PT-2026-30200

Name of the Vulnerable Software and Affected Versions NASA cFS versions up to 7.0.0 Description A flaw exists in NASA cFS up to version 7.0.0 within the CCSDS Packet Header Handler component. Specifically, the CFE MSG GetSize function in the file apps/to lab/fsw/src/to lab passthru encode.c is...

PT-2026-30146

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contained a flaw in the bond header parse function. This function could enter an infinite loop when processing a stack of two bonding devices because skb-dev always...

Core Flight System 安全漏洞

Core Flight System cFS is a generic flight software architecture framework open source by NASA. It is used for flagship spacecraft, manned spacecraft, cube satellites, and Raspberry Pi devices. Versions of Core Flight System 7.0.0 and earlier contain security vulnerabilities. These vulnerabilitie...

PT-2026-30201

A vulnerability was determined in NASA cFS up to 7.0.0. This impacts the function CFE SB TransmitMsg of the file cfe sb priv.c of the component CCSDS Header Size Handler. Executing a manipulation can lead to memory corruption. The project was informed of the problem early through an issue report...

PT-2026-30151

Name of the Vulnerable Software and Affected Versions The Linux kernel affected versions not specified Description A flaw exists in the sip help tcp function within the netfilter module. This function parses the SIP Content-Length header using simple strtoul, which returns an unsigned long, but...

Linux Distros Unpatched Vulnerability : CVE-2026-34520

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser the default for most installs accepted nul...

PT-2026-29970

Shynet before 0.14.0 allows Host header injection in the password reset flow...

shynet 安全漏洞

Shynet is a self-hosted website analysis tool developed by R. Miles McCain. Versions of Shynet prior to 0.14.0 contained security vulnerabilities, which were caused by a header injection vulnerability in the password reset process...

Linux Distros Unpatched Vulnerability : CVE-2026-34518

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp...

Linux Distros Unpatched Vulnerability : CVE-2026-34514

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the contenttype parameter in...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Undertow vulnerability (USN-8144-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8144-1 advisory. It was discovered that Undertow incorrectly validated the Host header in incoming HTTP requests. A remote attacker...

Ubuntu: Security Advisory (USN-8144-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

aioHTTP < 3.13.4 Multiple Vulnerabilities (CVE-2026-22815)

The version of aioHTTP installed on the remote host is prior to 3.13.4. It is, therefore, affected by a request smuggling vulnerability: - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling...

Linux Distros Unpatched Vulnerability : CVE-2026-23403

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - apparmor: fix memory leak in verifyheader The function sets ns = NULL on every call, leaking the namespace string allocated in previous iterations when multiple...

PT-2026-29997

Impact Apps that register custom protocol handlers via protocol.handle / protocol.registerSchemesAsPrivileged or modify response headers via webRequest.onHeadersReceived may be vulnerable to HTTP response header injection if attacker-controlled input is reflected into a response header name or...

PT-2026-30280

Summary fast-jwt does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that fast-jwt does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. ---...

Linux Distros Unpatched Vulnerability : CVE-2026-34519

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the reason parameter when...

Linux Distros Unpatched Vulnerability : CVE-2026-34525

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This iss...

SUSE CVE-2026-34514

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the contenttype parameter in aiohttp could use this to inject extra headers or similar exploits. This issue has been patched in version 3.13.4...

SUSE CVE-2026-34518

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. This issue has been patched in version 3.13.4...