UBUNTU-CVE-2026-6873

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.http.HttpRequest.getsignedcookie in Django uses a non-injective salt derivation concatenating the cookie name and salt argument, which allows a remote attacker to use a cookie in a context different from the one wher...

CLSA-2026-1776173582 squid: Fix of 3 CVEs

CVE-2026-32748: ICP: fix HttpRequest lifetime for ICP v3 queries - CVE-2026-33515: ICP: fix validation of packet sizes and URLs - CVE-2026-33526: do not escape malformed URI twice when sending ICP errors...

CLSA-2026-1775062580 squid34: Fix of 2 CVEs

CVE-2026-33526: fix heap Use-After-Free in ICP traffic handling causing DoS - CVE-2026-32748: fix HttpRequest lifetime in ICP v3 queries preventing Use-After-Free DoS...

Allocation of Resources Without Limits or Throttling

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the ASGI requests with a missing or understated Content-Length header whe...

CLSA-2026-1775210281 squid: Fix of CVE-2026-32748

CVE-2026-32748: fix HttpRequest lifetime for ICP v3 queries...

CLSA-2026-1774874340 squid: Fix of 3 CVEs

CVE-2026-33526: fix heap use-after-free due to double rfc1738escape in ICP error handling - CVE-2026-33515: fix validation of ICP packet sizes and URLs to prevent out-of-bounds reads - CVE-2026-32748: fix HttpRequest use-after-free in ICP v3 query handling...

EUVD-2012-0006

Malware in sbrugna...

EUVD-2022-1118

Malicious code in bioql PyPI...

The vulnerability of the server of the Zabbix universal monitoring system allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Zabbix universal monitoring system relates to the use of uncontrolled format strings in processing HttpRequest objects. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

AZL-60383 CVE-2025-32906 affecting package libsoup for versions less than 3.0.4-3

A flaw was found in libsoup, where the soupheadersparserequest function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server...

SUSE CVE-2024-42330

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that...

CVE-2024-42330

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that...

CVE-2024-42330

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that...

DEBIAN-CVE-2024-42330

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that...

CVE-2024-42330

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that...

UBUNTU-CVE-2024-42330

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that...

CVE-2024-42330

CVE-2024-42330 affects Zabbix: the HttpRequest object exposes HTTP header strings constructed directly from server data without proper JavaScript encoding, enabling creation of internal strings that can access hidden object properties. Documents reference Zabbix-related advisories and Debian LTS ...

CVE-2024-42330 JS - Internal strings in HTTP headers

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that...

CVE-2024-42330 JS - Internal strings in HTTP headers

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that...

CVE-2024-42330

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that...