CVE-2026-29076 cpp-httplib: Stack Overflow Denial of Service (DoS) via std::regex in multipart filename parsing

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.0, cpp-httplib uses std::regex libstdc++ to parse RFC 5987 encoded filename values in multipart Content-Disposition headers. The regex engine in libstdc++ implements backtracking via deep...

CLSA-2026-1772444161 python2: Fix of 2 CVEs

CVE-2026-1299: raise exceptions for malformed input to prevent processing invalid or dangerous headers - CVE-2024-6923: encode newlines in headers and verify headers are sound...

CLSA-2026-1772192033 python2: Fix of 2 CVEs

CVE-2026-1299: raise exceptions for malformed input to prevent processing invalid or dangerous headers - CVE-2024-6923: encode newlines in headers and verify headers are sound...

CLSA-2026-1771925958 python2: Fix of 2 CVEs

CVE-2026-1299: reject email header values containing newlines without whitespace to prevent header injection and info leak via the buffer protocol - CVE-2024-6923: ensure email headers are encoded and verified correctly, raising exceptions for malformed input to prevent processing of invalid or...

EulerOS Virtualization 2.10.1 : python3 (EulerOS-SA-2026-1141)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : There is a defect in the CPython 'tarfile' module affecting the 'TarFile' extraction and entry enumeration APIs. The tar...

EUVD-2026-1415

The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials...

EulerOS 2.0 SP11 : python3 (EulerOS-SA-2025-2469)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself ...

OESA-2025-2304 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

Linux Distros Unpatched Vulnerability : CVE-2016-2216

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remo...

USN-7570-1 python3.13, python3.12, python3.11, python3.10, python3.9, python3.8, python3.7, python3.6 vulnerabilities

It was discovered that Python incorrectly handled certain unicode characters during decoding. An attacker could possibly use this issue to cause a denial of service. CVE-2025-4516 It was discovered that Python incorrectly handled unicode encoding of email headers with list separators in folded...

SUSE-SU-2025:0982-1 Security update for python311

This update for python311 fixes the following issues: - CVE-2025-1795: Fixed mishandling of comma during folding and unicode-encoding of email headers bsc1238450...

Security update for python312

This update for python312 fixes the following issues: CVE-2025-1795: Fixed mishandling of comma during folding and unicode-encoding of email headers bsc1238450. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2025:0883-1 Security update for python312

This update for python312 fixes the following issues: - CVE-2025-1795: Fixed mishandling of comma during folding and unicode-encoding of email headers bsc1238450...

Medium: python3.11

Issue Overview: A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means...

CLSA-2024-1726058773 python3: Fix of CVE-2024-6923

CVE-2024-6923: encode newlines in headers, verify headers are well-formed...

Expected Behavior Violation

Overview Affected versions of this package are vulnerable to Expected Behavior Violation via the HPackParser function when the gRPC client is communicating with an HTTP/2 proxy, allowing the attacker to poison the HPACK table. By manipulating the header encoding and poisoning the HPACK table...

Expected Behavior Violation

Overview Affected versions of this package are vulnerable to Expected Behavior Violation via the HPackParser function when the gRPC client is communicating with an HTTP/2 proxy, allowing the attacker to poison the HPACK table. By manipulating the header encoding and poisoning the HPACK table...

PHP mb_encode_mimeheader runs endlessly for some inputs

...

CVE-2023-24822 RIOT-OS vulnerable to Null Pointer dereference during IPHC encoding

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference while encoding a 6LoWPAN IPHC header. Th...

RIOT RIOT-OS 代码问题漏洞

RIOT RIOT-OS is a set of operating systems used in the IoT space. A code issue vulnerability exists in RIOT RIOT-OS versions prior to 2022.10, which can be exploited by an attacker to allow a device to send crafted frames that result in NULL pointer dereferences when encoding the 6LoWPAN IPHC...