@hapi/content header parser has a parameter smuggling issue that allows upload-filter bypass via duplicate parameters

Impact The two parsers resolved duplicates inconsistently and silently: - Content.disposition retained the last occurrence of each parameter. - Content.type retained the first occurrence of charset and boundary. Either behavior creates a parameter-smuggling primitive when another component in the...

CVE-2026-47066 Infinite loop in Alt-Svc header parser in hackney

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in benoitc hackney allows Excessive Allocation. The Alt-Svc response header parser in src/hackneyaltsvc.erl does not guarantee forward progress. When parsetoken/2 receives a non-token, non-whitespace, non-comma byte e.g. !, @, =, ...

Hackney 安全漏洞

Hackney is a program library from Hackney, Inc. A security vulnerability exists in Hackney versions 2.0.0-beta.1 through prior to 4.0.1, which stems from the Alt-Svc response header parser's inability to guarantee forward progress, potentially leading to infinite loops and CPU exhaustion...

CVE-2026-26282

NanaZip is an open source file archive Starting in version 5.0.1252.0 and prior to version 6.0.1630.0, NanaZip has an out-of-bounds heap read in .NET Single File bundle header parser due to missing bounds check. Opening a crafted file with NanaZip causes a crash or leaks heap data to the user...

CVE-2026-26282

NanaZip (open source file archiver) is affected by CVE-2026-26282: an out-of-bounds heap read in the .NET Single File bundle header parser due to a missing bounds check. Affected versions are 5.0.1252.0 through prior to 6.0.1630.0; upgrading to 6.0.1630.0 patches the issue. Exploitation would req...

NanaZip 安全漏洞

NanaZip is a compression software open source by the M2-Team. Versions of NanaZip prior to 6.0.1630.0 contained security vulnerabilities. These vulnerabilities stemmed from a lack of boundary checks in the.NET Single File bundling header parser, which could lead to out-of-bounds heap access...

php: Header parser of http stream wrapper does not handle folded headers

A flaw was found in PHP. This vulnerability allows misinterpretation of HTTP response headers, potentially leading to incorrect usage of headers, MIME types, and other response attributes via incorrect parsing of folded headers in the HTTP request module...

AZL-76367 CVE-2025-63656 affecting package fluent-bit 3.1.10-4

An out-of-bounds read in the headercmp function mkserver/mkhttpparser.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...

MiracleLinux 9 : squid-5.5-6.el9_3.8 (AXSA:2024-7624:02)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-7624:02 advisory. squid: denial of service in HTTP header parser CVE-2024-25617 squid: Denial of Service in HTTP Chunked Decoding CVE-2024-25111 squid: denial of...

MiracleLinux 8 : squid:4 (AXSA:2024-7632:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7632:01 advisory. squid: denial of service in HTTP header parser CVE-2024-25617 squid: Denial of Service in HTTP Chunked Decoding CVE-2024-25111 squid: denial of...

MiracleLinux 9 : php:8.2 (AXSA:2025-10480:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10480:01 advisory. php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with...

EUVD-2017-4504

Malware in sbrugna...

EUVD-2019-14681

Malware in sbrugna...

RLSA-2025:7431 Moderate: php security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Header parser of http stream wrapper does not handle folded headers CVE-2025-1217 php: Stream HTTP wrapper header check might omit basic auth header CVE-2025-1736 php: Streams HTTP wrapper...

EUVD-2022-2759

Malicious code in bioql PyPI...

AlmaLinux 8 : php:8.2 (ALSA-2025:15687)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:15687 advisory. php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-deco...

Linux Distros Unpatched Vulnerability : CVE-2018-6548

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free issue was discovered in libwebm through 2018-02-02. If a Vp9HeaderParser was initialized once before, its property frame would not be changed...

RockyLinux 9 : php:8.2 (RLSA-2025:7432)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:7432 advisory. php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-deco...

RLSA-2025:4263 Moderate: php:8.1 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233 php: Configuring ...

Malicious code in old-header-parser (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 315f759e577d29f8c6922c09f69169b191d3c8886bae205c9d3925d4a366688d Any computer that has this package installed or running should be considered...