CVE-2026-26962

A flaw was found in Rack, a modular Ruby web server interface. Rack::Multipart::Parser incorrectly processes folded multipart part headers, failing to remove embedded carriage return and line feed CRLF characters. This can lead to applications that reuse these parsed values in HTTP response heade...

CVE-2026-34826

A flaw was found in Rack. A remote attacker can exploit this by sending a specially crafted HTTP Range header containing numerous small, overlapping byte ranges. This can cause disproportionate consumption of CPU, memory, I/O, and bandwidth resources. The result is a Denial of Service DoS conditi...

CVE-2026-34831

A flaw was found in Rack. A remote attacker can exploit this vulnerability by requesting a non-existent path containing percent-encoded UTF-8 characters. This causes Rack::Filesfail to incorrectly calculate the Content-Length header, using Stringsize instead of Stringbytesize for multibyte...

CVE-2026-22664

The CVE-2026-22664 issue affects prompts.chat with an SSRF in Fal.ai media status polling prior to commit 30a8f04. Authenticated users can supply attacker-controlled URLs in the token parameter to trigger arbitrary outbound requests, potentially exposing the FAL_API_KEY in the Authorization heade...

CVE-2026-22664

prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in the Fal.ai media status polling feature that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack ...

CVE-2026-32762

A flaw was found in Rack, a modular Ruby web server interface. This vulnerability arises from improper parsing of the RFC 7239 Forwarded header, where semicolons within quoted values are incorrectly interpreted as delimiters. An attacker can exploit this by crafting a malicious Forwarded header,...

CVE-2026-34835

A flaw was found in Rack. A remote attacker could exploit this by sending a specially crafted Host header containing characters not permitted in standard hostnames. This malformed header bypasses hostname validation in applications using Rack::Request, leading to host header poisoning. This can...

EUVD-2026-18807

A vulnerability was found in NASA cFS up to 7.0.0. This affects the function CFEMSGGetSize of the file apps/tolab/fsw/src/tolabpassthruencode.c of the component CCSDS Packet Header Handler. Performing a manipulation results in heap-based buffer overflow. The attacker must have access to the local...

EUVD-2026-18702

In the Linux kernel, the following vulnerability has been resolved: bonding: prevent potential infinite loop in bondheaderparse bondheaderparse can loop if a stack of two bonding devices is setup, because skb-dev always points to the hierarchy top. Add new "const struct netdevice dev" parameter t...

CVE-2026-5474

A vulnerability was found in NASA cFS up to 7.0.0. This affects the function CFEMSGGetSize of the file apps/tolab/fsw/src/tolabpassthruencode.c of the component CCSDS Packet Header Handler. Performing a manipulation results in heap-based buffer overflow. The attacker must have access to the local...

CVE-2026-5475

A vulnerability was determined in NASA cFS up to 7.0.0. This impacts the function CFESBTransmitMsg of the file cfesbpriv.c of the component CCSDS Header Size Handler. Executing a manipulation can lead to memory corruption. The project was informed of the problem early through an issue report but...

CVE-2026-5475

NASA cFS up to 7.0.0 contains a memory corruption vulnerability in the CCSDS Header Size Handler. The affected function is CFE_SB_TransmitMsg in cfe_sb_priv.c, within the CCSDS Header Size Handler component. The issue is triggered by a manipulation of input leading to memory corruption. The CVE e...

CVE-2026-5475 NASA cFS CCSDS Header Size cfe_sb_priv.c CFE_SB_TransmitMsg memory corruption

A vulnerability was determined in NASA cFS up to 7.0.0. This impacts the function CFESBTransmitMsg of the file cfesbpriv.c of the component CCSDS Header Size Handler. Executing a manipulation can lead to memory corruption. The project was informed of the problem early through an issue report but...

CVE-2026-5475 NASA cFS CCSDS Header Size cfe_sb_priv.c CFE_SB_TransmitMsg memory corruption

A vulnerability was determined in NASA cFS up to 7.0.0. This impacts the function CFESBTransmitMsg of the file cfesbpriv.c of the component CCSDS Header Size Handler. Executing a manipulation can lead to memory corruption. The project was informed of the problem early through an issue report but...

CVE-2026-5474

A vulnerability was found in NASA cFS up to 7.0.0. This affects the function CFEMSGGetSize of the file apps/tolab/fsw/src/tolabpassthruencode.c of the component CCSDS Packet Header Handler. Performing a manipulation results in heap-based buffer overflow. The attacker must have access to the local...

CVE-2026-5474 NASA cFS CCSDS Packet Header to_lab_passthru_encode.c CFE_MSG_GetSize heap-based overflow

A vulnerability was found in NASA cFS up to 7.0.0. This affects the function CFEMSGGetSize of the file apps/tolab/fsw/src/tolabpassthruencode.c of the component CCSDS Packet Header Handler. Performing a manipulation results in heap-based buffer overflow. The attacker must have access to the local...

CVE-2026-5474

CVE-2026-5474 affects NASA cFS up to 7.0.0. The vulnerability is in CFE_MSG_GetSize (file apps/to_lab/fsw/src/to_lab_passthru_encode.c, CCSDS Packet Header Handler) and results in a heap-based buffer overflow when manipulated. Exploitation requires local network access. Multiple sources (NVD, Red...

CVE-2026-34083

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, SignalK Server contains a code-level vulnerability in its OIDC login and logout handlers where the unvalidated HTTP Host header is used to construct the OAuth2 redirecturi. Because the redirectU...

CVE-2026-23457

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntracksip: fix Content-Length u32 truncation in siphelptcp siphelptcp parses the SIP Content-Length header with simplestrtoul, which returns unsigned long, but stores the result in unsigned int clen. On 64-bit...

CVE-2026-23451

In the Linux kernel, the following vulnerability has been resolved: bonding: prevent potential infinite loop in bondheaderparse bondheaderparse can loop if a stack of two bonding devices is setup, because skb-dev always points to the hierarchy top. Add new "const struct netdevice dev" parameter t...