3681 matches found
libsoup 环境问题漏洞
Libsoup is a GNOME project’s HTTP client/server library. Libsoup has an environmental issue vulnerability, which stems from the HTTP/1 header parsing logic having request embedding. The soupmessageheaders.AppendCommon function appends header values without verification of duplicate or conflicting...
Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header
A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named proto. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an...
OSV-2026-610 Memcpy-param-overlap in htx_replace_blk_value
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=504612570 Crash type: Memcpy-param-overlap Crash state: htxreplaceblkvalue httpreplaceheadervalue httpschemebasednormalize...
PT-2026-34624
Name of the Vulnerable Software and Affected Versions i18next-http-middleware versions prior to 3.9.3 Description The software writes user-controlled language values into the 'Content-Language' response header using an HTML-entity encoder that fails to strip carriage return, line feed, or other...
SUSE-SU-2026:1395-1 Security update for azure-storage-azcopy
This update for azure-storage-azcopy fixes the following issues: - CVE-2026-33186: Authorization bypass in grpc-go due to improper validation of the HTTP/2 :path pseudo-header bsc1260307...
CVE-2026-22618
A security misconfiguration was identified in Eaton Intelligent Power Protector IPP, where an HTTP response header was set with an insecure attribute, potentially exposing users to web‑based attacks. This security issue has been fixed in the latest version of Eaton IPP software which is available...
CVE-2026-22618
CVE-2026-22618 concerns Eaton Intelligent Power Protector (IPP). The issue is a misconfiguration where an HTTP response header was set with an insecure attribute, potentially enabling web-based attacks. Affected software/functionality is IPP; underlying cause is the insecure header configuration ...
nodejs:20 security update
An update is available for nodejs, module.nodejs-packaging, nodejs-packaging, module.nodejs, nodejs-nodemon, module.nodejs-nodemon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
RHEL 8 : nodejs:20 (RHSA-2026:8339)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:8339 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...
RockyLinux 8 : nodejs:20 (RLSA-2026:8339)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:8339 advisory. minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 minimatch: Minimatch: Denial of Service via catastrophic...
RLSA-2026:7675 Important: nodejs24 security update
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...
RockyLinux 10 : nodejs24 (RLSA-2026:7675)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:7675 advisory. nodejs: Nodejs denial of service CVE-2026-21637 brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion CVE-2026-25547...
ALSA-2026:8339 Important: nodejs:20 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 minimatch: Minimatch: Denial of Service via catastrophi...
Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header
A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named proto. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an...
nodejs:24 security update
An update is available for nodejs, module.nodejs-packaging, nodejs-packaging, module.nodejs, nodejs-nodemon, module.nodejs-nodemon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
RHEL 8 : nodejs:24 (RHSA-2026:7670)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7670 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...
ALSA-2026:7670 Important: nodejs:24 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Nodejs denial of service CVE-2026-21637 minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 undici:...
Important: python3.9
Issue Overview: When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized. CVE-2025-11468 User-controlled...
RHEL 10 : nodejs24 (RHSA-2026:7675)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7675 advisory. Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an...
ALSA-2026:7675 Important: nodejs24 security update
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...