EUVD-2026-17062

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

CVE-2026-5119

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

UBUNTU-CVE-2026-5119

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

CVE-2026-2370

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting Jira Connect installations that could have allowed an authenticated user with minimal workspace permissions to obtain installation credentials and...

CVE-2026-2370

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting Jira Connect installations that could have allowed an authenticated user with minimal workspace permissions to obtain installation credentials and...

UBUNTU-CVE-2026-2370

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting Jira Connect installations that could have allowed an authenticated user with minimal workspace permissions to obtain installation credentials and...

Study of Post Quantum Status of Widely Used Protocols

The advent of quantum computing poses significant threats to classical public-key cryptographic primitives such as RSA and elliptic-curve cryptography. As many critical network and security protocols depend on these primitives for key exchange and authentication, there is an urgent need to...

PT-2026-29123

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.http auth HTTP authentication, when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the placeholders %u / %P...

PT-2026-29122

Name of the Vulnerable Software and Affected Versions OpenOlat versions 10.5.4 through 20.2.4 Description OpenOlat is a web-based e-learning platform. The OpenID Connect implicit flow implementation does not verify JSON Web Token JWT signatures. The JSONWebToken.parse method discards the signatur...

OpenOLAT 数据伪造问题漏洞

OpenOLAT is an open-source web-based e-learning platform used for teaching, learning, assessment, and communication. It serves as a Learning Management System. Versions of OpenOLAT from 10.5.4 to 20.2.5 contained a data manipulation vulnerability. This vulnerability stemmed from the implicit flow...

FreeBSD : Gitlab -- vulnerabilities (b933083e-2b2e-11f1-b60a-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b933083e-2b2e-11f1-b60a-2cf05da270f3 advisory. Gitlab reports: Improper Handling of Parameters issue in Jira Connect installations impacts...

libsoup 安全漏洞

Libsoup is a GNOME project’s HTTP client/server library. Libsoup has a security vulnerability that arises from the transmission of sensitive session cookies in plaintext during the initial HTTP CONNECT request when an HTTPS tunnel is established through a configured HTTP proxy. This could lead to...

GitLab 14.3 < 18.8.7 / 18.9 < 18.9.3 / 18.10 < 18.10.1 (CVE-2026-2370)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting Jira Connect installations that could have allowed...

CVE-2026-2370

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting Jira Connect installations that could have allowed an authenticated user with minimal workspace permissions to obtain installation credentials and...

CVE-2026-2370 Improper Handling of Parameters in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting Jira Connect installations that could have allowed an authenticated user with minimal workspace permissions to obtain installation credentials and...

CVE-2026-2370

Removed by vendor...

CVE-2026-2370 Improper Handling of Parameters in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting Jira Connect installations that could have allowed an authenticated user with minimal workspace permissions to obtain installation credentials and...

Exploit for Missing Authentication for Critical Function in Mcpjam Inspector

CVE-2026-23744 — MCP Connect RCE via Unauthenticated Command I...

SUSE CVE-2026-33322

MinIO is a high-performance object storage system. From RELEASE.2022-11-08T05-27-07Z to before RELEASE.2026-03-17T21-25-16Z, a JWT algorithm confusion vulnerability in MinIO's OpenID Connect authentication allows an attacker who knows the OIDC ClientSecret to forge arbitrary identity tokens and...

SUSE CVE-2026-33668

Vikunja is an open-source self-hosted task management platform. Starting in version 0.18.0 and prior to version 2.2.1, when a user account is disabled or locked, the status check is only enforced on the local login and JWT token refresh paths. Three other authentication paths - API tokens, CalDAV...