CVE-2026-31908 Apache APISIX: forward auth plugin allows header injection

Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

CVE-2026-31908 Apache APISIX: forward auth plugin allows header injection

Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

EUVD-2026-22225

Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

CVE-2026-31908

Apache APISIX (forward-auth plugin) is affected by a header injection vulnerability (CVE-2026-31908) tracked across multiple feeds. Affects versions 2.12.0 through 3.15.0; exploitation arises from improper sanitization of CRLF sequences in the forward-auth plugin, enabling injection of HTTP heade...

Amazon Linux 2 : docker, --advisory ALAS2DOCKER-2026-108 (ALASDOCKER-2026-108)

"The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-108 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On...

Malicious Package

Overview gp-auth-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

Oracle Linux 9 : nginx:1.26 (ELSA-2026-7343)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-7343 advisory. - Resolves: RHEL-157887 - CVE-2026-32647 nginx:1.26/nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files - Resolves:...

SUSE-SU-2026:1287-1 Security update for the Linux Kernel (Live Patch 70 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise Kernel 4.12.14-122.266 fixes various security issues The following security issues were fixed: - CVE-2023-53794: cifs: fix session state check in reconnect to avoid use-after-free issue bsc1255235. - CVE-2025-39973: i40e: add validation for ringlen param...

Malicious code in gp-auth-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a24cae80696867d7d7b835ee70e1ef1e85373092f31cd93e2a35508ae3d2afb3 The package gp-auth-lib was found to contain malicious code. Source: ghsa-malware 73c001ebe2675cd78ef852bc2e78ff6fb837fd64b9b490dbea61c4ff1ca6d146 An...

MAL-2026-2564 Malicious code in gp-auth-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a24cae80696867d7d7b835ee70e1ef1e85373092f31cd93e2a35508ae3d2afb3 The package gp-auth-lib was found to contain malicious code. Source: ghsa-malware 73c001ebe2675cd78ef852bc2e78ff6fb837fd64b9b490dbea61c4ff1ca6d146 An...

Malicious code in unisys-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89bc257f69dca8cec54b15b47533c97f9b6b47f16aae5f2dc868ff7faaf0c93b The package unisys-auth was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2875 Malicious code in unisys-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89bc257f69dca8cec54b15b47533c97f9b6b47f16aae5f2dc868ff7faaf0c93b The package unisys-auth was found to contain malicious code. Source: ossf-package-analysis...

CVE-2026-39943

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revision records in directusrevisions whenever items are created or updated. Due to the revision snapshot code not consistently calling the prepareDelta sanitization pipeline,...

MAL-2026-2540 Malicious code in gd-auth (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 baa9851d66a8d40c23baf029f186e4f8f5366381dadb2d3ecc8cb9420e5e3997 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in gd-auth (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 baa9851d66a8d40c23baf029f186e4f8f5366381dadb2d3ecc8cb9420e5e3997 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation due to improper validation of the AES-GCM authentication tag length in the wcPKCS7DecodeAuthEnvelopedData function. An attacker can bypass authentication by truncating the authentication tag, significantly...

Duplicate Advisory: OpenClaw: Synology Chat Webhook Pre-Auth Rate-Limit Bypass Enables Brute-Force Guessing of Webhook Token

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mf5g-6r6f-ghhm. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.25 contains a pre-authentication rate-limit bypass vulnerability in webhook token validation...

EUVD-2026-21112

OpenClaw before 2026.3.22 performs cryptographic and dispatch operations on inbound Nostr direct messages before enforcing sender and pairing policy validation. Attackers can trigger unauthorized pre-authentication computation by sending crafted DM messages, enabling denial of service through...

AlmaLinux 9 : nginx:1.24 (ALSA-2026:6923)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:6923 advisory. nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file modification via...

CVE-2026-39987

CVE-2026-39987 — Marimo WebSocket terminal endpoint unauthenticated pre-auth RCE. The vulnerability resides in the terminal WebSocket at /terminal/ws, which accepts connections without authenticating, unlike the /ws endpoint that invokes validate_auth(). An unauthenticated client can obtain a ful...