RHEL 9 : libsoup (RHSA-2026:19356)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19356 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Information disclosure via cleartext...

webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins

Impact When webpack-dev-server is running on a non-HTTPS origin the default, cross-origin requests from malicious websites can load the dev server's JavaScript bundles via tags. The fix introduced in v5.2.1 CVE-2025-30359 relied on Sec-Fetch-Mode and Sec-Fetch-Site request headers to block these...

CVE-2026-3637

creationtimestamp| type| source ---|---|--- 2026-05-18 08:30:00+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mm4hj6o32x2p...

PT-2026-42156

Name of the Vulnerable Software and Affected Versions BIND 9 versions 9.20.0 through 9.20.22 BIND 9 versions 9.21.0 through 9.21.21 BIND 9 versions 9.20.9-S1 through 9.20.22-S1 Description A heap use-after-free issue exists within the DNS-over-HTTPS implementation. Use-after-free occurs when an...

@utcp/http: SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol

Summary The @utcp/http package is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registerManual validates the discovery URL against an HTTPS / loopback allowlist, but callTool reuses the resolved...

CVE-2026-44312

cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...

UBUNTU-CVE-2026-44312

cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...

CVE-2026-20224

creationtimestamp| type| source ---|---|--- 2026-05-14 16:24:10+00:00| seen| https://infosec.exchange/users/AAKL/statuses/116573854073506943 2026-05-15 16:02:46+00:00| seen| https://t.me/GithubRedTeam/84354 2026-05-15 21:00:05+00:00| published-proof-of-concept|...

CVE-2026-44312

cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...

CVE-2026-44312 css_parser allows to MITM included https css urls

cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...

CVE-2026-44312 css_parser allows to MITM included https css urls

cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...

WordPress WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin <= 7.8.5.10 - One Click SSL & Force HTTPS <= 7.8.5.10 - Missing Authorization to Authenticated (Subscriber+) SSL Setup Tampering vulnerability

One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin = 7.8.5.10 - One Click SSL & Force HTTPS = 7.8.5.10 - Missing Authorization to Authenticated Subscriber+ SSL Setup Tampering vulnerability discovered by Kitch - KitchGlobal in WordPress Plugin WP Encryption – One...

RLSA-2026:15968 Moderate: libsoup3 security update

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

CVE-2026-44774

creationtimestamp| type| source ---|---|--- 2026-05-11 15:10:49+00:00| published-proof-of-concept| https://github.com/traefik/traefik/security/advisories/GHSA-96qj-4jj5-wcjc 2026-05-12 23:15:01+00:00| seen| https://bsky.app/profile/dbt3.ch/post/3mlow66ezsf2e...

Unity Linux 20.1070e Security Update: maven (UTSA-2026-017745)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017745 advisory. Apache Maven will follow repositories that are defined in a dependencys Project Object Model pom which may be surprising to some users, resulting in potential risk i...

MiracleLinux 8 : libsoup-2.62.3-14.el8_10 (AXSA:2026-596:09)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-596:09 advisory. libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment CVE-2026-5119 Tenable has extracted the...

Linux Distros Unpatched Vulnerability : CVE-2021-26529

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mgtlsinit function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 compiled with mbedTLS support is vulnerable to remote OOB write attack via connection...

ALSA-2026:15968 Moderate: libsoup3 security update

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

MAL-2026-3646 Malicious code in erslove (npm)

erslove is a typosquatting package impersonating resolve, the module resolution library implementing require.resolve semantics. The package bundles the legitimate resolve source and test fixtures to appear functional while hiding a credential-theft payload in index1.js, executed at install time v...

GHSA-3G76-F9XQ-8VP6

creationtimestamp| type| source ---|---|--- 2026-05-09 05:10:28+00:00| seen| https://gist.github.com/alon710/125ca2c976df983809333bd3a8522eed...