PT-2026-47594

It was discovered that nginx incorrectly handled certain cookie headers in the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nginx to consume excessive resources, resulting in a denial of service...

CVE-2026-36786

Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the list1 parameter of the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

PT-2026-47563

Summary The default configuration of the Http3ConnectionHandler in the Netty HTTP/3 codec lacks an enforced maximum header size limit. When a peer does not explicitly specify HTTP3 SETTINGS MAX FIELD SECTION SIZE, the implementation defaults to an unbounded limit. This insecure default...

HTTP Request Smuggling

Overview org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform. Affected versions of this package are vulnerable to HTTP Request Smuggling via multipart reque...

Important: ecs-init

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

Important: ecs-init

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

Important: amazon-ssm-agent

Issue Overview: When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0. CVE-2026-33814 Affected Packages: amazon-ssm-agent Issue Correction: Run dnf update amazon-ssm-agent --releasever...

Exploiting Logic Asymmetry in Modern Web Application Firewalls

This research whitepaper demonstrates that even the most modern WAFs remain vulnerable to attacks exploiting logic asymmetry in HTTP protocol processing. Real-world testing on a Weaver Ecology OA system achieved a 100% bypass rate 40/40 test cases, confirming the critical severity of this...

PT-2026-47317

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.0 through 2.4.67 Description A heap-based buffer overflow occurs when interacting with malicious backend servers using ProxyPassReverseCookie. A heap-based buffer overflow is a memory corruption issue where data...

TencentOS Server 4: httpd (TSSA-2026:0309)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0309 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Apache 2.4.x < 2.4.68 Multiple Vulnerabilities

The version of Apache httpd installed on the remote host is prior to 2.4.68. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.68 advisory. - CVE-2026-49975, also known as HTTP/2 Bomb, is a remote denial-of-service exploit against most major web servers, including:...

Amazon Linux 2023 : tomcat10, tomcat10-admin-webapps, tomcat10-el-5.0-api (ALAS2023-2026-1776)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1776 advisory. Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from...

Amazon Linux 2023 : ecs-init (ALAS2023-2026-1771)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1771 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport...

Important: perl-HTTP-Daemon

Issue Overview: HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, ' path' and ' path' open the path for write or...

PT-2026-47300

Name of the Vulnerable Software and Affected Versions gun versions 2.0.0 through 2.3.x Description An issue in the gun http module allows a malicious HTTP server to force a client into raw protocol mode by sending an unsolicited 101 Switching Protocols response. In the handle inform/8 function, t...

Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3340 (ALAS-2026-3340)

The version of thunderbird installed on the remote host is prior to 140.11.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3340 advisory. Three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming th...

MiracleLinux 8 : httpd:2.4 (AXSA:2026-762:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-762:01 advisory. httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase CVE-2025-53020 httpd: modproxyajp: heap-based buffer over-read and memory disclosure in...

Amazon Linux 2 : perl-HTTP-Tiny, --advisory ALAS2-2026-3326 (ALAS-2026-3326)

The version of perl-HTTP-Tiny installed on the remote host is prior to 0.033-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3326 advisory. HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The...

Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2026-061 (ALASFIREFOX-2026-061)

The version of firefox installed on the remote host is prior to 140.11.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2026-061 advisory. Three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming...

Important: firefox

Issue Overview: Three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing attacker-controlled bytes inside an ignored ancillary chunk to be reinterpreted as a fresh chunk header on the next call to...