CVE-2026-40562 Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence

Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

CVE-2025-71091 affecting package kernel for versions less than 6.6.121.1-1

CVE-2025-71091 affecting package kernel for versions less than 6.6.121.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2025-62161 youki container escape via "masked path" abuse due to mount race conditions

Youki is a container runtime written in Rust. In versions 0.5.6 and below, the initial validation of the source /dev/null is insufficient, allowing container escape when youki utilizes bind mounting the container's /dev/null as a file mask. This issue is fixed in version 0.5.7...

openvpn-cms-flask 注入漏洞

openvpn-cms-flask is a web management system based on openvpn by xiaoyunjie individual developer in China. An injection vulnerability exists in openvpn-cms-flask 1.2.7 and earlier versions, which originates from a command injection due to the incorrect operation of the parameter Username in the...