UBUNTU-CVE-2026-22735

Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events SSE. This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46...

asp.net: ASP.NET Core: Denial of Service via uncontrolled resource allocation

A flaw was found in ASP.NET Core. This vulnerability allows an unauthorized attacker to perform a Denial of Service DoS attack over a network by allocating resources without limits or throttling. This can lead to the unavailability of the service for legitimate users...

ALSA-2026:4451 Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.125 and .NET Runtime...

EUVD-2026-10694

Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network...

CVE-2026-26130

Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network...

ASP.NET Core Denial of Service Vulnerability

Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-tornado (UTSA-2026-005918)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005918 advisory. Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form- data parser encounters certain errors, it logs a warning but...

SUSE CVE-2026-25891

Fiber is an Express inspired web framework written in Go. A Path Traversal CWE-22 vulnerability in Fiber allows a remote attacker to bypass the static middleware sanitizer and read arbitrary files on the server file system on Windows. This affects Fiber v3 through version 3.0.0. This has been...

CVE-2026-27205

Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerability. The logic instructs caches not to cache...

PT-2026-21353

Name of the Vulnerable Software and Affected Versions Flask versions 3.1.2 and below Description Flask, a web server gateway interface WSGI web application framework, may improperly handle caching when accessing the session object. Specifically, it may fail to set the 'Vary: Cookie' header,...

CVE-2025-66630 Fiber insecurely fallsback in utils.UUIDv4() / utils.UUID() — predictable / zero‑UUID on crypto/rand failure

Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may...

Fiber 安全特征问题漏洞

Fiber is Fiber open source an open source Web framework written in Go language . Fiber suffers from a security signature issue vulnerability. The vulnerability stems from an error not returned by the UUID function and can be exploited by an attacker to use predictable or low entropy identifiers i...

PYSEC-2026-43

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.ASGIRequest allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers.Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not...

CLEANSTART-2026-BZ92766 beego is an open-source web framework for the Go programming language

Multiple security vulnerabilities affect the harbor-fips package. beego is an open-source web framework for the Go programming language. See references for individual vulnerability details...

CVE-2026-24472

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control...

CVE-2026-24771

Summary: CVE-2026-24771 affects the hono/jsx ErrorBoundary in Hono prior to v4.11.7, where untrusted strings can be rendered as raw HTML, enabling browser-executed scripts under certain usage. The issue is mitigated by upgrading to v4.11.7, which patches the vulnerability. Exploitation details ar...

EUVD-2026-4774

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, IP Restriction Middleware in Hono is vulnerable to an IP address validation bypass. The IPV4REGEX pattern and convertIPv4ToBinary function in src/utils/ipaddr.ts do not properly validate...

exploitRag-FullStack

ExploitRAG - RAG-based Cybersecurity Chat System A production...

CVE-2026-23527

A flaw was found in h3, a minimal HTTP Hypertext Transfer Protocol framework. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request where the Transfer-Encoding header uses a case variation of "chunked". The readRawBody function performs a strict case-sensiti...

CVE-2026-21860

Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5, Werkzeug's safejoin function allows path segments with Windows device names that have file extensions or trailing spaces. On Windows, there are special device names such as CON, AUX, etc that are implicitly present...