Debian dla-4620 : apache2 - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4620 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4620-1 [email protected] https://www.debian.org/lts/security/...

PT-2026-47178

A vulnerability was identified in Chanjet CRM 1.0. This affects an unknown part of the file /tools/jxf dump systable.php of the component HTTP GET Request Handler. Such manipulation of the argument gblOrgID leads to sql injection. The attack may be launched remotely. The exploit is publicly...

Exploit for CVE-2019-5513

VMware Horizon /broker/xml Vulnerability Scanner !Security...

mrbios (=0.1.0) potentially affected by unknown CVE via executor-http (=0.1.2)

executor-http PYPI version =0.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on executor-http and may be impacted: - mrbios =0.1.0 Source cves: unknown CVE Source advisory: SNYK:PYTHON-EXECUTORHTTP-17220138...

bioimageio-engine (>=0.1.0 <=0.1.3), executor-http (>=0.1.0 <=0.1.2) +8 more potentially affected by unknown CVE via executor-engine (=0.3.3)

executor-engine PYPI version =0.3.3 is affected by a known vulnerability. The following packages have a transitive dependency on executor-engine and may be impacted: - bioimageio-engine =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.3.0, =0.1.1, =0.5.0, =0.1.1, =0.1.2 Source cves: unknown CVE Source...

CVE-2026-50233

Lyrion Music Server 9.2.0 contains an arbitrary directory listing vulnerability in its readdirectory query, exposed through both the CLI service TCP port 9090 and the HTTP JSON-RPC endpoint /jsonrpc.js. The query accepts a folder parameter and lists its contents with no restriction to the...

Exploit for CVE-2026-42926

CVE-2026-42926 NGINX HTTP/2 Frame Injection Lab A controlled...

CVE-2026-11435 Jinher OA nextselectplan.aspx sql injection

A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor...

[SECURITY] [DSA 6323-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6323-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 06, 2026 https://www.debian.org/security/faq -...

CVE-2026-11346

A Server-Side Request Forgery SSRF vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send arbitrary HTTP...

RUSTSEC-2026-0181 DoS vulnerability in HTTP/1.x chunked encoding parser triggered by maliciously crafted chunk lengths

When using the affected versions of the vibeio-http crate, an attacker could craft a malicious HTTP/1.x request with a large chunk length between usize::MAX - 1 and usize::MAX inclusive and send it, causing the server to crash integer overflow panic in debug builds, splitto out of bounds panic in...

DoS vulnerability in HTTP/1.x chunked encoding parser triggered by maliciously crafted chunk lengths

When using the affected versions of the vibeio-http crate, an attacker could craft a malicious HTTP/1.x request with a large chunk length between usize::MAX - 1 and usize::MAX inclusive and send it, causing the server to crash integer overflow panic in debug builds, splitto out of bounds panic in...

CVE-2026-10725

Protocol::HTTP2 versions through 1.12 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large server memory the "HTTP/2 bomb". The headersdecode method materialises a full key+value copy per index...

CVE-2026-10725

Protocol::HTTP2 for Perl (versions up to 1.12) is vulnerable to an HTTP/2 Bomb. The inbound HPACK path lacks a header-list size limit; headers_decode materialises a full key+value copy per indexed reference with no running size check, and stream_header_block_add appends every CONTINUATION frame u...

BIT-DJANGO-2026-6873 Signed cookie salt namespace collision in django.http.HttpRequest.get_signed_cookie

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.http.HttpRequest.getsignedcookie in Django uses a non-injective salt derivation concatenating the cookie name and salt argument, which allows a remote attacker to use a cookie in a context different from the one wher...

CVE-2026-8450

A flaw was found in HTTP::Daemon, a Perl module used for creating HTTP servers. A remote attacker can exploit this vulnerability by providing specially crafted input to the sendfile function, leading to OS command injection. This allows the attacker to execute arbitrary commands on the system wit...

Malicious code in executor-http (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cde4da7201fbc0dd3ae09240232f5767c2893e33977d6c8ee9071d15e79f0363 The package ships executorhttp-setup.pth, which Python auto-loads at interpreter start for any environment where the package is installed. The.pth fi...

perl-HTTP-Daemon-6.170.0-1.1 on GA media (moderate)

perl-HTTP-Daemon-6.170.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10938-1 Rating: moderate Cross-References: CVE-2026-8450 CVSS scores: CVE-2026-8450 SUSE : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can...

RHEL 10 : mod_http2 (RHSA-2026:22528)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:22528 advisory. The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: Apache HTTP...

Slackware Linux 15.0 / current httpd Vulnerability (SSA:2026-154-01)

The version of httpd installed on the remote host is prior to 2.4.67. It is, therefore, affected by a vulnerability as referenced in the SSA:2026-154-01 advisory. New httpd packages are available for Slackware 15.0 and -current to fix a security issue. Tenable has extracted the preceding...