12667 matches found
CVE-2026-46579
OpenShift Router flaw: when Route.insecureEdgeTerminationPolicy is Allow, the HTTP frontend does not strip X-SSL-Client-* headers, enabling an unauthenticated attacker to craft requests that bypass mutual TLS authentication by impersonating client certificate identities. Affected component: OpenS...
Red Hat OpenShift Container Platform 授权问题漏洞
Red Hat OpenShift Container Platform is a platform developed by Red Hat Inc. It helps enterprises develop, deploy, and manage existing container-based applications across physical, virtual, and public cloud infrastructures. There is an authorization vulnerability in Red Hat OpenShift Container...
PT-2026-45023
Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.4 Description NodeVM exposes process-wide observability builtins when they are permitted via require.builtin. Specifically, the diagnostics channel, async hooks, and perf hooks modules are not included in the dangero...
n8n-MCP 访问控制错误漏洞
n8n-MCP is a model context protocol server developed by Romuald Członkowski, an individual developer. Versions of n8n-MCP prior to 2.51.2 contained an access control vulnerability. This vulnerability arises when multi-tenant mode is enabled, and headers are omitted or only partially provided duri...
📄 Apache HTTP Server 2.4.66 Denial of Service
Apache HTTP Server version 2.4.66 modhttp2 double-free denial of service proof of concept exploit. Exploit Title: Apache HTTP Server 2.4.66 - 'modhttp2' Double-Free Denial of Service Google Dork: intext:"Apache/2.4.66" "HTTP/2" Date: 2026-05-06 Exploit Author: xeloxa https://github.com/xeloxa/...
PT-2026-44799
Name of the Vulnerable Software and Affected Versions OpenShift Router affected versions not specified Description A flaw in the HTTP frontend occurs when a Route has the insecureEdgeTerminationPolicy set to Allow. In this configuration, the router fails to remove X-SSL-Client- headers from...
CVE-2026-44883 Portainer: JWT accepted in URL query leaks tokens to logs and referers
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer's authentication middleware accepts JWT bearer tokens passed...
EUVD-2026-33059
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer's authentication middleware accepts JWT bearer tokens passed...
HTTP Response Splitting
Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to HTTP Response Splitting via the serialize function. An attacker can inject arbitrary attributes into the Set-Cookie response header by supplying crafted input to the sameSite or priority...
USN-8343-1: multipart vulnerability
It was discovered that multipart had an ambiguous regular expression alternation when handling certain HTTP header values. A remote attacker could possibly use this issue to cause multipart to use excessive resources, leading to a denial of service...
USN-8343-1 multipart vulnerability
It was discovered that multipart had an ambiguous regular expression alternation when handling certain HTTP header values. A remote attacker could possibly use this issue to cause multipart to use excessive resources, leading to a denial of service...
GHSA-Q8CJ-789H-VG24 OpenBao's Inline Auth Incorrectly Redacted Headers
Impact OpenBao's inline auth functionality incorrectly redacted audit log entries, resulting in non-auth headers being removed and auth-related headers being retained in cleartext. This requires an attacker to compromise access to the audit device. Operators should review leaked source...
OpenBao's Inline Auth Incorrectly Redacted Headers
Impact OpenBao's inline auth functionality incorrectly redacted audit log entries, resulting in non-auth headers being removed and auth-related headers being retained in cleartext. This requires an attacker to compromise access to the audit device. Operators should review leaked source...
CVE-2026-42585
A flaw was found in Netty. This vulnerability allows a remote attacker to perform request smuggling attacks due to incorrect parsing of malformed Transfer-Encoding headers. By exploiting this flaw, an attacker can bypass security controls and potentially access sensitive information or manipulate...
Memory Allocation with Excessive Size Value
Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the Parse function. An attacker can exhaust CPU resources and generate excessive log output by sending oversized or malformed headers that are processed without length checks. Remediation...
Memory Allocation with Excessive Size Value
Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the Parse function. An attacker can exhaust CPU resources and generate excessive log output by sending oversized or malformed headers that are processed without length checks. Remediation...
Memory Allocation with Excessive Size Value
Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the Parse function. An attacker can exhaust CPU resources and generate excessive log output by sending oversized or malformed headers that are processed without length checks. Remediation...
GHSA-5WRP-CWCJ-Q835 opentelemetry-go's baggage parsing no longer caps raw header length
Summary https://github.com/open-telemetry/opentelemetry-go/pull/7880 removed raw-length rejection and it causes Parse to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Details The commit removes the upfront baggage-string length check and the...
opentelemetry-go's baggage parsing no longer caps raw header length
Summary https://github.com/open-telemetry/opentelemetry-go/pull/7880 removed raw-length rejection and it causes Parse to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Details The commit removes the upfront baggage-string length check and the...
web-vulnerability-scanner
web-vulnerability-scanner A P...