872 matches found
python: Python: HTTP header injection via CR/LF in proxy tunnel headers
A flaw was found in Python. This vulnerability allows for the injection of extra information into HTTP communication. Specifically, the system does not properly prevent special characters carriage return and line feed from being included in HTTP client proxy tunnel headers or host fields...
ALSA-2026:19019 Important: python3.14 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
ALSA-2026:19064 Important: python3.12 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
RHEL 10 : python3.12 (RHSA-2026:19064)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19064 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...
Important: python3.14 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
CVE-2026-42578
Netty CVE-2026-42578 affects HttpProxyHandler prior to 4.2.13.Final and 4.1.133.Final. The issue arises because HttpProxyHandler builds CONNECT requests with header validation disabled (newInitialMessage uses DefaultHttpHeadersFactory.headersFactory().withValidation(false) and then appends user-p...
CVE-2025-8154
CVE-2025-8154 describes an HTTP header injection vulnerability in the Webhook API invocations causing headers to be injected/overwritten in responses. Affected products include multiple WSO2 offerings (e.g., API Manager, Universal Gateway, Traffic Manager, API Control Plane, Carbon API Gateway/Ma...
CVE-2025-8154 HTTP Header Injection via Webhook API in Multiple WSO2 Products Allows Response Header Manipulation
In Webhook API invocations, the component accepts user-supplied input for HTTP request headers without sufficient validation or sanitization, allowing these headers to be injected into HTTP responses. By exploiting this vulnerability, a malicious actor can inject or overwrite arbitrary HTTP...
GHSA-45Q3-82M4-75JR Netty has HTTP Header Injection via HttpProxyHandler Disabled Validation (Incomplete Fix CVE-2025-67735)
Security Vulnerability Report: HTTP Header Injection via HttpProxyHandler Disabled Validation in Netty 1. Vulnerability Summary | Field | Value | |-------|-------| | Product | Netty | | Version | 4.2.12.Final and all prior versions | | Component | io.netty.handler.proxy.HttpProxyHandler | |...
python: Python: HTTP header injection via CR/LF in proxy tunnel headers
A flaw was found in Python. This vulnerability allows for the injection of extra information into HTTP communication. Specifically, the system does not properly prevent special characters carriage return and line feed from being included in HTTP client proxy tunnel headers or host fields...
CVE-2026-42035
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, a prototype pollution gadget exists in the Axios HTTP adapter lib/adapters/http.js that allows an attacker to inject arbitrary HTTP headers into outgoing requests. The vulnerability exploits duck-type...
PT-2026-34624
Name of the Vulnerable Software and Affected Versions i18next-http-middleware versions prior to 3.9.3 Description The software writes user-controlled language values into the 'Content-Language' response header using an HTML-entity encoder that fails to strip carriage return, line feed, or other...
RLSA-2026:7675 Important: nodejs24 security update
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...
RockyLinux 10 : nodejs24 (RLSA-2026:7675)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:7675 advisory. nodejs: Nodejs denial of service CVE-2026-21637 brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion CVE-2026-25547...
nodejs:24 security update
An update is available for nodejs, module.nodejs-packaging, nodejs-packaging, module.nodejs, nodejs-nodemon, module.nodejs-nodemon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
RHEL 10 : nodejs24 (RHSA-2026:7675)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7675 advisory. Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an...
RHEL 8 : nodejs:24 (RHSA-2026:7670)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7670 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...
Important: python3.9
Issue Overview: When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized. CVE-2025-11468 User-controlled...
ALSA-2026:7670 Important: nodejs:24 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Nodejs denial of service CVE-2026-21637 minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 undici:...
ALSA-2026:7675 Important: nodejs24 security update
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...