CVE-2026-9422 KLiK SocialMediaWebsite HTTP POST Request Parameter injection

A vulnerability was identified in KLiK SocialMediaWebsite 1.0. This issue affects some unknown processing of the component HTTP POST Request Parameter Handler. Such manipulation leads to injection. The attack can be launched remotely. The exploit is publicly available and might be used...

CVE-2026-9420

CVE-2026-9420 affects KLiK SocialMediaWebsite 1.0 and is associated with the component handling HTTP GET Request Parameters . The issue is a parameter injection vulnerability in that handler, allowing a remote attacker to exploit it. The threat is supported by public exploitation activity. The CV...

PT-2026-43073

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. hackney h3:await response loop/6 accumulates the HTTP/3 response body in memory without any size cap. The after Timeout clause is a per-message inactivity timer that resets on every received...

PT-2026-43071

Name of the Vulnerable Software and Affected Versions hackney versions 0 through 4.0.0 Description Improper Neutralization of CRLF Sequences allows HTTP Request Splitting. The software fails to percent-encode carriage return r or line feed characters in the URL query component before constructing...

Debian dsa-6291 : haproxy - security update

The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6291 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6291-1 [email protected] https://www.debian.org/security/...

yudao-cloud 代码问题漏洞

yudao-cloud is a backend management system for YunaiV individual developers. A code issue vulnerability exists in yudao-cloud version 2026.03, which originates from the function IotDataSinkHttpConfig operation in the file /admin-api/iot/data-sink/create in the component Admin API Endpoint, which...

[SECURITY] Fedora 43 Update: httpd-2.4.67-1.fc43

The Apache HTTP Server is a powerful, efficient, and extensible web server...

MAL-2026-4638 Malicious code in pewter-constantstest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 050b19d8dad7c8c1a626c953493c23b375e434128f38950625f82b0fb244eabe On npm install, the preinstall script callback.js collects the installer's hostname, OS username, current working directory, npm registry...

Malicious code in cloudpivot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4bd95ac92732da86e3ec63771e124da83ea8d98e1dd2f6636ab3d8dde76ab34c On npm install, the package.json preinstall hook runs wget against http://194.120.24.50:7374 with query parameters carrying $whoami, $pwd, $hostname,...

EUVD-2026-31507

NukeViet CMS is a multi Content Management System. Versions 4.5.07 and prior contain a Stored Cross-Site Scripting XSS vulnerability caused by insufficient server-side input sanitization in the Request class. The application relies primarily on client-side filtering to sanitize HTML tags and...

[SECURITY] [DSA 6291-1] haproxy security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6291-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 22, 2026 https://www.debian.org/security/faq -...

CVE-2026-40864

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

CVE-2026-40864

Affected software: JupyterHub (versions 4.1.0–5.4.4). Vulnerability: Cross-origin form POSTs bypass XSRF because XSRF protection treated requests with Sec-Fetch-Mode: no-cors as same-origin, affecting HTTP form endpoints (e.g., /hub/spawn, /hub/accept-share). The JSON API is not affected. Impact ...

Malicious code in orca-website (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c52f7fe46d56cb45880942f5266494a2654d9d330914a6c3c99f02045eacd1dc On require/import, index.js collects host identifiers os.hostname, os.userInfo.username, os.platform, os.arch, process.cwd, process.pid, timestamp an...

CVE-2026-39965

Summary: CVE-2026-39965 affects TypeBot (versions ≤ 3.15.2). The HTTP Request and Code blocks validate the initial URL but the HTTP clients (ky and fetch) do not re-validate redirect destinations on 302 responses, enabling an authenticated user to point a block to an attacker-controlled server th...

Malicious code in openmct-couch-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce8eff366d17efa64bf8605941d009d01cf7a24aaf011af30faec449fc4a2e28 On npm install, the package's preinstall script runs node index.js and then curls the output of hostname && whoami to...

Buffer overflow in the ngx_http_rewrite_module

Buffer overflow in the ngxhttprewritemodule Severity: medium CVE-2026-9256 Not vulnerable: 1.31.1+, 1.30.2+ Vulnerable: 0.1.17-1.31.0...

SUSE-SU-2026:21828-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues - Update to Firefox Extended Support Release 140.11.0 ESR MFSA 2026-48 bsc1265212. MFSA 2026-48: - CVE-2026-8388: Incorrect boundary conditions in the JavaScript Engine: JIT component. - CVE-2026-8391: Other issue in the JavaScript Engine...

OPENSUSE-SU-2026:20789-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues - Update to Firefox Extended Support Release 140.11.0 ESR MFSA 2026-48 bsc1265212. MFSA 2026-48: - CVE-2026-8388: Incorrect boundary conditions in the JavaScript Engine: JIT component. - CVE-2026-8391: Other issue in the JavaScript Engine...

Security Bulletin: The Analyst Workflow App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. Analyst Workflow App for IBM QRadar SIEM has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2026-1525 DESCRIPTION: Undici allows...