Swift W3C TraceContext vulnerable to a malformed HTTP header causing a crash

Impact A denial-of-service vulnerability due to improper input validation allows a remote attacker to crash the service via a malformed HTTP header. Allows crashing the process with data coming from the network when used with, for example, an HTTP server. Most common way of using Swift W3C Trace...

EUVD-2026-3538

Vulnerability in the Oracle Life Sciences Central Designer product of Oracle Health Sciences Applications component: Platform. The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life...

EUVD-2026-3569

Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain component: User and User Group. The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of...

CVE-2026-21978

Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications component: Relationship Pricing. Supported versions that are affected are 14.0.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

CVE-2026-21966

Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications component: Opera. Supported versions that are affected are 5.6.19.23, 5.6.25.17, 5.6.26.10 and 5.6.27.4. Easily exploitable vulnerability allows unauthenticated attacker with network acces...

CVE-2026-0865

User-controlled header names and values containing newlines can allow injecting HTTP headers...

CVE-2025-59465

A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...

CVE-2025-59465

A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...

CVE-2026-1183 HTML injection in multiple Botble products

HTML injection vulnerability in multiple Botble products such as TransP, Athena, Martfury, and Homzen, consisting of an HTML injection due to a lack of proper validation of user input by sending a request to '/search' using the 'q' parameter...

CVE-2025-40679 HTML injection in Isshue from Bdtask

HTML Injection vulnerability in Isshue by Bdtask, consisting os an HTML injection due to a lack os proper validation of user input by sending a POST request to '/categoryproductsearch', affecting the 'productname' parameter...

CVE-2026-0899

Out of bounds memory access in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-0907

CVE-2026-0907 affects Google Chrome/Chromium Split View UI, allowing UI spoofing via a crafted HTML page before version 144.0.7559.59. Connected documents confirm related Chromium/CEF updates in the 144.0.7559.x series across Fedora and ChromeOS advisories, indicating a patched release beyond 144...

CVE-2026-0908

CVE-2026-0908: Use-after-free in ANGLE of Google Chrome prior to 144.0.7559.59 can enable heap‑corruption via a crafted HTML page. Affected: ANGLE in Chromium/Chrome up to version 144.0.7559.59. Mitigation: upgrade to Chrome/Chromium 144.0.7559.59 or newer (fixed in updated Chromium/Chrome builds...

CVE-2026-0906

Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Low...

CVE-2026-0907

Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

CVE-2026-0900

Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...

PT-2026-3670

Name of the Vulnerable Software and Affected Versions affected versions not specified Description User-controlled header names and values containing newlines can allow injecting HTTP headers. Recommendations At the moment, there is no information about a newer version that contains a fix for this...

PT-2026-3721

Vulnerability in the Oracle Life Sciences Central Designer product of Oracle Health Sciences Applications component: Platform. The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life...

Oracle Hospitality Applications security vulnerabilities

Oracle Hospitality Applications is a set of business applications, servers, and storage solutions for hotel management developed by Oracle Corporation in the United States. This product offers features such as human resources cost management and tracking of services provided throughout customers’...

MiracleLinux 9 : httpd-2.4.57-5.el9 (AXSA:2023-6899:07)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6899:07 advisory. httpd: modproxyuwsgi HTTP response splitting CVE-2023-27522 CVE-2023-27522 HTTP Response Smuggling vulnerability in Apache HTTP Server via modproxyuwsgi. Thi...