280 matches found
GHSA-P5F6-RCCC-JV98 dd-trace-rb: Improper parsing of W3C baggage headers may lead to DoS
Impact Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing item-count or byte-size limits on the extract path. The DDTRACEBAGGAGEMAXITEMS default 64 and DDTRACEBAGGAGEMAXBYTES default 8192 limits were applied only to baggage...
CVE-2026-51606
CVE-2026-51606 affects Tenda CP3 v3.0 with firmware v31.1.9.91. The RTSP service suffers improper input handling: when an oversized field value is sent, the device terminates the TCP connection with an RST and does not return any RFC 2326‑compliant error response. Affected items include the reque...
CVE-2025-71336 Flowise - Unsandboxed Remote Code Execution via Custom MCP
Flowise before 3.0.6 affected versions 2.2.7-patch.1 and earlier contains an unsandboxed remote code execution vulnerability in the Custom MCP feature, which is designed to execute OS commands such as launching local MCP servers. Because Flowise's authentication and authorization model is minimal...
PT-2026-44546
Name of the Vulnerable Software and Affected Versions Symfony Webhook Bridges versions prior to 6.4 Symfony Webhook Bridges versions prior to 7.4 Description The Mailjet mailer bridge and the LOX24 SMS notifier bridge contain webhook request parsers that fail to authenticate event callbacks. The...
EUVD-2026-30749
Mattermost versions 11.5.x = 11.5.1, 11.4.x = 11.4.3 fail to validate the X-Requested-With header on the burn-on-read reveal endpoint which allows an authenticated channel member to force the reveal of a burn-on-read message without recipient consent via a crafted Markdown image tag.. Mattermost...
Unity Linux 20.1060e / 20.1070e Security Update: tomcat (UTSA-2026-017612)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017612 advisory. When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers an...
EUVD-2026-19759
NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request header to the server. A successful exploit of this vulnerability might lead to denial of service...
CVE-2026-33223
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, the NATS message header Nats-Request-Info: is supposed to be a guarantee of identity by the NATS server, but the stripping of this header from inbound messages was...
Uncaught Exception
Overview Affected versions of this package are vulnerable to Uncaught Exception in Node.js HTTP request handling. The flaw triggers when an incoming request includes a header named proto and the server application accesses req.headersDistinct. This causes dest"proto" to incorrectly resolve to...
CVE-2026-3635 Fastify request.protocol and request.host spoofable via X-Forwarded-Proto/Host from untrusted connections when trustProxy uses restrictive trust function
Summary When trustProxy is configured with a restrictive trust function e.g., a specific IP like trustProxy: '10.0.0.1', a subnet, a hop count, or a custom function, the request.protocol and request.host getters read X-Forwarded-Proto and X-Forwarded-Host headers from any connection — including...
OESA-2026-1592 httpd security update
Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives. This issue affects Apache HTTP...
CVE-2026-30820 Flowise Authorization Bypass via Spoofed x-request-from Header
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, Flowise trusts any HTTP client that sets the header x-request-from: internal, allowing an authenticated tenant session to bypass all /api/v1/ authorization checks. With only a browser...
CVE-2026-30820 Flowise Authorization Bypass via Spoofed x-request-from Header
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, Flowise trusts any HTTP client that sets the header x-request-from: internal, allowing an authenticated tenant session to bypass all /api/v1/ authorization checks. With only a browser...
CVE-2026-30820 Flowise Authorization Bypass via Spoofed x-request-from Header
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, Flowise trusts any HTTP client that sets the header x-request-from: internal, allowing an authenticated tenant session to bypass all /api/v1/ authorization checks. With only a browser...
httpd: Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo
A permissions bypass flaw has been discovered in the apache HTTP server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid...
CVE-2026-26234
JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows unauthenticated attackers to override request URLs by injecting arbitrary values in the X-Forwarded-Host header. Attackers can manipulate proxied requests to generate tainted responses, enabling cache...
CLSA-2026-1769099972 httpd: Fix of 2 CVEs
CVE-2025-65082: fix CGI environment variable injection by preventing HTTP headers from overriding server-set variables and added regression tests - CVE-2025-66200: prevent suexec bypass by removing request notes usage and rejecting the undocumented RequestHeader note option...
CLSA-2026-1769014292 httpd: Fix of 2 CVEs
CVE-2025-66200: don't use request notes for suexec, stop accepting the obscure "note" option in RequestHeader - CVE-2025-65082: fix precedence of envvars from HTTP headers and Apache configuration...
CLSA-2026-1769013944 httpd: Fix of 2 CVEs
CVE-2025-66200: don't use request notes for suexec, stop accepting the obscure "note" option in RequestHeader - CVE-2025-65082: fix precedence of envvars from HTTP headers and Apache configuration...
CLSA-2026-1768213076 httpd: Fix of 2 CVEs
CVE-2025-65082: fix CGI environment variable injection by preventing HTTP headers from overriding server-set variables - CVE-2025-66200: prevent suexec bypass by removing request notes usage and rejecting the undocumented RequestHeader note option...