EDX Open edX 代码问题漏洞

EDX Open edX is an online learning management system developed by the American company EDX. Versions 7.0.2 to 7.0.4 of EDX Open edX have code vulnerabilities. These vulnerabilities stem from the syncproviderdata endpoint in the SAMLProviderDataViewSet, which retrieves the SAML metadata URL from...

CVE-2026-23870

A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to server crashes, out-of-memory exceptions or excessive CPU usage; affecting the following packages: react-server-dom-webpack, react-server-dom-parcel,...

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in jetty-http (CVE-2026-2332)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2026-2332 reported for jetty-http-12.0.25.jar. Vulnerability Details CVEID:CVE-2026-2332 DESCRIPTION: In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "fun...

CVE-2026-42365

GeoVision GeoVision LPC2011/LPC2211 Web Interface (version 1.10) exposes a session cookie vulnerability that allows authentication bypass through a crafted sequence of HTTP requests and brute-forcing session cookies. The CVE notes a network‑based, low‑complexity exposure with no user interaction ...

Astra Linux – Vulnerability in python-urllib3

urllib3 before version 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest. NOTE: this is similar to CVE-2020-26116...

OpenTelemetry.Resources.Azure has an unbounded HTTP response body read

Summary OpenTelemetry.Resources.Azure reads unbounded HTTP response bodies from the Azure VM remote instance metadata service endpoint into memory. This would allow an attacker-controlled endpoint or one acting as a Man-in-the-Middle MitM to cause excessive memory allocation and possible process...

Apache Pony Mail 环境问题漏洞

Apache Pony Mail is a plugin from the Apache Foundation in the United States that includes features for email archiving, viewing, and interaction. Apache Pony Mail has an environmental issue vulnerability, which stems from inconsistent interpretation of HTTP requests, potentially allowing...

CLSA-2026-1777036238 libsoup: Fix of CVE-2026-5119

CVE-2026-5119: do not send cookies to a HTTP proxy for a HTTPS request...

EUVD-2025-209565

An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP request...

CVE-2026-41135

CVE-2026-41135 affects free5GC UDR (PCF) prior to version 1.4.3. The root cause is a faulty router.Use() call inside an HTTP handler that registers a new CORS middleware on every incoming request, causing the Gin router to permanently grow its handler chain. This leads to progressive memory exhau...

Server-side Request Forgery (SSRF)

Overview @nocobase/plugin-workflow-request is a Send HTTP requests to any HTTP service for data interaction in workflow. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the workflow HTTP request and custom request plugins, which make server-side HTTP...

OPENSUSE-SU-2026:20552-1 Security update for LibVNCServer

This update for LibVNCServer fixes the following issues: - CVE-2026-32853: crafted FramebufferUpdate message can lead to information disclosure or denial of service bsc1260431. - CVE-2026-32854: crafted HTTP requests can cause a denial of service bsc1260429...

Kyverno has SSRF via CEL http.Get/http.Post in NamespacedValidatingPolicy allows cross-namespace data access

Summary A Server-Side Request Forgery SSRF vulnerability in Kyverno's CEL HTTP library pkg/cel/libs/http/ allows users with namespace-scoped policy creation permissions to make arbitrary HTTP requests from the Kyverno admission controller. This enables unauthorized access to internal services in...

CVE-2026-25691

A improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with...

CVE-2024-23104

Technical details (affected products, components, versions, root cause, impact, remediation) are not publicly available in the provided Connected documents. Monitor for updates; update specifics may be added in future disclosures.

CVE-2026-25691

A improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with...

CVE-2026-25691

A improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with...

CVE-2026-22154

CVE-2026-22154 affects Fortinet FortiSOAR PaaS (versions 7.3–7.6.3, with 7.4/7.5/7.6.0–7.6.3 explicitly listed) and FortiSOAR on-premise (same version ranges) where improper neutralization of input during web page generation enables an authenticated remote attacker to perform a stored XSS attack ...

CVE-2026-22154

An improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3,...

Fortinet FortiSandbox 跨站脚本漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection device developed by the American company Fortinet. This device offers features such as dual sandbox technology, dynamic threat intelligence systems, a real-time control panel, and reporting capabilities. Versions of Fortinet...