GHSA-C3H8-G69V-PJRG i18next-http-middleware: HTTP response splitting and DoS via unsanitised Content-Language header

Summary Versions of i18next-http-middleware prior to 3.9.3 wrote user-controlled language values into the Content-Language response header after passing them through utils.escape, which is an HTML-entity encoder that does not strip carriage return, line feed, or other control characters. When the...

CVE-2026-40247

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for reading Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when...

CVE-2026-0648

The vulnerability stems from an incorrect error-checking logic in the CreateCounter function in threadx/utility/rtoscompatibilitylayers/OSEK/txosek.c when handling the return value of osekgetcounter. Specifically, the current code checks if cntrid equals 0u to determine failure, but...

CVE-2025-20762

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch...

Linux Distros Unpatched Vulnerability : CVE-2025-39878

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ceph: fix crash after fscryptencryptpagecacheblocks error The function...

GHSA-4MHV-8RH3-4GHW DragonFly vulnerable to panics due to nil pointer dereference when using variables created alongside an error

Impact We found two instances in the DragonFly codebase where the first return value of a function is dereferenced even when the function returns an error figures 9.1 and 9.2. This can result in a nil dereference, and cause code to panic. The codebase may contain additional instances of the bug...

CVE-2025-54870

VTun-ng (virtual tunnel over TCP/IP) contains a vulnerability in versions 3.0.17 and earlier where failure to initialize encryption modules can cause a fallback to plaintext due to insufficient error handling. The issue was introduced in 3.0.12 and fixed in 3.0.18. Remediation: upgrade to 3.0.18 ...

CWA-2025-006: wasmd's improper error handling may lead to IBC channel opening despite error

CWA-2025-006: Improper error handling may lead to IBC channel opening despite error Severity High Considerable + Likely^1 Affected versions: - wasmd 0.60.0 - wasmd = 0.51.0 0.55.1 Patched versions: - wasmd 0.60.1, 0.55.1, 0.54.1, 0.53.3 Description of the bug A contract erroring during IBC channe...

OPENSUSE-SU-2025:0052-1 Security update for python-asteval

This update for python-asteval fixes the following issues: Update to 1.0.6: drop testing and support for Python3.8, add Python 3.13, change document to reflect this. implement safegetattr and safeformat functions; fix bugs in UNSAFEATTRS and UNSAFEATTRSDTYPES usage boo1236405, CVE-2025-24359 make...

DEBIAN-CVE-2016-10727

camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensiti...

DEBIAN-CVE-2012-3401

The t2preadtiffinit function in tiff2pdf tools/tiff2pdf.c in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via a...

Apache Httpd < 2.2.14 : Solaris pollset DoS

Faulty error handling was found affecting Solaris pollset support Event Port backend caused by a bug in APR. A remote attacker could trigger this issue on Solaris servers which used prefork or event MPMs, resulting in a denial of service...