CVE-2026-47075

Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return \r or line feed \n characters in the URL query component before constructing the HTTP/1.1 request target. Characters outside the grammar define...

Unity Linux 20.1070e Security Update: netty (UTSA-2026-016730)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016730 advisory. Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to...

Important: Red Hat Security Advisory: python3.14 security update

An update for python3.14 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

python: Python: HTTP header injection via CR/LF in proxy tunnel headers

A flaw was found in Python. This vulnerability allows for the injection of extra information into HTTP communication. Specifically, the system does not properly prevent special characters carriage return and line feed from being included in HTTP client proxy tunnel headers or host fields...

ALSA-2026:19019 Important: python3.14 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Important: python3.14 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

ALSA-2026:19064 Important: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

RHEL 10 : python3.12 (RHSA-2026:19064)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19064 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of netty-handler-proxy

Summary Due to use of netty-handler-proxy, DevOps Test Performance and Rational Performance Tester contain a potential header injection vulnerability. Vulnerability Details CVEID:CVE-2026-42578 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Fina...

BIT-TOMCAT-2020-1935

In Apache Tomcat 9.0.0 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy...

SUSE-SU-2026:21803-1 Security update for google-guest-agent

This update for google-guest-agent fixes the following issue - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260264...

OPENSUSE-SU-2026:20761-1 Security update for google-guest-agent

This update for google-guest-agent fixes the following issue - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260264...

CVE-2026-42582 Netty: HTTP/3 QPACK literal unbounded allocation

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final, when decoding header blocks, the non-Huffman branch of io.netty.handler.codec.http3.QpackDecoderdecodeHuffmanEncodedLiteral may execute new bytelength for a string literal before verifying that length byt...

CVE-2026-42578

Netty CVE-2026-42578 affects HttpProxyHandler prior to 4.2.13.Final and 4.1.133.Final. The issue arises because HttpProxyHandler builds CONNECT requests with header validation disabled (newInitialMessage uses DefaultHttpHeadersFactory.headersFactory().withValidation(false) and then appends user-p...

CVE-2025-8154

CVE-2025-8154 describes an HTTP header injection vulnerability in the Webhook API invocations causing headers to be injected/overwritten in responses. Affected products include multiple WSO2 offerings (e.g., API Manager, Universal Gateway, Traffic Manager, API Control Plane, Carbon API Gateway/Ma...

CVE-2025-8154 HTTP Header Injection via Webhook API in Multiple WSO2 Products Allows Response Header Manipulation

In Webhook API invocations, the component accepts user-supplied input for HTTP request headers without sufficient validation or sanitization, allowing these headers to be injected into HTTP responses. By exploiting this vulnerability, a malicious actor can inject or overwrite arbitrary HTTP...

PT-2026-39727

Name of the Vulnerable Software and Affected Versions cowlib versions 2.9.0 and later Description Improper Neutralization of CRLF Sequences CRLF Injection occurs when the cow cookie:cookie/1 function builds a client-side Cookie request header from name-value pairs without validating the fields. A...

Unity Linux 20.1070e Security Update: netty (UTSA-2026-017793)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017793 advisory. Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers such as a Transfer- Encoding : chunked line, which leads to HTTP request smuggling...

Unity Linux 20.1060e / 20.1070e Security Update: ruby (UTSA-2026-017492)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017492 advisory. An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the...

Unity Linux 20.1070e Security Update: netty (UTSA-2026-017791)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017791 advisory. HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or...