CVE-2026-6338

A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 series. The vulnerability is caused by a parsing flaw in Kong’s HTTP request processing pipeline when handling untrusted HTTP/1.1 traffic...

CVE-2026-6338

Kong Gateway Enterprise versions 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 are affected by a HTTP request smuggling and desynchronization vulnerability caused by a parsing flaw in Kong’s HTTP request processing pipeline when handling untrusted HTTP/1.1 traffic. The issue can enable network‑level abus...

EUVD-2026-36246

A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 series. The vulnerability is caused by a parsing flaw in Kong’s HTTP request processing pipeline when handling untrusted HTTP/1.1 traffic...

CVE-2026-6338 HTTP request smuggling in Kong Enteprise Gateway

A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 series. The vulnerability is caused by a parsing flaw in Kong’s HTTP request processing pipeline when handling untrusted HTTP/1.1 traffic...

GHSA-3244-J874-RHC2 Netty: Memory Exhaustion in RedisArrayAggregator due to Deeply Nested Arrays

Summary An attacker can cause DoS by sending a crafted Redis payload with deeply nested arrays. This forces the server to allocate a massive number of state objects and collections, leading to memory exhaustion and an OutOfMemoryError. Details io.netty.handler.codec.redis.RedisArrayAggregator...

Netty: Memory Exhaustion in RedisArrayAggregator due to Deeply Nested Arrays

Summary An attacker can cause DoS by sending a crafted Redis payload with deeply nested arrays. This forces the server to allocate a massive number of state objects and collections, leading to memory exhaustion and an OutOfMemoryError. Details io.netty.handler.codec.redis.RedisArrayAggregator...

PT-2026-47555

Summary An attacker can cause DoS by sending crafted Redis payloads across multiple connections without r . This exhausts the server's direct memory pool OutOfDirectMemoryError, preventing legitimate connections from being processed. Details io.netty.handler.codec.redis.RedisDecoder decodes the...

PT-2026-47601

Name of the Vulnerable Software and Affected Versions netty-codec-redis versions prior to 4.1.135.Final netty-codec-redis versions prior to 4.2.15.Final Description A denial of service can occur when an attacker sends a crafted Redis payload containing deeply nested arrays. The...

CVE-2026-6521

A flaw was found in Wireshark. The OpenFlow v5 protocol dissector contains an infinite loop vulnerability. A remote attacker could exploit this by sending a specially crafted packet, leading to a denial of service DoS condition, making the application unresponsive. Mitigation To reduce exposure,...

CVE-2023-23932

OpenDDS is an open source C++ implementation of the Object Management Group OMG Data Distribution Service DDS. OpenDDS applications that are exposed to untrusted RTPS network traffic may crash when parsing badly-formed input. This issue has been patched in version 3.23.1...

CVE-2022-35922

Rust-WebSocket is a WebSocket RFC6455 library written in Rust. In versions prior to 0.26.5 untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based...

Information Disclosure

github.com/pomerium/pomerium is vulnerable to information disclosure. The library's authentication service exposes pprof debug and prometheus metrics handlers to untrusted traffic which results in sensitive environmental information leakage or limited denial of service conditions...

CVE-2022-24797 Exposure of Sensitive Information in Pomerium

Pomerium is an identity-aware access proxy. In distributed service mode, Pomerium's Authenticate service exposes pprof debug and prometheus metrics handlers to untrusted traffic. This can leak potentially sensitive environmental information or lead to limited denial of service conditions. This...

PT-2022-16885 · Pomerium · Pomerium

Name of the Vulnerable Software and Affected Versions: Pomerium versions prior to v0.17.1 Description: Pomerium is an identity-aware access proxy. In distributed service mode, Pomerium's Authenticate service exposes pprof debug and prometheus metrics handlers to untrusted traffic. This can leak...

Pomerium 安全漏洞

Pomerium is an open source identity-aware access agent from the U.S. company Pomerium. It is used to enable secure access to internal applications. A security vulnerability exists in Pomerium that stems from the fact that in a distributed services model, Pomerium's authentication service exposes...

PMachine Lib.Inc.PHP Remote Include Command Execution Vulnerability

Description It has been reported that PMachine does not properly handle include files under some circumstances. Because of this, an attacker may be able to remotely execute commands. Technologies Affected PMachine PMachine 2.2.1 Recommendations Block external access at the network boundary, unles...