Advisory ROSA-SA-2026-3270

software: nginx 1.30.1 OS: ROSA-CHROME unaffected versions = nginx-1.30.1-1 affected versions nginx-1.30.1-1 CVE-ID: CVE-2026-42926 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in NGINX Open Source allows an attacker to inject frame headers and data into the upstream when proxying...

BIT-NGINX-GATEWAY-2026-42926 NGINX ngx_http_proxy_v2_module vulnerability

When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...

BIT-NGINX-2026-42926 NGINX ngx_http_proxy_v2_module vulnerability

When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...

Linux Distros Unpatched Vulnerability : CVE-2026-42926

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject fra...

CVE-2026-42926 NGINX ngx_http_proxy_v2_module vulnerability

When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...

K000161131: NGINX ngx_http_proxy_v2_module vulnerability CVE-2026-42926

Security Advisory Description When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody , an attacker may be able to inject frame headers and payload bytes to the upstream peer. CVE-2026-42926 Impact This vulnerability allows a remot...

PT-2026-40677

Name of the Vulnerable Software and Affected Versions NGINX Open Source affected versions not specified Description When configured to proxy HTTP/2 traffic by setting proxy http version to 2 and utilizing proxy set body, an attacker can inject frame headers and payload bytes to the upstream peer...

CVE-2026-27511

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a clickjacking vulnerability in the web-based administrative interface. The interface does not set the X-Frame-Options header, allowing attacker-controlled sites to embed administrative pages in an iframe and trick an...

CVE-2026-27511 Tenda F3 Clickjacking in Web Management Interface

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a clickjacking vulnerability in the web-based administrative interface. The interface does not set the X-Frame-Options header, allowing attacker-controlled sites to embed administrative pages in an iframe and trick an...

PT-2026-21529

Name of the Vulnerable Software and Affected Versions Shenzhen Tenda F3 Wireless Router firmware version V12.01.01.55 multi Description The web-based administrative interface does not set the X-Frame-Options header, which allows an attacker to embed administrative pages in an iframe. This can tri...

CVE-2025-52987

A clickjacking vulnerability exists in the web portal of Juniper Networks Paragon Automation Pathfinder, Planner, Insights due to the application's failure to set appropriate X-Frame-Options and X-Content-Type HTTP headers. This vulnerability allows an attacker to trick users into interacting wit...

Juniper Networks Paragon Automation security vulnerabilities

Juniper Networks Paragon Automation is an automation and operations platform provided by the American company Juniper Networks. Versions of Juniper Networks Paragon Automation prior to 24.1.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of appropriate...

SUSE CVE-2025-68343

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: check actuallength before accessing header The driver expects to receive a struct gshostframe in gsusbreceivebulkcallback. Use structgroup to describe the header of the struct gshostframe and...

UBUNTU-CVE-2025-68343

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: check actuallength before accessing header The driver expects to receive a struct gshostframe in gsusbreceivebulkcallback. Use structgroup to describe the header of the struct gshostframe and...

Linux Distros Unpatched Vulnerability : CVE-2025-68343

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - can: gsusb: gsusbreceivebulkcallback: check actuallength before accessing header The driver expects to receive a struct gshostframe in gsusbreceivebulkcallback...

CVE-2025-21008

Out-of-bounds read in decoding frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption...

CVE-2025-21009

Out-of-bounds read in decoding malformed frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices that originates from an out-of-bounds read when decoding a malformed frame header, which may...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices, which originates from an out-of-bounds read when decoding a frame header, which may result ...

SUSE CVE-2022-49235

In the Linux kernel, the following vulnerability has been resolved: ath9khtc: fix uninit value bugs Syzbot reported 2 KMSAN bugs in ath9k. All of them are caused by missing field initialization. In htcconnectservice svcmetalen and pad are not initialized. Based on code it looks like in current sk...