103219 matches found
OESA-2026-1651 tomcat security update
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Improper Input Validation...
OESA-2026-1637 cpp-httplib security update
A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.1, when a cpp-httplib client uses the...
NeteaseCloudMusicRustApi (=0.1.1), RustMusic (=0.1.0) +487 more potentially affected by unknown CVE via tokio-signal (>=0.1.5 <=0.3.0-alpha.1)
tokio-signal CARGO version =0.1.5, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.3.0, =0.1.0, =0.1.0, =0.1.0, =0.2.5 - actix-identity =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0065...
SUSE-SU-2026:20768-1 Security update for python311
This update for python311 fixes the following issues: Updated to Python 3.11.15: - CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. - CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. - CVE-2025-12084: quadratic complexity in xml.minidom node ID cache...
SUSE-SU-2026:20760-1 Security update for curl
This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect and netrc bsc1259363. - CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. - CVE-2026-3805: use after free in SMB...
CVE-2026-33039
WWBN AVideo is an open source video platform. In versions 25.0 and below, the plugin/LiveLinks/proxy.php endpoint validates user-supplied URLs against internal/private networks using isSSRFSafeURL, but only checks the initial URL. When the initial URL responds with an HTTP redirect Location heade...
CVE-2026-21992
Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware component: REST WebServices and Oracle Web Services Manager product of Oracle Fusion Middleware component: Web Services Security. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable...
Use of Cache Containing Sensitive Information
Overview org.springframework.security:spring-security-web is a package within Spring Security that provides security services for the Spring IO Platform. Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information in the process of writing HTTP response heade...
Spring Security HTTP Headers Are not Written Under Some Conditions
When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. This issue affects Spring Security: from 5.7.0 through 5.7.21, from 5.8.0 through 5.8.23, from 6.3.0 through 6.3.14, from 6.4.0...
GHSA-MF92-479X-3373 Spring Security HTTP Headers Are not Written Under Some Conditions
When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. This issue affects Spring Security: from 5.7.0 through 5.7.21, from 5.8.0 through 5.8.23, from 6.3.0 through 6.3.14, from 6.4.0...
[SECURITY] Fedora 44 Update: cpp-httplib-0.37.1-2.fc44
A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include the httplib.h file in your code!...
SUSE SLES15 / openSUSE 15 Security Update : tomcat (SUSE-SU-2026:0932-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0932-1 advisory. Update to Tomcat 9.0.115: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping...
gRPC-Go 授权问题漏洞
gRPC-Go is a high-performance, general-purpose RPC framework developed from the grpc project. Prior to version 1.79.3, there was an authorization vulnerability in gRPC-Go. This vulnerability stemmed from improper input validation of the :path pseudoheader in HTTP/2, which could lead to...
CVE-2026-22732
When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. This issue affects Spring Security Servlet applications using lazy default writing of HTTP Headers: : from 5.7.0 through 5.7.21, from...
CVE-2026-22732 Under Some Conditions Spring Security HTTP Headers Are not Written
When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. This issue affects Spring Security Servlet applications using lazy default writing of HTTP Headers: : from 5.7.0 through 5.7.21, from...
CVE-2026-32034 OpenClaw < 2026.2.21 - Insecure Control UI Authentication over Plaintext HTTP
OpenClaw versions prior to 2026.2.21 contain an authentication bypass vulnerability in the Control UI when allowInsecureAuth is explicitly enabled and the gateway is exposed over plaintext HTTP, allowing attackers to bypass device identity and pairing verification. An attacker with leaked or...
CVE-2026-32034
OpenClaw versions prior to 2026.2.21 contain an authentication bypass vulnerability in the Control UI when allowInsecureAuth is explicitly enabled and the gateway is exposed over plaintext HTTP, allowing attackers to bypass device identity and pairing verification. An attacker with leaked or...
EUVD-2026-13148
ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing...
Allocation of Resources Without Limits or Throttling
Overview Microsoft.AspNetCore.Server.Kestrel.Core is a core components of ASP.NET Core Kestrel cross-platform web server. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to an incorrect exit condition in the HTTP/3 Encoder/Decoder strea...
CVE-2026-25667
ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing...