6753 matches found
BIT-PYTHON-2026-0865 wsgiref.headers.Headers allows header newline injection
User-controlled header names and values containing newlines can allow injecting HTTP headers...
BIT-PYTHON-2026-0672 Header injection in http.cookies.Morsel
When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...
BIT-LIBPYTHON-2026-0672 Header injection in http.cookies.Morsel
When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...
USN-7976-1: Form-Data vulnerability
Ben Shonaldmann discovered that Form-data incorrectly generated boundary values for multipart form-encoded data, leading to predictable values. A remote attacker could possibly use this issue to make arbitrary requests to internal systems...
USN-7976-1 node-form-data vulnerability
Ben Shonaldmann discovered that Form-data incorrectly generated boundary values for multipart form-encoded data, leading to predictable values. A remote attacker could possibly use this issue to make arbitrary requests to internal systems...
Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2026-50071)
The remote Oracle Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-50071 advisory. 5.4.17-2136.351.3.3 - crypto: afalg - Fix incorrect boolean values in afalgctx Eric Biggers Orabug: 38884602 CVE-2025-40022 Tenable has extracted the...
Dormakaba Exos 9300 security vulnerabilities
The Dormakaba Exos 9300 is an access control and security management system developed by the American company Dormakaba. The Dormakaba Exos 9300 has a security vulnerability, as the database passwords are derived from static random values. This vulnerability could allow attackers to derive...
CVE-2026-24140 MyTube has Mass Assignment via Settings Management
MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignment vulnerability in the settings management functionality due to insufficient input validation. The application's saveSettings function accepts arbitrary key-value pairs without...
Arbitrary Code Execution
binary-parser is vulnerable to Arbitrary Code Execution. The vulnerability is due to unsanitized interpolation of untrusted values into dynamically generated code, where attacker-controlled parser field names or encoding parameters are embedded directly into generated JavaScript, allowing arbitra...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the getMockScalar function. An attacker can execute arbitrary code by supplying a crafted OpenAPI specification containing malicious values in the const property, which are then interpolated into generate...
SUSE CVE-2026-24006
Seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, serialization of objects with extreme depth can exceed the maximum call stack limit. In version 1.4.1, Seroval introduces a depthLimit parameter in...
CVE-2025-9290
An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication...
CVE-2025-12738
Neo4j Enterprise editions before 2025.11.2 and 5.26.17 are vulnerable to information disclosure. An attacker with some legitimate access can infer the value of a property by enumerating possible values and observing error messages from SET property, without requiring read access. Upstream fixes a...
CVE-2025-12738
Neo4j Enterprise edition versions prior to 2025.11.2 and 5.26.17 are vulnerable to a potential information disclosure by an attacker who has some legitimate access to the database. The vulnerability allows attacker without read access to a property to infer information about its value by trying t...
CVE-2025-12738 Enumeration of restricted property value
Neo4j Enterprise edition versions prior to 2025.11.2 and 5.26.17 are vulnerable to a potential information disclosure by an attacker who has some legitimate access to the database. The vulnerability allows attacker without read access to a property to infer information about its value by trying t...
CVE-2026-23957 seroval is vulnerable to Denial of Service via array serialization
seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, overriding encoded array lengths by replacing them with an excessively large value causes the deserialization process to significantly increase processing...
[SECURITY] Fedora 42 Update: rpki-client-9.7-1.fc42
The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure RPKI for Relying Parties RP to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisatio...
HUSTOJ security vulnerabilities
HUSTOJ is a popular OJ system developed by Zhang Haobin zhblue from China. HUSTOJ has security vulnerabilities; these vulnerabilities arise from the application not cleaning the input provided by users before exporting it to .xls files. This may lead to CSV injection and arbitrary command executi...
EUVD-2026-3521
When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...
ROS-20260121-73-0012
A vulnerability in the blkdevreaditer function of the block/fops.c component of the Linux kernel is related to an unverified return value. Exploitation of the vulnerability could allow an attacker to cause a denial of service...