264 matches found
PT-2026-34174
Name of the Vulnerable Software and Affected Versions frp versions 0.43.0 through 0.68.0 Description An authentication bypass exists in the HTTP vhost routing path when routeByHTTPUser is utilized for access control. In proxy-style requests, the routing logic selects the routeByHTTPUser backend...
Security update for tomcat
This update for tomcat fixes the following issues: Update to Tomcat 9.0.115: CVE-2025-48989: HTTP/2 protocol including DNS over HTTPS is vulnerable to "MadeYouReset" DoS attack bsc1243895. CVE-2025-52434: race condition on connection close when using the APR/Native connector could lead to a JVM...
aaPanel 安全漏洞
aaPanel is a simple yet powerful web-based control panel developed under the open source license. Version 7.57.0 of aaPanel contains a security vulnerability, which stems from a regular expression denial-of-service issue in the VirtualHost configuration processing/parser component...
CVE-2026-29856
An issue in the VirtualHost configuration handling/parser component of aaPanel v7.57.0 allows attackers to cause a Regular Expression Denial of Service ReDoS via a crafted input...
CVE-2026-29856
An issue in the VirtualHost configuration handling/parser component of aaPanel v7.57.0 allows attackers to cause a Regular Expression Denial of Service ReDoS via a crafted input...
EUVD-2016-10827
Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input passed through various parameters is not properly sanitized before being returned to users. Attackers can inject malicious script code through parameters like...
CVE-2016-20036
Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input passed through various parameters is not properly sanitized before being returned to users. Attackers can inject malicious script code through parameters like...
EulerOS 2.0 SP10 : libsoup (EulerOS-SA-2026-1342)
According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw in libsoup's HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing...
Security update for tomcat11
This update for tomcat11 fixes the following issues: Update to Tomcat 11.0.18: CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. CVE-2026-24734: certificate revocation bypass du...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: vhost: vringh: Fixed the check on the return value of copytoiter. The return value of copytoiter cannot be negative; instead of checking for negative values, we should check whether the copied length is equal to the requested...
CVE-2025-66614 Apache Tomcat: Client certificate verification bypass due to virtual host mapping
Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Older EOL...
CVE-2025-66614
CVE-2025-66614 is an improper input validation issue in Apache Tomcat. The vulnerability affects Tomcat versions 11.0.0-M1 through 11.0.14, 10.1.0-M1 through 10.1.49, and 9.0.0-M1 through 9.0.112, with older EOL versions (8.5.0–8.5.100) also listed as affected. The root cause is failure to verify...
[SECURITY] Fedora 42 Update: nginx-mod-vts-0.2.4-6.fc42
Nginx virtual host traffic status module...
[SECURITY] Fedora 43 Update: nginx-mod-vts-0.2.4-6.fc43
Nginx virtual host traffic status module...
CVE-2026-25768 LavinMQ is missing vhost access control
LavinMQ is a high-performance message queue & streaming server. Before 2.6.6, an authenticated user could access metadata in the broker they should not have access to. This vulnerability is fixed in 2.6.6...
CVE-2025-63653
An out-of-bounds read in the mkvhostfdtclose function mkserver/mkvhost.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...
SUSE SLES15: cluster-md-kmp-64kb / cluster-md-kmp-default / dlm-kmp-64kb / etc (SUSE-SU-2026:0293-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0293-1 advisory. The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: CVE-2025-38321: smb: Log an error when closeallcacheddirs fails bsc1246328. CVE-2025-38728: smb3: fix for slab out of bounds on mount to ksmbd bsc1249256. CVE-2025-39890:...
SUSE-SU-2026:0293-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38321: smb: Log an error when closeallcacheddirs fails bsc1246328. - CVE-2025-38728: smb3: fix for slab out of bounds on mount to ksmbd bsc1249256. -...
libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins)
A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the...