Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a race condition in the handling of ICReq requests and queue removal in nvmet-tcp. This...

Plack::Middleware::Security::Common 安全漏洞

Plack::Middleware::Security::Common is a Perl web application security header middleware developed by RRWO’s individual developers. Versions of Plack::Middleware::Security::Common prior to 0.13.1 contained security vulnerabilities. These vulnerabilities stemmed from ineffective header injection...

ROS-20260515-73-0016

A vulnerability in the Google Chrome web browser is related to HTTP request handling errors. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

PT-2026-40607

Name of the Vulnerable Software and Affected Versions bandit versions 1.4.0 through 1.11.0 Description An unauthenticated remote attacker can cause a denial of service via memory exhaustion. The read data/2 function in Elixir.Bandit.HTTP1.Socket ignores the :length option when processing HTTP/1...

ROS-20260513-73-0008

Vulnerability in rubygem-rack related to a flaw in http request handling. Exploitation of the vulnerability may allow a remote attacker to affect the integrity of protected information...

Bird-lg-go has a Fatal Out-of-Memory (OOM) Denial of Service via Unbounded JSON Decoding

Summary The apiHandler and similarly webHandlerTelegramBot processes user-provided JSON payloads by directly using json.NewDecoderr.Body.Decode&request without restricting the maximum read size. An unauthenticated remote attacker can stream an extremely large, endless JSON payload e.g., several...

CVE-2026-43372

CVE-2026-43372 resolves a leak in the Linux kernel Microchip DSA driver during PTP IRQ setup. If request_threaded_irq() fails, the error path previously only freed mappings that had succeeded; now the kernel disposes the newly created IRQ mapping to prevent resource exhaustion. Affected component...

ROS-20260508-73-0003

Vulnerability in rubygem-activestorage related to insufficient neutralization of special elements in a request. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code...

Flight: HTTP method override enabled by default, facilitating CSRF escalation and middleware bypass

Summary Request::getMethod unconditionally honors the X-HTTP-Method-Override header and the $REQUEST'method' parameter on any HTTP verb including safe verbs such as GET, with no opt-in and no whitelist of permitted target methods. A GET request can silently become a DELETE or PUT, enabling CSRF...

PT-2026-38319

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.16 Description The bodyLimit function does not reliably enforce the maxSize parameter for requests that lack a usable Content-Length, such as those using Transfer-Encoding: chunked. For these requests, the function...

ROS-20260506-73-0024

Vulnerability in tomcat related to flaws in http request handling. Exploitation of the vulnerability could allow a remote attacker to send a hidden http request http request smuggling attack...

ROS-20260506-73-0026

Vulnerability in tomcat11 related to flaws in http request handling. Exploitation of the vulnerability may allow a remote attacker to send a hidden http request http request smuggling attack...

CVE-2026-7706

A vulnerability has been found in Open5GS up to 2.7.7. This issue affects the function gmmhandleservicerequest of the file /src/amf/gmm-handler.c of the component AMF. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public a...

Astra Linux - уязвимость в firefox, thunderbird

Bypass of the same-origin policy in the Request Handling component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

Astra Linux - уязвимость в xwayland, xorg-server

A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service...

CVE-2026-7706

A vulnerability has been found in Open5GS up to 2.7.7. This issue affects the function gmmhandleservicerequest of the file /src/amf/gmm-handler.c of the component AMF. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public a...

CVE-2026-7706 Open5GS AMF gmm-handler.c gmm_handle_service_request denial of service

A vulnerability has been found in Open5GS up to 2.7.7. This issue affects the function gmmhandleservicerequest of the file /src/amf/gmm-handler.c of the component AMF. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public a...

CVE-2024-54013

Penetration Testing engineers at Amazon have identified a security flaw related to request handling in the web server component that could, under certain conditions, lead to unintended access to protected functions. The manufacturer has released patch firmware for the flaw, please refer to the...

EUVD-2024-55560

Penetration Testing engineers at Amazon have identified a security flaw related to request handling in the web server component that could, under certain conditions, lead to unintended access to protected functions. The manufacturer has released patch firmware for the flaw, please refer to the...

CVE-2024-54013

Penetration Testing engineers at Amazon have identified a security flaw related to request handling in the web server component that could, under certain conditions, lead to unintended access to protected functions. The manufacturer has released patch firmware for the flaw, please refer to the...