate due to undisclosed requests. Impact is described as DoS with TMM restart disruption and potential data-pl...

CVE-2025-43916

CVE-2025-43916 affects Sonos api.sonos.com (endpoint /login/v3/oauth). The flaw allows a redirect_uri containing userinfo in the authority component, violating RFC 6819 5.2.3.5 and potentially causing an authorization code to be sent to an attacker-controlled destination. Public-fix details are n...

Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2025-898)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-898 advisory. The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be...

CVE-2023-28362

The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...

K11342432: BIG-IP HTTP non-RFC-compliant security exposure

Security Advisory Description This issue occurs when a non-RFC-compliant HTTP request is received by a virtual server on a system matching one of the following conditions: BIG-IP 15.1.0 and later version with a virtual server with an HTTP profile with Enforce RFC Compliance enabled. All supported...

GHSA-FVHJ-4QFH-Q2HM Traefik incorrectly processes fragment in the URL, leads to Authorization Bypass

Summary When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates the RFC because in the origin-form the URL should only contain the absolute path and the query. When this is combined with another fronte...

SUSE-SU-2023:3861-1 Security update for SUSE Manager Server 4.3

This update fixes the following issues: billing-data-service: - Version 0.3-1 Add required dependencies to package and service Change billing api datastructure Require csp-billing-adapter service cobbler: - Fix EFI PXE boot regression bsc1214124 - Fix isolinux.cfg generation in 'cobbler buildiso'...

Cross-site Scripting (XSS)

actionpack is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the redirectto functio of redirecting.rb does not properly check the provided URL for illegal characters, resulting in the downstream services which enforce RFC compliance on HTTP response headers to remove the...