CVE-2026-2835 HTTP Request Smuggling via HTTP/1.0 and Transfer-Encoding Misparsing

An HTTP Request Smuggling vulnerability CWE-444 has been found in Pingora's parsing of HTTP/1.0 and Transfer-Encoding requests. The issue occurs due to improperly allowing HTTP/1.0 request bodies to be close-delimited and incorrect handling of multiple Transfer-Encoding values, allowing attackers...

SUSE-SU-2026:0027-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service bsc1254997 - CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response bsc1254400 - CVE-2025-13837: Fixed plistlib module deni...

EUVD-2020-0308

Malware in sbrugna...

EUVD-2003-1074

Malware in sbrugna...

EUVD-2022-34604

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-21295

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers &...

CVE-2025-2258

In NetX Duo component HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A...

CBL Mariner 2.0 Security Update: fluent-bit (CVE-2024-50608)

The version of fluent-bit installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-50608 advisory. - An issue was discovered in Fluent Bit 3.1.9. When the Prometheus Remote Write input plugin is running an...

Fluent Bit Multiple Vulnerabilities

The version of Fluent Bit running on the remote host is prior to 3.2.7. It is, therefore, is affected by multiple vulnerabilities: - An issue was discovered in Fluent Bit 3.1.9. When the Prometheus Remote Write input plugin is running and listening on an IP address and port, one can send a packet...

CVE-2024-50608

An issue was discovered in Fluent Bit 3.1.9. When the Prometheus Remote Write input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user with access t...

netty: possible request smuggling in HTTP/2 due missing validation

In Netty io.netty:netty-codec-http2 before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by Http2MultiplexHandler as it is propagated up. This is fine as long as the...

CVE-2013-6490

The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow...

Signed/unsigned conversion bug in wwwoffled

Content-Length integer type bug...

Buffer overflow in WWW Offline Explorer

Buffer overflow on negative Content-Length...