PT-2026-38273

Name of the Vulnerable Software and Affected Versions Flight versions prior to 3.18.1 Description The getMethod function unconditionally honors the X-HTTP-Method-Override header and the method parameter within the $ REQUEST variable on any HTTP verb, including safe verbs like GET. This occurs...

Gazelle 环境问题漏洞

Gazelle is a web framework developed by WhatCD’s developers, designed for private BitTorrent trackers. Versions of Gazelle prior to 0.49 contained an environmental vulnerability, caused by improper handling of HTTP header priorities. This vulnerability could allow attackers to inject malicious HT...

PT-2026-38292

Name of the Vulnerable Software and Affected Versions Micronaut Framework versions 4.3.0 through 4.10.21 Description An unauthenticated attacker can cause a denial of service by exhausting heap memory, leading to a JVM crash. The issue exists in the TimeConverterRegistrar component, which uses an...

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from the derivation of a loopback MCP owner context from a server-issued bearer token that can be spoofed in the request header, which can be exploited by an attacke...

RHCOS 4 : OpenShift Container Platform 4.8.9 (RHSA-2021:3248)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3248 advisory. - golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header CVE-2021-31525 - golang: net: lookup...

Oracle Linux 8 : kernel (ELSA-2026-13577)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-13577 advisory. - crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption Herbert Xu RHEL-172187 CVE-2026-31431 - crypto: authencesn - rejec...

PT-2026-38269

Name of the Vulnerable Software and Affected Versions Granian versions 0.2.0 through 2.7.3 Description Granian aborts a worker process when a WSGI application returns an invalid HTTP response header name or value. This occurs because the WSGI response conversion path utilizes .unwrap on both head...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from issues with header offset overflow and protocol header misalignment during the extraction of data...

PT-2026-38281

Name of the Vulnerable Software and Affected Versions azureauthextension versions 0.124.0 through 0.150.0 Description A server-side authentication bypass exists in the azureauthextension when used by an OpenTelemetry receiver with auth: azure auth. The Authenticate function fails to validate...

PT-2026-37442

HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the application utilizes the outdated X-XSS-Protection header, which could allow an attacker to exploit browser-specific rendering flaws or bypass security controls that should instead be managed by a...

PT-2026-38268

Name of the Vulnerable Software and Affected Versions Granian versions 1.2.0 through 2.7.3 Description An unauthenticated client can cause a worker process to abort by sending a WebSocket upgrade request containing non-ASCII bytes in the Sec-WebSocket-Protocol header. This occurs during the...

PT-2026-37636

HCL BigFix Service Management SM is affected by a security misconfiguration vulnerability due to CSP header. This could allow attackers to inject malicious scripts increasing the risk of cross-site scripting XSS and potential exposure of sensitive information...

RockyLinux 9 : fence-agents (RLSA-2026:13672)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:13672 advisory. cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves CVE-2026-26007 pyjwt: PyJWT accepts unknown crit header...

Empty Password in Configuration File

Overview org.springframework.cloud:spring-cloud-config-server is a library that provides an HTTP resource-based API for external configuration. Affected versions of this package are vulnerable to Empty Password in Configuration File through the GoogleSecretManagerV1AccessStrategy in the...

PT-2026-38278

Name of the Vulnerable Software and Affected Versions python-multipart versions prior to 0.0.27 Description A denial of service issue exists in the multipart part header parsing of the MultipartParser when processing multipart/form-data. The parser lacked limits on the number of part headers and...

PT-2026-38277

Name of the Vulnerable Software and Affected Versions rmcp versions prior to 1.4.0 dynoxide versions prior to 0.9.13 Description The Streamable HTTP server transport in the rmcp crate fails to validate the incoming Host header. This allows a malicious public website to use a DNS rebinding attack—...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from insufficient header space validation in xdpumemreg. This vulnerability may lead to insufficient...

HCL BigFix Service Management 安全特征问题漏洞

HCL BigFix Service Management is an IT service management and asset management platform developed by the Indian company HCL. HCL BigFix Service Management SM has security vulnerabilities, particularly related to incorrect security configurations of the CSP header. These vulnerabilities may allow...

AlmaLinux 10 : fence-agents (ALSA-2026:13916)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:13916 advisory. pyjwt: PyJWT accepts unknown crit header extensions RFC 7515 ?4.1.11 MUST violation CVE-2026-32597 pyasn1: pyasn1 Vulnerable to Denial of Service via...

SUSE-SU-2026:1694-1 Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise kernel 6.4.0-150700.53.22 fixes various security issues The following security issues were fixed: - CVE-2025-39977: futex: Prevent use-after-free during requeue-PI bsc1252048. - CVE-2025-71066: net/sched: ets: Always remove class from active list before...