25 matches found
CVE-2026-61427
PraisonAI before 4.6.78 exposes the MCP HTTP-stream transport without authentication by default: the CLI --api-key option defaults to None, and the server only enforces Authorization/Bearer checks when an API key is configured. When an operator runs 'praisonai mcp serve --transport http-stream'...
GHSA-84XM-R438-86PX Envoy: HTTP - filter chain execution on reset streams causing UAF crash
Note: This vulnerability was originally reported to the Google OSS VRP Issue ID: 477542544. The Google Security Team requested that I coordinate directly with the Envoy maintainers for triage and remediation. I am submitting this report here to facilitate that process. Technical Details I have...
php:7.4 security update
libzip 1.6.1-1 - update to 1.6.1 - enable lzma support php 7.4.33-3 - Fix Heap-Use-After-Free in sapireadpostdata Processing in CLI SAPI Interface GHSA-4w77-75f9-2c8w - Fix Configuring a proxy in a stream context might allow for CRLF injection in URIs CVE-2024-11234 - Fix Single byte overread wit...
RLSA-2025:7431 Moderate: php security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Header parser of http stream wrapper does not handle folded headers CVE-2025-1217 php: Stream HTTP wrapper header check might omit basic auth header CVE-2025-1736 php: Streams HTTP wrapper...
php security update
An update is available for php. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PHP is an HTML-embedded scripting language commonly used with the Apache HTTP...
php: Header parser of http stream wrapper does not handle folded headers
A flaw was found in PHP. This vulnerability allows misinterpretation of HTTP response headers, potentially leading to incorrect usage of headers, MIME types, and other response attributes via incorrect parsing of folded headers in the HTTP request module...
php: Header parser of http stream wrapper does not handle folded headers
A flaw was found in PHP. This vulnerability allows misinterpretation of HTTP response headers, potentially leading to incorrect usage of headers, MIME types, and other response attributes via incorrect parsing of folded headers in the HTTP request module...
Moderate: Red Hat Security Advisory: php security update
An update for php is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...
ALSA-2025:7431 Moderate: php security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Header parser of http stream wrapper does not handle folded headers CVE-2025-1217 php: Stream HTTP wrapper header check might omit basic auth header CVE-2025-1736 php: Streams HTTP wrapper...
ALSA-2025:7418 Important: php:8.3 security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Header parser of http stream wrapper does not handle folded headers CVE-2025-1217 php: Stream HTTP wrapper header check might omit basic auth header CVE-2025-1736 php: Streams HTTP wrapper...
ALSA-2025:7432 Moderate: php:8.2 security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233 php: Configuring ...
AlmaLinux 9 : php:8.1 (ALSA-2025:4263)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:4263 advisory. php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-decod...
php: Header parser of http stream wrapper does not handle folded headers
A flaw was found in PHP. This vulnerability allows misinterpretation of HTTP response headers, potentially leading to incorrect usage of headers, MIME types, and other response attributes via incorrect parsing of folded headers in the HTTP request module...
Amazon Linux 2023 : php8.2, php8.2-bcmath, php8.2-cli (ALAS2023-2025-936)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-936 advisory. Header parser of http stream wrapper does not handle folded headers. CVE-2025-1217 When requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used t...
Stream HTTP wrapper truncates redirect location to 1024 bytes
...
Important: php8.3
Issue Overview: NOTE: https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477 https://www.tenable.com/cve/CVE-2024-11235 Version This vulnerability is present only in PHP 8.3+. The PHP 8.2 and versions before are not impacted. CVE-2024-11235 Header parser of http stream wrapper doe...
Medium: php8.1
Issue Overview: Header parser of http stream wrapper does not handle folded headers. CVE-2025-1217 When requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. CVE-2025-1219...
Amazon Linux 2023 : php8.1, php8.1-bcmath, php8.1-cli (ALAS2023-2025-916)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-916 advisory. Header parser of http stream wrapper does not handle folded headers. CVE-2025-1217 When requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used t...
Important: php8.3
Issue Overview: NOTE: https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477 https://www.tenable.com/cve/CVE-2024-11235 Version This vulnerability is present only in PHP 8.3+. The PHP 8.2 and versions before are not impacted. CVE-2024-11235 Header parser of http stream wrapper doe...
Security update for php8
This update for php8 fixes the following issues: CVE-2024-11235: Fixed reference counting in phprequestshutdown causing Use-After-Free bsc1239666 CVE-2025-1217: Fixed header parser of http stream wrapper not handling folded headers bsc1239664 CVE-2025-1219: Fixed libxml streams using wrong...