16517 matches found
AZL-76736 CVE-2026-1801 affecting package libsoup 3.0.4-12
A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soupfilterinputstreamreadline logic, where libsoup accepts malformed chunk headers, such as lone line feed LF characters instead of the required...
CVE-2026-1801
A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soupfilterinputstreamreadline logic, where libsoup accepts malformed chunk headers, such as lone line feed LF characters instead of the required...
EUVD-2026-5176
A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soupfilterinputstreamreadline logic, where libsoup accepts malformed chunk headers, such as lone line feed LF characters instead of the required...
CVE-2026-1801
A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soupfilterinputstreamreadline logic, where libsoup accepts malformed chunk headers, such as lone line feed LF characters instead of the required...
Security update for python-h2 (moderate)
openSUSE security update: security update for python-h2 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20122-1 Rating: moderate References: bsc1248737 Cross-References: CVE-2025-57804 CVSS scores: CVE-2025-57804 SUSE : 5.3...
CVE-2026-1760
A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client can exploit this by sending specially crafted requests,...
CVE-2026-1760
CVE-2026-1760 – SoupServer HTTP request smuggling . A flaw in SoupServer allows a remote unauthenticated attacker to smuggle additional requests over a persistent connection by exploiting combined Transfer-Encoding: chunked and Connection: keep-alive handling, potentially causing DoS. The vulnera...
CVE-2025-63651
A use-after-free in the mkstringcharsearch function mkcore/mkstring.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...
CVE-2025-63650
An out-of-bounds read in the mkptrtobuf in mkcore function mkmemory.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...
CVE-2025-63653
An out-of-bounds read in the mkvhostfdtclose function mkserver/mkvhost.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...
Security Bulletin: IBM Operational Decision Manager for December 2025 - Multiple CVEs addressed
Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed Vulnerability Details CVEID:CVE-2025-58056...
EUVD-2025-206528
A use-after-free in the mkstringcharsearch function mkcore/mkstring.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...
CVE-2025-63653
Affects mk_server/mk_vhost.c, function mk_vhost_fdt_close, in monkey commit f37e984. This out-of-bounds read can be triggered by a crafted HTTP request to cause a Denial of Service. Public documents do not provide a confirmed fixed version or patch details; exploitation status is not described be...
CVE-2025-63651
A use-after-free in the mkstringcharsearch function mkcore/mkstring.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...
PT-2026-5339
Name of the Vulnerable Software and Affected Versions Monkey affected versions not specified Description A use-after-free issue exists in the mk http request end function located in mk server/mk http.c. This flaw allows attackers to potentially cause a Denial of Service DoS by sending a specially...
CVE-2025-63650
An out-of-bounds read in the mkptrtobuf in mkcore function mkmemory.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...
EUVD-2025-206527
A use-after-free in the mkhttprequestend function mkserver/mkhttp.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...
CVE-2025-63650
An out-of-bounds read in the mkptrtobuf in mkcore function mkmemory.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...
OPENSUSE-SU-2026:20122-1 Security update for python-h2
This update for python-h2 fixes the following issues: - CVE-2025-57804: Fixed HTTP Request Smuggling due to illegal characters in headers bsc1248737...
GHSA-H25M-26QC-WCJF Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components
A vulnerability affects certain React Server Components packages for versions 19.0.x, 19.1.x, and 19.2.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as CVE-2026-23864. A specially crafted HTTP...