CVE-2026-43974 gun HTTP/1.1 client accepts unsolicited 101 Switching Protocols response allowing server-driven protocol hijack and OOM

Unexpected Status Code or Return Value vulnerability in ninenines gun gunhttp module allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Protocols response. In gunhttp:handleinform/8, when a 101 Switching Protocols response is received over...

EUVD-2026-9510

Pingora vulnerable to HTTP Request Smuggling via Premature Upgrade...

CVE-2026-2833

An HTTP request smuggling vulnerability CWE-444 was found in Pingora's handling of HTTP/1.1 connection upgrades. The issue occurs when a Pingora proxy reads a request containing an Upgrade header, causing the proxy to pass through the rest of the bytes on the connection to a backend before the...

CVE-2026-2833

An HTTP request smuggling vulnerability CWE-444 was found in Pingora's handling of HTTP/1.1 connection upgrades. The issue occurs when a Pingora proxy reads a request containing an Upgrade header, causing the proxy to pass through the rest of the bytes on the connection to a backend before the...

Huawei EulerOS: Security Advisory for libwebsockets (EulerOS-SA-2026-1074)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2021-1248

Malware in sbrugna...

USN-5079-2 curl vulnerabilities

USN-5079-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl woul...

[ASA-202106-51] matrix-appservice-irc: insufficient validation

Arch Linux Security Advisory ASA-202106-51 ========================================== Severity: Medium Date : 2021-06-22 CVE-ID : CVE-2021-32659 Package : matrix-appservice-irc Type : insufficient validation Remote : Yes Link : https://security.archlinux.org/AVG-2076 Summary ======= The package...

GHSA-35G4-QX3C-VJHX Automatic room upgrade handling can be used maliciously to bridge a room non-consentually

Impact If a bridge has room upgrade handling turned on in the configuration the roomUpgradeOpts key when instantiating a new Bridge instance., any m.room.tombstone event it encounters will be used to unbridge the current room and bridge into the target room. However, the target room m.room.create...

CVE-2021-32659

Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services. In versions 2.6.0 and earlier, if a bridge has room upgrade handling turned on in the configuration the roomUpgradeOpts key when instantiating a new Bridge instance., any m.room.tombstone...

CVE-2021-32659 Automatic room upgrade handling can be used maliciously to bridge a room non-consentually

Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services. In versions 2.6.0 and earlier, if a bridge has room upgrade handling turned on in the configuration the roomUpgradeOpts key when instantiating a new Bridge instance., any m.room.tombstone...

CVE-2021-32659

CVE-2021-32659 affects matrix-appservice-bridge (versions 2.6.0 and earlier). When room upgrade handling is enabled via roomUpgradeOpts, an m.room.tombstone event can unbridge the current room and bridge into a target room without verifying the predecessor in the target m.room.create, enabling a ...

CVE-2017-9444

BigTree CMS through 4.2.18 has CSRF related to the core\admin\modules\users\profile\update.php script modify user information, the index.php/admin/developer/packages/delete/ URI remove packages, the index.php/admin/developer/upgrade/ignore/?versions= URI, and the...