CVE-2026-40594

CVE-2026-40594 affects pyLoad: the set_session_cookie_secure before_request in pyload/webui/app/init .py reads X-Forwarded-Proto without origin validation and mutates the global Flask SESSION_COOKIE_SECURE on every request. With Cheroot’s multi-threaded server (request_queue_size=512), this creat...

CVE-2026-1089

User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7.10.0 allows attackers to trigger a DNS lookup, as well as DNS Rebinding and Information Disclosure...

CVE-2026-1089

User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7.10.0 allows attackers to trigger a DNS lookup, as well as DNS Rebinding and Information Disclosure...

CVE-2026-1089

The CVE-2026-1089 affects Fortra’s GoAnywhere MFT prior to version 7.10.0, where a user‑controlled HTTP header can trigger DNS lookups, DNS rebinding, and information disclosure. The vulnerability involves an HTTP header handling flaw that can be exploited by an unauthenticated network attacker (...

CVE-2026-1089 User‑Controlled HTTP Header In Fortra's GoAnywhere MFT Allows Arbitrary DNS Lookups

User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7.10.0 allows attackers to trigger a DNS lookup, as well as DNS Rebinding and Information Disclosure...

CVE-2026-1089 User‑Controlled HTTP Header In Fortra's GoAnywhere MFT Allows Arbitrary DNS Lookups

User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7.10.0 allows attackers to trigger a DNS lookup, as well as DNS Rebinding and Information Disclosure...

BIT-VAULT-2026-4525 Vault Token Leaked to Backends via Authorization: Bearer Passthrough Header

If a Vault auth mount is configured to pass through the "Authorization" header, and the "Authorization" header is used to authenticate to Vault, Vault forwarded the Vault token to the auth plugin backend. Fixed in 2.0.0, 1.21.5, 1.20.10, and 1.19.16...

Security update for python311

This update for python311 fixes the following issues: CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined bsc1259611. CVE-2026-3479: python: improper resource argument validation can allow path traversal bsc1259989. CVE-2026-3644: incomplete contr...

SUSE-SU-2026:1530-1 Security update for python311

This update for python311 fixes the following issues: - CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined bsc1259611. - CVE-2026-3479: python: improper resource argument validation can allow path traversal bsc1259989. - CVE-2026-3644: incomplete...

Security update for nodejs22

This update for nodejs22 fixes the following issues: Update to version 22.22.2. CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. CVE-2026-21716: incomplete fix for CVE-2024-36137...

SUSE-SU-2026:1509-1 Security update for nodejs22

This update for nodejs22 fixes the following issues: Update to version 22.22.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. - CVE-2026-21716: incomplete fix for...

CVE-2026-35587

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, a Server-Side Request Forgery SSRF vulnerability exists in the Glances IP plugin due to improper validation of the publicapi configuration parameter. The value of publicapi is used directly in outbound HTTP...

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained security vulnerabilities. These vulnerabilities stemmed from the allowOrigin function in objects/functions.php, which allowed arbitrary Origin headers to be...

OpenEXR 输入验证错误漏洞

OpenEXR is an open standard for high dynamic range image HDR file format, open-sourced by the Academy Software Foundation. Versions 3.4.0 to 3.4.9, 3.3.0 to 3.3.9, and 3.2.0 to 3.2.7 of OpenEXR contain a input validation vulnerability. This vulnerability stems from line 1040 of...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011135)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011135 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: 6lowpan: reset link-local header on ipv6 recv path Bluetooth 6lowpan.c netdev has...

Adobe DNG File Security Scanner

This program is a defensive security tool designed to analyze DNG Digital Negative image files and detect potential signs of malicious manipulation or exploit attempts. It performs a low-level inspection of the file structure by parsing the TIFF header and scanning raw binary content for suspicio...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011058)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011058 advisory. In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix field-spanning memcpy warning in AH output Fix field-spanning memcpy warnings in...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013327)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013327 advisory. In the Linux kernel, the following vulnerability has been resolved: net: do not allow gsosize to be set to GSOBYFRAGS One missing check in virtionethdrtoskb allowed...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013047)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013047 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: 6lowpan: reset link-local header on ipv6 recv path Bluetooth 6lowpan.c netdev has...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011249)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011249 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validate command header size against SVGACMDMAXDATASIZE This data originates from...