Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.18 for Quarkus 3.33 update is now available (RHBQ 3.33.1.GA)

An update for Red Hat Build of Apache Camel 4.18 for Quarkus 3.33 update is now available RHBQ 3.33.1.GA. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product...

CVE-2026-38967

CVE-2026-38967 affects CrowCpp Crow through v1.3.1 HTTP and is caused by unvalidated response header values, leading to response header injection. The vulnerability has a CVSS v3.1 score of 9.8 (CRITICAL) with network attack vector, no user interaction, and impacts on confidentiality, integrity, ...

jmc security update

An update is available for jmc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list JDK Mission Control is a powerful profiler for HotSpot JVMs and has an advanced s...

RHCOS 4 : OpenShift Container Platform 4.12.78 (RHSA-2025:10271)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:10271 advisory. - net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Note that Nessus has not tested for this...

RHCOS 4 : OpenShift Container Platform 4.15.55 (RHSA-2025:11352)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:11352 advisory. - net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Note that Nessus has not tested for this...

RHCOS 4 : OpenShift Container Platform 4.17.35 (RHSA-2025:10295)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:10295 advisory. - podman: podman missing TLS verification CVE-2025-6032 - net/http: Request smuggling due to acceptance of invalid chunked data in...

RHCOS 4 / 8 : OpenShift Container Platform 4.11.0 (RHSA-2022:5068)

The remote Red Hat Enterprise Linux CoreOS 4 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5068 advisory. - golang.org/x/crypto: empty plaintext packet causes panic CVE-2021-43565 - golang: net/http: improper sanitization of...

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in jetty-http (CVE-2025-11143)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-11143 reported for jetty-http-12.0.25.jar. Vulnerability Details CVEID:CVE-2025-11143 DESCRIPTION: The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differentia...

CVE-2026-23486

creationtimestamp| type| source ---|---|--- 2026-04-28 00:08:54+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-23486.yaml 2026-04-28 21:03:04+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mklibctkvh2z...

CVE-2026-34274

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successf...

Unity Linux 20.1060a / 20.1070a Security Update: grafana (UTSA-2026-007098)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007098 advisory. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is us...

BIT-NODE-2026-21710

A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called on a non-array...

MGASA-2026-0081 Updated thunderbird packages fix security vulnerabilities

Denial-of-service in the XML component. CVE-2025-59375 Spoofing issue in Thunderbird. CVE-2026-3889 Race condition, use-after-free in the Graphics: WebRender component. CVE-2026-4684 Incorrect boundary conditions in the Graphics: Canvas2D component. CVE-2026-4685 Incorrect boundary conditions in...

OPENSUSE-SU-2026:20301-1 Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues: - Update to version 1.25.7 jscSLE-18320 - CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level bsc1256821 - CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain bsc1256820 ...

Exploit for Improper Access Control in Oracle Http_Server

CVE-2026-21962 Concurrent WebLogic Scanner/Exploiter High-per...

CVE-2024-3231

creationtimestamp| type| source ---|---|--- 2026-02-08 10:45:23+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-3231.yaml 2026-02-11 21:03:07+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3memet7yse324...

CVE-2023-3197

creationtimestamp| type| source ---|---|--- 2026-02-06 14:56:54+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2023/CVE-2023-3197.yaml...

Amazon Linux 2023 : nerdctl (ALAS2023-2026-1401)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1401 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processe...

urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion

A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...

CLEANSTART-2026-IA37596 net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines

Multiple security vulnerabilities affect the consul-k8s-fips package. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. See references for individual vulnerability details...