Oracle Hospitality Applications security vulnerabilities

Oracle Hospitality Applications is a set of business applications, servers, and storage solutions for hotel management developed by Oracle Corporation in the United States. This product offers features such as human resources cost management and tracking of services provided throughout customers’...

MiracleLinux 9 : httpd-2.4.57-5.el9 (AXSA:2023-6899:07)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6899:07 advisory. httpd: modproxyuwsgi HTTP response splitting CVE-2023-27522 CVE-2023-27522 HTTP Response Smuggling vulnerability in Apache HTTP Server via modproxyuwsgi. Thi...

CVE-2026-23845

Mailpit is an email testing tool and API for developers. Versions prior to 1.28.3 are vulnerable to Server-Side Request Forgery SSRF via HTML Check CSS Download. The HTML Check feature /api/v1/message/ID/html-check is designed to analyze HTML emails for compatibility. During this process, the...

CVE-2025-68616 WeasyPrint Vulnerable to Server-Side Request Forgery (SSRF) Protection Bypass via HTTP Redirect

WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery SSRF protection bypass exists in WeasyPrint's defaulturlfetcher. The vulnerability allows attackers to access internal network resources such as localhost services or cloud metadata...

PT-2026-3508

Name of the Vulnerable Software and Affected Versions Swift W3C TraceContext versions prior to 1.0.0-beta.5 Swift OTel versions prior to 1.0.4 Description A flaw exists in Swift W3C TraceContext and Swift OTel due to insufficient input validation. This can lead to a denial-of-service condition,...

The Nu Html Checker security vulnerability

The Nu Html Checker is an open-source tool developed by The Nu Html Checker vnu that verifies whether HTML documents comply with modern web standards. The Nu Html Checker has a security vulnerability, which stems from a limitation that can be bypassed. This vulnerability could allow remote...

EUVD-2026-2737

H3 is a minimal HTTP framework built for high performance and portability. Prior to 1.15.5, there is a critical HTTP Request Smuggling vulnerability. readRawBody is doing a strict case-sensitive check for the Transfer-Encoding header. It explicitly looks for "chunked", but per the RFC, this heade...

CVE-2026-23527

H3 is a minimal HTTP framework built for high performance and portability. Prior to 1.15.5, there is a critical HTTP Request Smuggling vulnerability. readRawBody is doing a strict case-sensitive check for the Transfer-Encoding header. It explicitly looks for "chunked", but per the RFC, this heade...

MadeForNet HTTP Debugger Pro code issues and vulnerabilities

MadeForNet HTTP Debugger Pro is an HTTP/HTTPS protocol packet capture and analysis tool developed by the American company MadeForNet. Version 9.11 of MadeForNet HTTP Debugger Pro contains a code vulnerability. This vulnerability stems from binary paths in service configurations that lack quotatio...

PT-2026-3098

Name of the Vulnerable Software and Affected Versions H3 versions prior to 1.15.5 Description H3 is a minimal HTTP framework designed for high performance and portability. A critical HTTP Request Smuggling issue exists due to a case-sensitive check for the 'Transfer-Encoding' header within the...

DEBIAN-CVE-2026-0960

HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service...

UBUNTU-CVE-2026-0960

HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service...

CVE-2026-22779

BlackSheep is an asynchronous web framework to build event based web applications with Python. Prior to 2.4.6, the HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests e.g. insert a new...

CVE-2025-14379

The CVE-2025-14379 entry concerns the WordPress plugin Testimonials Creator (version 1.6). Affected component: the plugin’s admin/settings handling where insufficient input sanitization and output escaping enables a Stored Cross-Site Scripting (XSS) vulnerability. Attack scenario: authenticated a...

PT-2026-2826

The Kunze Law plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's shortcode in all versions up to, and including, 2.1 due to the plugin fetching HTML content from a remote server and injecting it into pages without any sanitization or escaping. This makes it possible fo...

CVE-2025-29329

Buffer Overflow in the ippprint Internet Printing Protocol service in Sagemcom F@st 3686 MAGYAR4.121.0 allows remote attacker to execute arbitrary code by sending a crafted HTTP request...

Astra Linux - уязвимость в php8.2

In PHP versions:8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1, the getimagesize function may leak uninitialized heap memory into the APPn segments e.g., APP1 when reading images in multi-chunk mode such as via php://filter. This occurs due to a...

Astra Linux – Vulnerability in Chromium

Before version 141.0.7390.54, reading media content in Google Chrome allowed a remote attacker to potentially perform out-of-bounds memory access through a crafted HTML page. Chromium security severity: Medium...

Quill 注入漏洞

Quill is a Quill open source application. It provides application editor functionality. Quill 2.0.3 version of the injection vulnerability , the vulnerability stems from the HTML export function lack of data validation , which may lead to cross-site scripting attacks...

CVE-2025-29329

Buffer Overflow in the ippprint Internet Printing Protocol service in Sagemcom F@st 3686 MAGYAR4.121.0 allows remote attacker to execute arbitrary code by sending a crafted HTTP request...