iCMS 安全漏洞

iCMS is a software application. It is a highly efficient and concise content management system built using PHP and MySQL. iCMS has security vulnerabilities, which stem from authorization bypasses. This could allow attackers to gain unauthorized access by manipulating HTTP redirect headers during...

Mattermost 代码问题漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series as well as 10.11.13 and earlier 10.11.x series have code vulnerabilities. These vulnerabilities stem from the lack of validation of the...

OPENSUSE-SU-2026:20809-1 Security update for trivy

This update for trivy fixes the following issues - CVE-2025-64702: github.com/quic-go/quic-go/http3: quic-go HTTP/3 QPACK Header Expansion DoS bsc1255366. - CVE-2025-69725: github.com/go-chi/chi/v5: incorrect input validation in the RedirectSlashes function can lead to an open redirect bsc1258513...

Exploit for CVE-2026-42945

CVE-2026-42945 NGINX Rift — defensive scanner Organizations...

SUSE-SU-2026:21803-1 Security update for google-guest-agent

This update for google-guest-agent fixes the following issue - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260264...

OPENSUSE-SU-2026:20761-1 Security update for google-guest-agent

This update for google-guest-agent fixes the following issue - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260264...

LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects

...

CLSA-2026-1778979189 Fix CVE(s): CVE-2024-6232, CVE-2024-7592, CVE-2024-9287

SECURITY UPDATE: ReDoS in tarfile PAX header parsing - debian/patches/CVE-2024-6232.patch: rewrite Lib/tarfile.py PAX-record parser to scan length-prefixed records via a bounded regex headerlengthprefixre plus direct slicing, eliminating quadratic backtracking in three pre-existing regexes. Adapt...

curl: Connection reuse ignores haproxyprotocol and HAPROXY_CLIENT_IP settings, allowing PROXY context to persist across transfers

Summary: libcurl's connection pool match logic does not include the CURLOPTHAPROXYPROTOCOL setting or the CURLOPTHAPROXYCLIENTIP value in its connection match key. Two transfers issued through the same Curleasy or via a shared connection cache CURLLOCKDATACONNECT therefore share one TCP connectio...

Regular Expression Denial of Service (ReDoS)

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the clientSDK parameter in the request-header parser. An attacker can exhaust...

CLSA-2026-1778836031 libsoup: Fix of CVE-2026-2708

CVE-2026-2708: reject duplicate Content-Length headers with different values to prevent HTTP request smuggling per RFC 9110 section 7.7...

Implicit Bearer Token Injection

github.com/kyverno/kyverno is vulnerable to Implicit Bearer Token Injection. The vulnerability is due to the apiCall service helper automatically injecting the Kyverno controller's Authorization: Bearer service account token into outbound requests when no authorization header is explicitly...

Server-Side Request Forgery (SSRF)

n8n-mcp is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of webhook trigger tools, the n8n API client N8NAPIURL, and per-request URLs supplied through the x-n8n-url header in multi-tenant HTTP mode, which allows an authenticated attacker to send...

CVE-2026-44514

Kubetail is a real-time logging dashboard for Kubernetes. Prior to 0.14.0, Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A malicious web page visited by a user with an active Kubetail session could open a WebSocket to th...

CLSA-2026-1778881463 ipa: Fix of 3 CVEs

CVE-2023-5455: fix CSRF vulnerability by adding Referer header check to all session endpoints - CVE-2024-1481: validate Kerberos principal name before kinit and pass it with -- separator to prevent option injection - CVE-2024-11029: scrub administrative passwords from process command line and...

[SECURITY] Fedora 42 Update: nginx-mod-headers-more-0.39-9.fc42

This module allows adding, setting, or clearing specified input/output header s. This is an enhanced version of the standard headers module because it provides more utilities like resetting or clearing "builtin headers" like Content-Type, Content-Length, and Server...

[SECURITY] Fedora 43 Update: nginx-mod-headers-more-0.39-9.fc43

This module allows adding, setting, or clearing specified input/output header s. This is an enhanced version of the standard headers module because it provides more utilities like resetting or clearing "builtin headers" like Content-Type, Content-Length, and Server...

[SECURITY] Fedora 44 Update: nginx-mod-headers-more-0.39-9.fc44

This module allows adding, setting, or clearing specified input/output header s. This is an enhanced version of the standard headers module because it provides more utilities like resetting or clearing "builtin headers" like Content-Type, Content-Length, and Server...

CVE-2026-45339

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, Open WebUI allows admins to restrict which API endpoints an API key can access. When an API key is restricted from /api/v1/messages, requests using the Authorization: Bearer sk-...

CVE-2026-45339

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, Open WebUI allows admins to restrict which API endpoints an API key can access. When an API key is restricted from /api/v1/messages, requests using the Authorization: Bearer sk-...