OPENSUSE-SU-2026:20877-1 Security update for rsync

This update for rsync fixes the following issues - CVE-2025-10158: Out of bounds array access via negative index bsc1254441. - CVE-2026-29518: Symlink-Race TOCTOU in Daemon use chroot = no bsc1264511. - CVE-2026-41035: count of entries mismatch can lead to a use-after-free bsc1262223. -...

Security Bulletin: Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

Summary Security Vulnerabilities have been addressed in IBM Verify Identity Access and IBM Security Verify Access Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected ...

Exploit for Missing Authentication for Critical Function in Mcpjam Inspector

CVE-2026-23744 --- Description MCPJam inspector is a loca...

Windows BITS Persistence Tool

This script implements a BITS-based persistence mechanism with an embedded HTTP server and remote payload delivery for Windows...

PT-2026-45839

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in elixir-tesla tesla allows HTTP header injection via Tesla.Multipart.add content type param/2. Tesla.Multipart.add content type param/2 appends caller-supplied strings to the multipart...

PT-2026-45970

These are all security issues fixed in the perl-HTTP-Daemon-6.170.0-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-38967

CVE-2026-38967 affects CrowCpp Crow through v1.3.1 HTTP and is caused by unvalidated response header values, leading to response header injection. The vulnerability has a CVSS v3.1 score of 9.8 (CRITICAL) with network attack vector, no user interaction, and impacts on confidentiality, integrity, ...

PT-2026-45837

Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodies. When Tesla.Middleware.DecompressResponse or Tesla.Middleware.Compression is included in a Tesla middleware pipeline, HTTP...

BrowserStack Runner 路径遍历漏洞

BrowserStack Runner is an open-source browser testing command-line tool developed by BrowserStack. Versions of BrowserStack Runner prior to 0.9.5 contained a path traversal vulnerability. This vulnerability originated from the default HTTP handler in lib/server.js, which allowed for path traversa...

Mint 安全漏洞

Mint is a functional underlying HTTP client library developed by Elixir Mint. Versions of Mint from 0.1.0 to 1.9.0 contained security vulnerabilities. These vulnerabilities stemmed from unlimited resource allocation, which could allow attackers to exhaust the memory of the Mint client on an HTTP/...

Mint 安全漏洞

Mint is a functional underlying HTTP client library developed by Elixir Mint. Versions of Mint from 0.2.0 to 1.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the HTTP/2 server’s ability to insert unlimited entries through the PUSHPROMISE frame, which could lead to memo...

PT-2026-45786

Summary Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser, Mint.HTTP1.Parse.content length header/1...

ALSA-2026:22643 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component CVE-2026-8391 firefox: Sandbox escape in the Profile Backup component...

ALSA-2026:22551 Moderate: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase CVE-2025-53020 For more details about the security issues, including the impact, a CVSS score, acknowledgments, a...

PT-2026-45829

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.0 Description Using the CookieJar.load function with untrusted input may allow arbitrary code execution. This issue is unlikely to affect many applications as most use this function with the user's own data...

openSUSE 16 Security Update : libsoup (openSUSE-SU-2026:20845-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20845-1 advisory. This update for libsoup fixes the following issue - CVE-2026-4271: use-after-free in the HTTP/2 server when user signal handlers disconnect connections...

RockyLinux 8 : httpd:2.4 (RLSA-2026:22140)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:22140 advisory. httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase CVE-2025-53020 httpd: modproxyajp: heap-based buffer over-read and memory disclosure in...

PT-2026-45784

Summary Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling. In lib/mint/http1/request.ex, the encode request line/2 function splices the caller-supplied method and target arguments directly into the...

OPENSUSE-SU-2026:10938-1 perl-HTTP-Daemon-6.170.0-1.1 on GA media

These are all security issues fixed in the perl-HTTP-Daemon-6.170.0-1.1 package on the GA media of openSUSE Tumbleweed...

Apache httpd -- DoS exploit in HTTP/2

Calif security reports: Remote DoS in modhttp2...