CLSA-2026-1779434064 libdnf: Fix of CVE-2021-3445

CVE-2021-3445: fix signature verification bypass via signature placed in the main RPM header...

cpython: wsgiref.headers.Headers allows header newline injection in Python

Missing newline filtering has been discovered in Python. User-controlled header names and values containing newlines can allow injecting HTTP headers...

metasploit-web-scanner-module

MSF Web Vulnerability Scanner Advanced Advanced Metasploit au...

HAPI FHIR HTTP authentication leak in redirects

When setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the Location: response header value. Sending the same set of headers ...

CVE-2020-10376

Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to discover passwords by sniffing the network for an "Authorization: Basic" HTTP header...

CVE-2020-10436

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/my-profile.php by adding a question mark ? followed by the payload...

CVE-2023-50324

IBM Cognos Command Center 10.2.4.1 and 10.2.5 exposes details the X-AspNet-Version Response Header that could allow an attacker to obtain information of the application environment to conduct further attacks. IBM X-Force ID: 275038...

EUVD-2019-17262

Malware in sbrugna...

EUVD-2021-2219

Malware in sbrugna...

EUVD-2021-21880

Malware in sbrugna...

EUVD-2017-5704

Malware in sbrugna...

EUVD-2011-3389

Malware in sbrugna...

EUVD-2022-34239

Malicious code in bioql PyPI...

EulerOS 2.0 SP13 : golang (EulerOS-SA-2025-1687)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate...

curl: Failure to strip Proxy-Authorization header on change in origin

Summary: Failure to strip Proxy-Authorization header on change in origin. AI was not used. I maintain the PHP Guzzle HTTP package which uses curl, and noticed we have the same issue as curl in this regard. I was made aware of this issue when golang patched something similar a few hours ago:...

CVE-2024-26267

In Liferay Portal 7.2.0 through 7.4.3.25, and older unsupported versions, and Liferay DXP 7.4 before update 26, 7.3 before update 5, 7.2 before fix pack 19, and older unsupported versions the default value of the portal property http.header.version.verbosity is set to full, which allows remote...

Azure Linux 3.0 Security Update: libsoup (CVE-2025-46421)

The version of libsoup installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-46421 advisory. - A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP...

EulerOS 2.0 SP10 : python-urllib3 (EulerOS-SA-2025-1030)

According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization...

Header Injection

Traefik is vulnerable to Header Injection. The vulnerability is due to improper validation of the X-Forwarded-Prefix header, allowing it to be provided from an untrusted source...

OESA-2024-2198 python-Flask-Cors security update

A Flask extension for handling Cross Origin Resource Sharing CORS, making cross-origin AJAX possible. Security Fixes: A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default, without any configuration option...