CVE-2026-7853

A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected is the function sprintf of the file /autoreboot.asp of the component HTTP Handler. This manipulation of the argument enable/time causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made...

org.eclipse.digitaltwin.basyx:basyx.submodelrepository-backend-inmemory (=2.0.0-milestone-01), org.eclipse.digitaltwin.basyx:basyx.submodelrepository-backend-mongodb (=2.0.0-milestone-01) +3 more potentially affected by CVE-2026-7411 via org.eclipse.digitaltwin.basyx:basyx.submodelrepository-core (=2.0.0-milestone-01)

org.eclipse.digitaltwin.basyx:basyx.submodelrepository-core MAVEN version =2.0.0-milestone-01 is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.digitaltwin.basyx:basyx.submodelrepository-core and may be impacted: -...

org.eclipse.digitaltwin.basyx:basyx.submodelservice.component (=2.0.0-milestone-01) potentially affected by CVE-2026-7411 via org.eclipse.digitaltwin.basyx:basyx.submodelservice-http (=2.0.0-milestone-01)

org.eclipse.digitaltwin.basyx:basyx.submodelservice-http MAVEN version =2.0.0-milestone-01 is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.digitaltwin.basyx:basyx.submodelservice-http and may be impacted: -...

GHSA-FJ4G-2P96-Q6M3 Network-AI missing authentication on MCP HTTP endpoint, which allows unauthenticated privileged tool calls

Security Advisory: Missing Authentication for Critical Function in Jovancoding/Network-AI | Field | Value | |---|---| | Project | Jovancoding/Network-AI | | Repository | https://github.com/Jovancoding/Network-AI | | Affected commit | c344f2053eb0d49395988f803bf92f2a86b2a0d0 | | Affected tested...

Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE

The Apache Software Foundation ASF has released security updates to address several security vulnerabilities in the HTTP Server, including a severe vulnerability that could potentially lead to remote code execution RCE. The vulnerability, tracked as CVE-2026-23918 CVSS score: 8.8, has been...

K000161120: HTTP/2 vulnerability CVE-2025-8671

Security Advisory Description A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to denial-of-service DoS. By opening streams and th...

Security Bulletin: IBM Quantum Safe Remediator is affected by multiple vulnerabilities

Summary The vulnerabilities are found in the dependent open source libraries used in IBM Quantum Safe Remediator code base. IBM Quantum Safe Remediator has addressed these vulnerabilities by updating the libraries versions. Vulnerability Details CVEID:CVE-2026-33228 DESCRIPTION: flatted is a...

ALPINE-CVE-2026-29168

Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's modmd via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

CVE-2026-7412

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to...

Exploit for Double Free in Apache Http_Server

Apache HTTP Server: http2: Double Free and possible RCE on e...

SUSE-SU-2026:21490-1 Security update for containerd

This update for containerd fixes the following issue: - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-header bsc1260296...

Prototype Pollution

Axios is vulnerable to Prototype Pollution. The vulnerability is due to direct property access of configuration fields in the HTTP adapter e.g., config.auth, config.baseURL, config.socketPath, config.beforeRedirect, config.insecureHTTPParser without hasOwnProperty checks, allowing polluted...

CVE-2026-29168

Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's modmd via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

CVE-2026-29168

CVE-2026-29168 affects Apache HTTP Server’s mod_md and is due to an Allocation of Resources Without Limits or Throttling via OCSP response data. Affected are Apache httpd versions 2.4.30 through 2.4.66; upgrading to 2.4.67 fixes the issue. The vulnerability description consistently notes this as ...

Exploit for Double Free in Apache Http_Server

CVE-2026-23918-test This repository contains a Proof of Concep...

Exploit for Double Free in Apache Http_Server

☣️ CVE-2026-23918-Elite-Auditor ☣️ Professional Intelligenc...

CVE-2026-43870

Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting', Uncontrolled Resource Consumption vulnerability in Apache Thrift. This issue affects Apache Thrift:...

BIT-APACHE-2026-34059 Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data()

Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

BIT-APACHE-2026-33523 Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line

HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

BIT-APACHE-2026-33006 Apache HTTP Server: mod_auth_digest timing attack

A timing attack against modauthdigest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue...