firefox: thunderbird: Mitigation bypass in the Networking: HTTP component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the Networking: HTTP component...

SUSE-SU-2026:1163-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 140.9 MFSA 2026-24, bsc1260083: - CVE-2026-3889: Spoofing issue in Thunderbird - CVE-2026-4371: Out of bounds read in IMAP parsing - CVE-2026-4684: Race condition, use-after-free in the Graphics: WebRende...

CLSA-2026-1775033286 Fix CVE(s): CVE-2026-21925, CVE-2026-21932, CVE-2026-21933, CVE-2026-21945

OpenJDK 11.0.30 release, build 7. - CVE-2026-21925: Improve JMX connections - CVE-2026-21932: Enhance handling of URIs AWT/JavaFX - CVE-2026-21933: Improve HttpServer request handling - CVE-2026-21945: Enhance certificate checking - Release notes:...

CVE-2026-34441

A flaw was found in cpp-httplib, a C++11 HTTP/HTTPS library. This vulnerability, known as HTTP Request Smuggling, allows a remote attacker to embed an arbitrary HTTP request within the body of a GET request. The server's static file handler fails to consume the entire request body, leaving unread...

[SECURITY] Fedora 43 Update: cpp-httplib-0.38.0-1.fc43

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include the httplib.h file in your code!...

PT-2026-29547

There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on components through specially crafted HTTP requests...

IBM Verify Identity Access Container和IBM Verify Identity Access 环境问题漏洞

IBM Verify Identity Access Container and IBM Verify Identity Access are products of IBM Corporation. IBM Verify Identity Access Container is a containerized software that provides authentication and authorization functions for applications. IBM Verify Identity Access is an enterprise-level securi...

CVE-2024-40489

There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on components through specially crafted HTTP requests...

JeecgBoot 安全漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. Versions of JeecgBoot from 3.0.0 to 3.5.3 have security vulnerabilities. These vulnerabilities stem from lax character filtering, which could allow attackers to execute arbitrary code o...

PT-2026-29619

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive...

PT-2026-29603

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4 Description AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. An attacker controlling the content type parameter in aiohttp could inject extra headers or similar exploits. If an...

PT-2026-29602

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4 Description AIOHTTP, an asynchronous HTTP client/server framework, is susceptible to excessive memory usage due to an unbounded DNS cache. This can potentially lead to a Denial of Service DoS situation if an...

PT-2026-29610

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4 Description Multiple Host headers were permitted in AIOHTTP, potentially allowing a reverse proxy's security rules to be bypassed. This could lead to a request being processed by AIOHTTP in a privileged sub...

Amazon Linux 2023 : python3.13-tornado (ALAS2023-2026-1528)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1528 advisory. Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for head...

Amazon Linux 2023 : nodejs22, nodejs22-devel, nodejs22-full-i18n (ALAS2023-2026-1525)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1525 advisory. Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 request...

SUSE CVE-2026-4789

Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions...

SUSE CVE-2026-24030

An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in a denial of service. In setups with a large quantity of memory available this usually results in an exception and the QUIC connection is properly...

CVE-2026-32696

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.httpauth HTTP authentication, when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the placeholders %u / %P...

DEBIAN-CVE-2026-34441

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread...

Security update for python-tornado

This update for python-tornado fixes the following issues: CVE-2025-67724: missing validation of the supplied reason phrase bsc1254903. CVE-2025-67725: Denial of Service DoS via maliciously crafted HTTP request caused by the HTTPHeaders.add method bsc1254905. CVE-2026-31958: parsing large multipa...