CVE-2026-41727

Spring Kafka's retry topic infrastructure did not sufficiently validate user-controlled header values before acting on them. A producer could send a record with a crafted retrytopic-attempts header to supply an out-of-range attempt count and cause the retry topic router to misidentify where the...

Astra Linux - уязвимость в netty

The Netty project is an event-driven, asynchronous network application framework. Starting from version 4.1.83.Final and before 4.1.86.Final, when calling DefaultHttpHeaders.set with an iterator of values, header value validation was not performed. This allowed malicious header values in the...

CVE-2026-6339

Mattermost versions 11.5.x = 11.5.1, 11.4.x = 11.4.3 fail to validate the X-Requested-With header on the burn-on-read reveal endpoint which allows an authenticated channel member to force the reveal of a burn-on-read message without recipient consent via a crafted Markdown image tag.. Mattermost...

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment due to improper BGP header validation in the BGPHeader.DecodeFromBytes function. An attacker can modify BGP header data by sending specially crafted packets to the affected process. Remediation Upgrade...

EUVD-2026-15002

HCL Traveler is susceptible to a weak default HTTP header validation vulnerability, which could allow an attacker to bypass additional authentication checks...

CVE-2026-32913

OpenClaw before 2026.3.7 contains an improper header validation vulnerability in fetchWithSsrFGuard that forwards custom authorization headers across cross-origin redirects. Attackers can trigger redirects to different origins to intercept sensitive headers like X-Api-Key and Private-Token intend...

CVE-2026-3089 Actual Sync Server 26.2.1 - Authenticated Path Traversal

Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. In versions prior to 26.3.0, improper validation of the user-controlled x-actual-file-id header means that traversal segments ../ can escape the intended directory and write files outside...

actual 安全漏洞

actual is a personal finance tool developed by Actual. Versions prior to 26.3.0 of actual contained security vulnerabilities. These vulnerabilities stemmed from improper validation of the x-actual-file-id header, which was controlled by users. This could lead to directory traversal and arbitrary...

BlackSheep 注入漏洞

BlackSheep is an open source web application framework from Neoteroi. BlackSheep version 2.4.6 before the injection vulnerability , the vulnerability stems from the HTTP client-side implementation of the lack of header validation , which could lead to an attacker to modify the HTTP request or...

IBM OpenPages 安全漏洞

IBM OpenPages is an AI-driven, highly scalable Governance, Risk and Compliance GRC solution from International Business Machines IBM. A security vulnerability exists in IBM OpenPages versions 9.0 and 9.1, which stems from improper validation of the HOST header input and could lead to cross-site...

Request Smuggling

h2 is vulnerable to request smuggling. The vulnerability is due to improper validation of header names/values when downgrading HTTP/2 requests to HTTP/1.1, which allows an attacker to inject CRLF characters, manipulate request boundaries, and bypass security controls...

mitmproxy binaries embed a vulnerable python-hyper/h2 dependency

mitmproxy 12.1.1 and below embed python-hyper/h2 ≤ v4.2.0, which has a gap in its HTTP/2 header validation. This enables request smuggling attacks when mitmproxy is in a configuration where it translates HTTP/2 to HTTP/1. For example, this affects reverse proxies to http:// backends. It does not...

AZL-59315 CVE-2025-1734 affecting package php for versions less than 8.1.32-1

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when receiving headers from HTTP server, the headers missing a colon : are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers...

OpenJDK: Pack200 increase loading time due to improper header validation (8322106)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Concurrency. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability...

OpenJDK: Pack200 increase loading time due to improper header validation (8322106)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Concurrency. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability...

Qlik Sense Security Breach

Qlik Sense is an application from Qlik USA. Allows users to create visualizations, charts, interactive dashboards and analytical applications for local and offline use. A security vulnerability exists in versions prior to Qlik Sense Enterprise August 2023 Patch 2, which stems from incorrect...

python: infinite loop in the tarfile module via crafted TAR archive

A flaw was found in python. In Lib/tarfile.py an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation...

CVE-2019-1974

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass user authentication and gain access as an administrative user...

CVE-2019-1937

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to acquire a valid session token with administrator privileges, bypassing...

Cisco FXOS and NX-OS CFS Arbitrary Code Execution Vulnerability (CNVD-2018-11965)

Cisco Firepower 4100 Series Next-Generation Firewalls are all products of Cisco Corporation.Cisco Firepower 4100 Series Next-Generation Firewalls is a 4100 series firewall device. Cisco Firepower 4100 Series Next-Generation Firewalls are 4100 series firewalls.MDS 9000 Series Multilayer Switches a...