MGASA-2026-0150 Updated perl-libwww-perl & perl-HTTP-Message packages fix security vulnerabilities

LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects...

CVE-2026-32239

A flaw was found in the KJ-HTTP component of Cap’n Proto. When processing HTTP messages, a negative Content-Length value could be implicitly converted to an unsigned integer, resulting in an extremely large length value. An attacker could exploit this behavior by sending specially crafted HTTP...

MAL-2025-48843 Malicious code in http-message-signatures-extension (npm)

--- -= Per source details. Do not edit below this line.=-...

EUVD-2018-18299

Malware in sbrugna...

EUVD-2019-5197

Malware in sbrugna...

EUVD-2023-1431

Malicious code in bioql PyPI...

EUVD-2025-29041

Malicious code in bioql PyPI...

EUVD-2022-43522

Malicious code in bioql PyPI...

EUVD-2022-38163

Malicious code in bioql PyPI...

CVE-2025-59058 httpsig-rs's HMAC verification is vulnerable to timing attack

httpsig-rs is a Rust implementation of IETF RFC 9421 http message signatures. Prior to version 0.0.19, the HMAC signature comparison is not timing-safe. This makes anyone who uses HS256 signature verification vulnerable to a timing attack that allows the attacker to forge a signature. Version...

PT-2025-37315

Name of the Vulnerable Software and Affected Versions: httpsig-rs versions prior to 0.0.19 Description: httpsig-rs is a Rust implementation of IETF RFC 9421 http message signatures. The HMAC signature comparison is not timing-safe in versions prior to 0.0.19, potentially allowing an attacker to...

TencentOS Server 2: squid (TSSA-2024:0116)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0116 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...

CVE-2024-46316

DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the sub2C920 function at /cgi-bin/mainfunction.cgi. This vulnerability allows attackers to execute arbitrary commands via supplying a crafted HTTP message...

CVE-2022-20652

A vulnerability in the web-based management interface and in the API subsystem of Cisco Tetration could allow an authenticated, remote attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system. This vulnerability is due to insufficient inpu...

CVE-2019-13927

A vulnerability has been identified in Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 All firmware versions V6.00.320, Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U with Desigo PX Web modules...

CVE-2025-4969 Libsoup: off-by-one out-of-bounds read in find_boundary() in soup-multipart.c

A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. This can allow a remote attacker to send a specially crafted multipart HTTP body, causing the libsoup-consuming server to read beyond its allocated...

CLSA-2024-1735311613 php: Fix of 2 CVEs

CVE-2023-0567: fix issue causing passwordverify function to accept invalid Blowfish hashes as valid - CVE-2023-3247: fix issue with SOAP HTTP Digest Authentication random value generator not checking for failure, leading to disclosure of uninitialized memory and easier guessing of client's nonce...

CVE-2024-46316

DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the sub2C920 function at /cgi-bin/mainfunction.cgi. This vulnerability allows attackers to execute arbitrary commands via supplying a crafted HTTP message...

CVE-2024-46316

DrayTek Vigor3900, firmware 1.5.1.6, contains a command-injection vulnerability in the sub_2C920 function exposed via /cgi-bin/mainfunction.cgi. An attacker can supply a crafted HTTP message to execute arbitrary commands with low privileges and no user interaction, potentially impacting confident...

CVE-2024-46316

DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the sub2C920 function at /cgi-bin/mainfunction.cgi. This vulnerability allows attackers to execute arbitrary commands via supplying a crafted HTTP message...