33880 matches found
PT-2026-33260
A security misconfiguration was identified in Eaton Intelligent Power Protector IPP, where an HTTP response header was set with an insecure attribute, potentially exposing users to web‑based attacks. This security issue has been fixed in the latest version of Eaton IPP software which is available...
SUSE CVE-2026-40499
radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...
CVE-2026-33806
A flaw was found in Fastify. A remote attacker could exploit this vulnerability by prepending a space to the Content-Type header in a request. This action bypasses the application's schema validation, allowing the attacker to submit data that would otherwise be rejected. This could lead to...
CVE-2026-40173
Dgraph (Open Source GraphQL DB) versions
CVE-2026-40173
Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debug/pprof/cmdline endpoint is registered on the default mux and reachable without authentication, exposing the full process command line...
JLSEC-2026-118
GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007...
kernel: net/sched: cls_u32: use skb_header_pointer_careful()
In the Linux kernel, the following vulnerability has been resolved: net/sched: clsu32: use skbheaderpointercareful skbheaderpointer does not fully validate negative @offset values. Use skbheaderpointercareful instead. GangMin Kim provided a report and a repro fooling u32classify: BUG: KASAN:...
EUVD-2026-22818
Fastify has a Body Schema Validation Bypass via Leading Space in Content-Type Header...
Fastify has a Body Schema Validation Bypass via Leading Space in Content-Type Header
Summary A validation bypass vulnerability exists in Fastify v5.x where request body validation schemas specified via schema.body.content can be completely circumvented by prepending a single space character \x20 to the Content-Type header. The body is still parsed correctly as JSON or any other...
GHSA-247C-9743-5963 Fastify has a Body Schema Validation Bypass via Leading Space in Content-Type Header
Summary A validation bypass vulnerability exists in Fastify v5.x where request body validation schemas specified via schema.body.content can be completely circumvented by prepending a single space character \x20 to the Content-Type header. The body is still parsed correctly as JSON or any other...
OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing
Impact A configuration-dependent authentication bypass exists in OAuth2 Proxy. Deployments are affected when all of the following are true: OAuth2 Proxy is configured with --reverse-proxy and at least one rule is defined with --skipauthroutes or the legacy --skip-auth-regex OAuth2 Proxy may trust...
GHSA-7X63-XV5R-3P2X OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing
Impact A configuration-dependent authentication bypass exists in OAuth2 Proxy. Deployments are affected when all of the following are true: OAuth2 Proxy is configured with --reverse-proxy and at least one rule is defined with --skipauthroutes or the legacy --skip-auth-regex OAuth2 Proxy may trust...
Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header
A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named proto. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an...
Security update for nodejs20
This update for nodejs20 fixes the following issues: Update to version 20.20.2. CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. CVE-2026-21716: incomplete fix for CVE-2024-36137...
SUSE-SU-2026:1371-1 Security update for nodejs20
This update for nodejs20 fixes the following issues: Update to version 20.20.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. - CVE-2026-21716: incomplete fix for...
SUSE-SU-2026:1363-1 Security update for nodejs20
This update for nodejs20 fixes the following issues: Update to version 20.20.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. - CVE-2026-21716: incomplete fix for...
SUSE-SU-2026:1354-1 Security update for python313
This update for python313 fixes the following issues: - Update to v3.13.13 - CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined bsc1259611. - CVE-2026-2297: cpython: incorrectly handled hook in FileLoader can lead to validation bypass bsc1259240....
Security update for python313
This update for python313 fixes the following issues: Update to v3.13.13 CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined bsc1259611. CVE-2026-2297: cpython: incorrectly handled hook in FileLoader can lead to validation bypass bsc1259240...
Security update for python311
This update for python311 fixes the following issues: Updated to Python 3.11.15 CVE-2025-6075: If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment variables bsc1252974. CVE-2025-11468: header injection when folding a long...
SUSE-SU-2026:1349-1 Security update for python311
This update for python311 fixes the following issues: - Updated to Python 3.11.15 - CVE-2025-6075: If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment variables bsc1252974. - CVE-2025-11468: header injection when folding a...