103222 matches found
OESA-2026-1545 wireshark security update
Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless WiFi or Bluetooth networks, USB devices, and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols. Security Fixes: Wireshark ...
PT-2026-25545
A vulnerability was detected in TRENDnet TEW-632BRP 1.010B32. This affects an unknown part of the file /ping response.cgi of the component HTTP POST Request Handler. The manipulation of the argument ping ipaddr results in stack-based buffer overflow. The attack may be performed from remote. The...
Linux Distros Unpatched Vulnerability : CVE-2026-23941
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This...
openSUSE 16 Security Update : libsoup2 (openSUSE-SU-2026:20354-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20354-1 advisory. - CVE-2025-4476: null pointer dereference may lead to denial of service bsc1243422. - CVE-2025-14523: Duplicate Host Header Handling Causes...
openSUSE 16 Security Update : tomcat (openSUSE-SU-2026:20350-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20350-1 advisory. Update to Tomcat 9.0.115: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. - CVE-2026-24733:...
CLSA-2026-1773506968 java-1.8.0-openjdk: Fix of 5 CVEs
Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u482-b08. That fixes following CVEs: - CVE-2025-53057: Security: enforce proper access control in certificate handling to prevent data tampering - CVE-2025-53066: JAXP: restrict data access in Path Factory processing to prevent information...
java-1.8.0-openjdk: Fix of 5 CVEs
Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u482-b08. That fixes following CVEs: - CVE-2025-53057: Security: enforce proper access control in certificate handling to prevent data tampering - CVE-2025-53066: JAXP: restrict data access in Path Factory processing to prevent information...
CLSA-2026-1773506438 java-1.8.0-openjdk: Fix of 5 CVEs
Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u482-b08. That fixes following CVEs: - CVE-2025-53057: Security: enforce proper access control in certificate handling to prevent data tampering - CVE-2025-53066: JAXP: restrict data access in Path Factory processing to prevent information...
MGASA-2026-0056 Updated tomcat packages fix security vulnerabilities
Client certificate verification bypass due to virtual host mapping. CVE-2025-66614 Security constraint bypass with HTTP/0.9. CVE-2026-24733 OCSP revocation bypass. CVE-2026-24734...
Updated tomcat packages fix security vulnerabilities
Client certificate verification bypass due to virtual host mapping. CVE-2025-66614 Security constraint bypass with HTTP/0.9. CVE-2026-24733 OCSP revocation bypass. CVE-2026-24734...
SUSE CVE-2026-32240
Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, when using Transfer-Encoding: chunked, if a chunk's size parsed to a value of 2^64 or larger, it would be truncated to a 64-bit integer. In theory, this bug could enable HTTP request/response smuggling. This...
SUSE SLED15 / SLES15 Security Update : dnsdist (SUSE-SU-2026:0888-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0888-1 advisory. Update to dnsdist 1.9.11: - CVE-2025-8671: Add mitigations for the HTTP/2 MadeYouReset attack bsc1253852. -...
EUVD-2026-11713
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 allows unauthenticated attackers to cause a Denial of Service by using a specially crafted HTTP request that leads to a reboot of the device, provided they hav...
EUVD-2025-208653
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques...
CVE-2026-2491
CVE-2026-2491 : Socomec DIRIS A-40 HTTP API Authentication Bypass. The web API (default port 80) lacks authentication, enabling network-adjacent attackers to bypass auth and access functionality on affected DIRIS A-40 power monitoring devices. Root cause is missing authentication prior to exposin...
CVE-2026-2491 Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability
Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Socomec DIRIS A-40 power monitoring devices. Authentication is not required to exploit this vulnerability. The specific flaw...
EUVD-2026-11701
Undici has CRLF Injection in undici via upgrade option...
CVE-2026-31882
Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, when Dagu is configured with HTTP Basic authentication DAGUAUTHMODE=basic, all Server-Sent Events SSE endpoints are accessible without any credentials. This allows unauthenticated attackers to access real-time DAG...
DEBIAN-CVE-2026-23941
Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/7. The...
CVE-2026-22209
thingino-firmware up to commit e3f6a41 published on 2026-03-15 contains an unauthenticated os command injection vulnerability in the WiFi captive portal CGI script that allows remote attackers to execute arbitrary commands as root by injecting malicious code through unsanitized HTTP parameter...