netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability

A flaw was found in Netty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts...

undertow: Undertow MadeYouReset HTTP/2 DDoS Vulnerability

A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts...

Blending Chat with Rich UIs with Spring AI and MCP Apps

The way humans typically interact with AI is via a chat-style interface such as ChatGPT or Claude Desktop. In fact, the ability to converse with an AI in natural language is perhaps one of the most amazing things about this technology. It lets humans talk to computers in human terms, rather than...

CVE-2026-4359 Heap-buffer-over-read in _mongoc_http_send via strstr on non-null-terminated buffer

A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications using the MongoDB C driver...

EUVD-2026-12568

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...

CVE-2026-4271 Libsoup: libsoup: denial of service via use-after-free in http/2 server

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...

PT-2026-33135

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.101 Description A use after free issue exists in the Proxy component. This occurs when a program continues to use a pointer after it has been freed, which can lead to memory corruption. A remote...

HCL Unica Platform 安全漏洞

HCL Unica Platform is an advanced enterprise automation marketing platform developed by the Indian company HCL. It allows for the handling of daily marketing tasks without human intervention, while also capturing the most effective potential customers. There is a security vulnerability in HCL Uni...

CVE-2026-32627

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-httplib client is configured with a proxy and setfollowlocationtrue, any HTTPS redirect it follows will have TLS certificate and hostname verification silently disabled on the new...

Lean 4 VS Code Extension 安全漏洞

Lean 4 VS Code Extension is an open-source extension for VS Code. Versions of Lean 4 VS Code Extension 0.1.9 and earlier contain security vulnerabilities. These vulnerabilities stem from the @leanprover/unicode-input-component component reinserting text from input elements as unescaped HTML, whic...

LeafKit's HTML escaping may be skipped for Collection values, enabling XSS

LeafKit HTML-escaping is not working correctly when a template prints a collection Array / Dictionary via value. This can result in XSS, allowing potentially untrusted input to be rendered unescaped...

OESA-2026-1548 wireshark security update

Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless WiFi or Bluetooth networks, USB devices, and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols. Security Fixes: Wireshark ...

SUSE CVE-2026-3909

Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

CVE-2026-23941

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/7. The...

EEF-CVE-2026-23941 Request smuggling via first-wins Content-Length parsing in inets httpd

Summary Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/...

Erlang/OTP 安全漏洞

Erlang/OTP is an open-source library written in JavaScript that handles exceptional situations. This library can catch exceptions caused by the built-in APIs of node.js. Versions 17.0 to 28.4.1, 27.3.4.9, and 26.2.5.18 of Erlang/OTP contain security vulnerabilities. These vulnerabilities stem fro...

Google Chrome 代码注入漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 146.0.7680.75 contained a code injection vulnerability, which was caused by improper implementation of the V8 engine. This vulnerability could allow remote attackers to execute arbitrary code within a sandb...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 146.0.7680.75 contained a buffer overflow vulnerability. This vulnerability stemmed from out-of-bounds writes in Skia, which could allow remote attackers to execute out-of-bounds memory access via a special...

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the KJ-HTTP process. An attacker can cause the system to interpret a negative Content-Length value as an extremely large unsigned value by sending specially crafted HTTP requests or responses, potentially...

GO-2026-4684 Traefik: HTTP/2 frames can cause a running server to panic in github.com/traefik/traefik

Traefik: HTTP/2 frames can cause a running server to panic in github.com/traefik/traefik...