CVE-2026-23886 Swift W3C TraceContext has malformed HTTP header that can cause a crash

Swift W3C TraceContext is a Swift implementation of the W3C Trace Context standard, and Swift OTel is an OpenTelemetry Protocol OTLP backend for Swift Log, Swift Metrics, and Swift Distributed Tracing. Prior to Swift W3C TraceContext version 1.0.0-beta.5 and Swift OTel version 1.0.4, a...

CVE-2026-23886 Swift W3C TraceContext has malformed HTTP header that can cause a crash

Swift W3C TraceContext is a Swift implementation of the W3C Trace Context standard, and Swift OTel is an OpenTelemetry Protocol OTLP backend for Swift Log, Swift Metrics, and Swift Distributed Tracing. Prior to Swift W3C TraceContext version 1.0.0-beta.5 and Swift OTel version 1.0.4, a...

SUSE-SU-2026:20360-1 Security update for libsoup

This update for libsoup fixes the following issues: - CVE-2025-14523: flaw in HTTP header handling can lead to host header parsing discrepancy between servers and proxies and allow for request smuggling, cache poisoning and bypass of access controls bsc1254876. - CVE-2025-12105: heap use-after-fr...

MiracleLinux 3 : php-5.1.6-43.0.1.AXS3 (AXSA:2014-315:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-315:01 advisory. PHP is an HTML-embedded scripting language that allows developers to write dynamically generated web pages. PHP is ideal for writing database-enabled...

MiracleLinux 7 : java-1.8.0-openjdk-1.8.0.151-1.b12.el7 (AXSA:2017-2339:07)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2339:07 advisory. Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to...

MiracleLinux 4 : firefox-3.6.24-3.0.1.AXS4, xulrunner-1.9.2.24-2.1.0.1.AXS4 (AXSA:2012-81:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-81:01 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security issues fixed with this release...

MiracleLinux 3 : perl-5.8.8-32.6.0.1.AXS3 (AXSA:2011-563:02)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-563:02 advisory. Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is...

Sensitive Information Disclosure

Sentry-Javascript is vulnerable to Sensitive Information Disclosure. The vulnerability is due to over-collection of sensitive HTTP headers when sendDefaultPii is enabled, where headers such as Cookie can be sent to and stored in Sentry traces, allowing users with access to the Sentry organization...

MiracleLinux 8 : go-toolset:rhel8 (AXSA:2025-9858:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9858:01 advisory. golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints CVE-2024-45341 golang: net/http: net/http: sensitive header...

MiracleLinux 7 : php-5.4.16-48.0.6.el7.AXS7 (AXSA:2025-10014:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10014:03 advisory. CVE-2025-1217: fix handling of folded headers by the http stream parser CVE-2025-1734: fix validation of http headers with missing colon...

SUSE-SU-2026:20053-1 Security update for libsoup

This update for libsoup fixes the following issues: - CVE-2025-14523: flaw in HTTP header handling can lead to host header parsing discrepancy between servers and proxies and allow for request smuggling, cache poisoning and bypass of access controls bsc1254876...

OESA-2026-1018 python-tornado security update

Tornado is an open source version of the scalable, non-blocking web server and tools. Security Fixes: Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and below use an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a...

CVE-2023-49564

The CBIS/NCS Manager API is vulnerable to an authentication bypass. By sending a specially crafted HTTP header, an unauthenticated user can gain unauthorized access to API functions. This flaw allows attackers to reach restricted or sensitive endpoints of the HTTP API without providing any valid...

CVE-2021-27404

Askey RTF8115VW BRSVg11.11RTFTEF001V6.54V014 devices allow injection of a Host HTTP header...

CVE-2016-10990

The wp-cerber plugin before 2.7 for WordPress has XSS via the X-Forwarded-For HTTP header...

CVE-2022-37724

Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces...

CVE-2019-20866

An issue was discovered in Mattermost Server before 5.12.0. Use of a Proxy HTTP header, rather than the source address in an IP packet header, for obtaining IP address information was mishandled...

CVE-2020-7996

htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header...

CVE-2020-10376

Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to discover passwords by sniffing the network for an "Authorization: Basic" HTTP header...

CVE-2023-50963

IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...