CVE-2026-43495 net: wwan: t7xx: validate port_count against message length in t7xx_port_enum_msg_handler

In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: validate portcount against message length in t7xxportenummsghandler t7xxportenummsghandler uses the modem-supplied portcount field as a loop bound over portmsg-data without checking that the message buffer contai...

CLSA-2026-1778490923 httpd: Fix of 9 CVEs

CVE-2026-33857: fix length checks in AJP msgget functions - CVE-2026-34032: fix ajpmsggetstring buffer checks - CVE-2026-34059: fix ajpparsedata message len check - CVE-2026-24072: use APEXPRFLAGRESTRICTED in htaccess - CVE-2026-29169: moddavlock: use the right davlockdiscovery - CVE-2026-33006:...

Astra Linux - уязвимость в pypy

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To header...

CVE-2026-41309

Open Source Social Network OSSN is open-source social networking software developed in PHP. Versions prior to 9.0 are vulnerable to resource exhaustion. An attacker can upload a specially crafted image with extreme pixel dimensions e.g., $10000 \times 10000$ pixels. While the compressed file size...

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error through the lack CORS checks Host and Origin header validation on incoming HTTP connections. An attacker can gain unauthorized access to local or private-network servers by tricking a victim into visiting a...

Rack 安全漏洞

Rack is a modular Ruby web server interface open-sourced by Rack. A security vulnerability exists in Rack versions prior to 2.2.20, 3.1.18, and 3.2.3, which stems from the possibility that Rack::Sendfile may bypass proxy access restrictions when handling specially crafted headers, leading to...

EUVD-2019-0673

Malware in sbrugna...

EUVD-2021-34008

Malicious code in bioql PyPI...

ROS-20250825-01

Vulnerability of Srio archiving utility is related to errors in TAR file header verification. Exploitation of the vulnerability could allow an attacker to escalate his privileges...

CVE-2020-11170

Out of bound memory access while playing music playbacks with crafted vorbis content due to improper checks in header extraction in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice...

PT-2023-32865 · Wrangler · Wrangler

Name of the Vulnerable Software and Affected Versions: wrangler versions prior to 3.19.0 wrangler versions prior to 2.20.2 Description: The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server...

CLSA-2023-1703181677 haproxy: Fix of CVE-2023-45539

CVE-2023-45539: h1: do not accept '' as part of the URI component; h2: reject more chars from the :path pseudo header...

SUSE CVE-2018-16375

An issue was discovered in OpenJPEG 2.3.0. Missing checks for headerinfo.height and headerinfo.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow...

SUSE CVE-2019-16056

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To header...

WordPress plugin login-block-ips 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Design/Logic Flaw

Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname...

CVE-2021-4138

Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname...

HTTP Request Smuggling in Web Proxies

Overview HTTP web proxies and web accelerators that support HTTP/2 for an HTTP/1.1 backend webserver are vulnerable to HTTP Request Smuggling. Description The affected systems allow invalid characters such as carriage return and newline characters in HTTP/2 headers. When an attacker passes these...

PT-2020-5675 · Ruby +9 · Ruby +10

Name of the Vulnerable Software and Affected Versions: Ruby versions prior to 2.5.9 Ruby versions 2.6.x through 2.6.6 Ruby versions 2.7.x through 2.7.1 Description: The issue is related to the WEBrick library in Ruby, which has a problem with incorrect checking of the header value. This can...

python: email.utils.parseaddr wrongly parses email addresses

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To header...