174 matches found
kernel: netfilter: nft_inner: Fix IPv6 inner_thoff desync
A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nftinner module. This vulnerability arises from an incorrect handling of IPv6 inner packet processing, where the transport header offset innerthoff becomes desynchronized from the Layer 4 protocol l4proto. A remot...
SUSE-SU-2026:2612-1 Security update for google-guest-agent
This update for google-guest-agent fixes the following issues Security issues: - CVE-2026-39821: Update golang.org/x/net/idna dependency bsc1266603. - CVE-2026-39827: Update golang.org/x/crypto dependency bsc1266171. - CVE-2026-39828: Update golang.org/x/crypto dependency bsc1266171. -...
Amazon Linux 2 : golist, --advisory ALAS2-2026-3382 (ALAS-2026-3382)
The version of golist installed on the remote host is prior to 0.10.1-10. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3382 advisory. x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN...
HTTP Request Smuggling
Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to HTTP Request Smuggling via improper validation of the Host header in the request scope. An attacker can gain unauthorized access to API endpoints by...
EUVD-2026-34287
LIBPNG is a reference library for use in applications that process PNG Portable Network Graphics raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing...
CVE-2026-48587
CVE-2026-48587 affects Django 5.2 before 5.2.15 and 6.0 before 6.0.6. The flaw in django.utils.cache.has_vary_header() does not strip leading/trailing whitespace from the Vary header before comparison, enabling remote attackers to read cached responses by requesting URLs whose responses contain w...
Linux Distros Unpatched Vulnerability : CVE-2026-45940
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: stmmac: fix oops when split header is enabled For GMAC4, when split header is enabled, in some rare cases, the hardware does not fill buf2 of the first...
PT-2026-36293
Name of the Vulnerable Software and Affected Versions Totolink NR1800X version 9.1.0u.6279 B20210910 Description A stack-based buffer overflow exists in the lighttpd component. This issue occurs when the find host ip function improperly handles the Host argument, allowing a remote attacker to...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013203)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013203 advisory. In the Linux kernel, the following vulnerability has been resolved: net: add vlangetprotocolanddepth helper Before blamed commit, pskbmaypull was used instead of...
USN-8182-1: Rack vulnerabilities
Andrew Lacambra discovered that Rack did not properly parse certain regular expressions. An attacker could possibly use this issue to bypass network security filters. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. CVE-2026-26961 William T. Nelson...
SUSE SLES15 Security Update : nodejs20 (SUSE-SU-2026:1371-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1371-1 advisory. Update to version 20.20.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism...
ALSA-2026:8339 Important: nodejs:20 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 minimatch: Minimatch: Denial of Service via catastrophi...
SUSE CVE-2026-1502
CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...
Important: nodejs22
Issue Overview: A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called ...
Linux Distros Unpatched Vulnerability : CVE-2026-34525
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This iss...
UBUNTU-CVE-2026-34525
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4...
CVE-2026-34525
AIOHTTP (async HTTP client/server for asyncio and Python) before version 3.13.4 allowed multiple Host headers due to its header handling. This issue has been fixed in version 3.13.4. Affected component: Host header processing in aiohttp prior to 3.13.4. Remediation: upgrade to 3.13.4 or later. Ex...
CVE-2026-34518
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. This issue has been patched in version 3.13.4...
cpython: email header injection due to unquoted newlines
A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...
RHEL 8 : python3 (RHSA-2026:6008)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6008 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...