Amazon Linux 2023 : nodejs24, nodejs24-devel, nodejs24-full-i18n (ALAS2023-2026-1578)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1578 advisory. A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs,...

Amazon Linux 2023 : cargo, clippy, rust (ALAS2023-2026-1568)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1568 advisory. A flaw in the gix-date library can generate invalid non-UTF8 strings, leading to undefined behavior when processed. The most likely impact from a successful attack is to data integrity, by the...

Important: python3.9

Issue Overview: When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized. CVE-2025-11468 User-controlled...

Amazon Linux 2023 : nodejs22, nodejs22-devel, nodejs22-full-i18n (ALAS2023-2026-1576)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1576 advisory. A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs,...

Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2026-1577)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1577 advisory. A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs,...

Apache SkyWalking MCP 安全漏洞

Apache SkyWalking MCP is a distributed system-oriented observability data management and processing component developed by the Apache Foundation. Version 0.1.0 of Apache SkyWalking MCP contains a security vulnerability, which stems from server-side request forgery in the SW-URL header...

Important: nginx

Issue Overview: When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the...

Medium: rust

Issue Overview: A flaw in the gix-date library can generate invalid non-UTF8 strings, leading to undefined behavior when processed. The most likely impact from a successful attack is to data integrity, by the malicious data being able to corrupt data being hold in memory and to system availabilit...

RHEL 9 : nodejs:20 (RHSA-2026:7896)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7896 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

Linux Distros Unpatched Vulnerability : CVE-2026-31416

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nfnetlinklog: account for netlink header size This is a followup to an old bug fix: NLMSGDONE needs to account for the netlink header size, not just...

RHEL 10 : nodejs24 (RHSA-2026:7675)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7675 advisory. Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an...

PT-2026-32512

Apache SkyWalking CVE-2025-54057: Stored XSS https://t.co/U4ZzTJS7iT CVE-2026-34476: SSRF via SW-URL Header in MCP Server https://t.co/zPXOQv1Xff CVE-2026-34884: SSRF via set skywalking url Tool and GraphQL Expression Injection in MCP Server https://t.co/5H4PWKYENG...

CVE-2026-31416

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinklog: account for netlink header size This is a followup to an old bug fix: NLMSGDONE needs to account for the netlink header size, not just the attribute size. This can result in a WARN splat + drop of the...

Important: nodejs20

Issue Overview: A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called ...

ALSA-2026:7675 Important: nodejs24 security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

Important: credentials-fetcher

Issue Overview: gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted...

Exploit for Server-Side Request Forgery in Vercel Next.Js

CVE-2024-34351 Demo Minimal Next.js 14.0.0 application for de...

RLSA-2026:7080 Important: nodejs22 security update

Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...

RockyLinux 10 : nodejs22 (RLSA-2026:7080)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:7080 advisory. brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion CVE-2026-25547 minimatch: minimatch: Denial of Service via...

Updated python-django packages fix security vulnerabilities

ASGI header spoofing via underscore/hyphen conflation. CVE-2026-3902 Privilege abuse in GenericInlineModelAdmin. CVE-2026-4277 Privilege abuse in ModelAdmin.listeditable. CVE-2026-4292 Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload. CVE-2026-33033...