PT-2026-36196

Name of the Vulnerable Software and Affected Versions Exim versions prior to 4.99.2 Description An out-of-bounds heap write can occur when JSON lookup is enabled. This happens when a JSON operator encounters malformed JSON in an untrusted header due to an incorrect implementation of backslash...

Starman 环境问题漏洞

Starman is a high-performance pre-derived web server developed by Tatsuhiko Miyagawa. Versions of Starman prior to 0.4018 contained an environmental issue vulnerability. This vulnerability stemmed from the HTTP request intercalation technique. Due to improper handling of header priorities, Starma...

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error via the reuse of an easy handle in HTTP requests when a custom Host: header is set for the initial request and omitted in a subsequent one. An attacker can obtain cookies intended for a different host by exploiti...

CVE-2026-37555

An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF code path line 241 was fixed with sfcountt cast, but the WAV code path line 235 and close path line 167 were not. When samplesperblock int blocks int exceeds INTMAX, the 32-bit multiplication overflows before being assigned to...

FreeBSD -- Heap overflow in libnv

Problem Description: When processing the header of an incoming message, libnv failed to properly validate the message size. Impact: The lack of validation allows a malicious program to write outside the bounds of a heap allocation. This can trigger a crash or system panic, and it may be possible...

PT-2026-36197

Name of the Vulnerable Software and Affected Versions Exim versions prior to 4.99.2 Description An out-of-bounds read occurs when utf8 operators are enabled and malformed UTF-8 header data containing large UTF-8 trailing characters is processed. This may lead to the disclosure of information with...

EUVD-2026-26241

An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF code path line 241 was fixed with sfcountt cast, but the WAV code path line 235 and close path line 167 were not. When samplesperblock int blocks int exceeds INTMAX, the 32-bit multiplication overflows before being assigned to...

Nginx-UI has Server-Side Request Forgery (SSRF) via Cluster Proxy Middleware that Allows Access to Internal Services

An authenticated user can perform Server-Side Request Forgery SSRF by creating a cluster node pointing to an arbitrary internal URL and then sending API requests with the X-Node-ID header. The Proxy middleware forwards these requests to the attacker-specified internal address, bypassing network...

PT-2026-35895

Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description When using libcurl, a flaw exists where a custom Host: header set for an initial HTTP request can cause subsequent requests using the same easy handle to use stale information. If the second...

FreeBSD Security Advisory - FreeBSD-SA-26:17.libnv

FreeBSD Security Advisory - When processing the header of an incoming message, libnv failed to properly validate the message size...

Linux Distros Unpatched Vulnerability : CVE-2026-40560

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes Content-Length over...

PT-2026-35987

Free Download Manager 2.0 Built 417 contains a local buffer overflow vulnerability in the URL import functionality that allows attackers to trigger a structured exception handler SEH chain exploitation. Attackers can craft a malicious URL file that, when imported through the File Import Import...

Ollama 路径遍历漏洞

Ollama is an open-source tool developed by Ollama that can be run locally, used for managing and customizing large language models. Versions of Ollama from 0.12.10 to 0.17.5 have a path traversal vulnerability. This vulnerability stems from the improper handling of HTTP response headers in the...

PT-2026-35898

Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description When using libcurl to perform a transfer over a specific HTTP proxy proxyA with Digest authentication and subsequently changing the proxy host to a second one proxyB while reusing the same handl...

FreeBSD-SA-26:17.libnv

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:17.libnv Security Advisory The FreeBSD Project Topic: Heap overflow in libnv Category: core Module: libnv Announced: 2026-04-29 Credits: Mariusz Zaborski...

CVE-2026-40560 Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence

Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

CVE-2026-40560

CVE-2026-40560 affects Starman for Perl prior to 0.4018. The vulnerability arises from improper header precedence: when both Content-Length and Transfer-Encoding: chunked are present, Starman incorrectly prioritizes Content-Length instead of the Transfer-Encoding rule, violating RFC 7230 section ...

CVE-2026-40560

Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

Security Bulletin: upload filename directly from the multipart Content-Disposition header without sanitization

Summary Langflow OSS 1.2.0 - 1.8.4 are affected by a critical arbitrary file write vulnerability in the files endpoint due to improper handling of uploaded filenames. The application extracts the filename directly from the multipart Content-Disposition header without sanitization and uses unsafe...

CVE-2026-31256

A null pointer dereference vulnerability exists in the RTSP service of the MERCURY MIPC252W 1.0.5 Build 230306 Rel.79931n. During the processing of a SETUP request for the path rtsp://:554/stream1/track2, the device fails to properly validate the Transport header field. When this header is...