Astra Linux - уязвимость в apache2

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance...

Astra Linux - уязвимость в chromium

The use of “after free” in Navigation in Google Chrome before version 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

A out-of-bounds read in media in Google Chrome prior to 145.0.7632.116 allowed a remote attacker to perform an out-of-bounds memory read through a crafted HTML page. Chromium security severity: High...

EUVD-2026-26806

Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

CVE-2026-42404 Apache Neethi: Unrestricted HTTP Redirect Following in Policy References

Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API. When an application explicitly calls the API to retrieve a policy from a remote URI, an outbound request is made for arbitrary protocols and internal IP...

EUVD-2026-26491

Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API. When an application explicitly calls the API to retrieve a policy from a remote URI, an outbound request is made for arbitrary protocols and internal IP...

PT-2026-36313

Name of the Vulnerable Software and Affected Versions Apache Neethi versions prior to 3.2.2 Description The PolicyReference API does not impose restrictions on URIs when manually fetching remote policy references. This allows an application that explicitly calls the API to make outbound requests...

Bandit 安全漏洞

Bandit is a high-performance HTTP and WebSocket server from the individual developer Mat Trudel. A security vulnerability exists in Bandit version 0.3.6 through versions prior to 1.11.0, which stems from HTTP/2 frame deserialization that buffers the entire body of a frame before checking the size...

firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the DOM: Core & HTML component...

UBUNTU-CVE-2026-6868

HTTP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

CVE-2026-6868

CVE-2026-6868 affects Wireshark 4.6.0–4.6.4 and 4.4.0–4.4.14, where the HTTP protocol dissector crashes when processing crafted HTTP data, leading to a denial of service. The Red Hat note frames this as a local user opening a specially crafted capture file that crashes Wireshark; SUSE and other s...

EUVD-2026-26309

HTTP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

PT-2026-36040

Name of the Vulnerable Software and Affected Versions Wireshark versions 4.6.0 through 4.6.4 Wireshark versions 4.4.0 through 4.4.14 Description A crash in the HTTP protocol dissector allows for a denial of service. This occurs when the software processes malformed traffic, which can lead to the...

Wireshark 安全漏洞

Wireshark is a set of network packet analysis tools developed by the Wireshark team. The software’s function is to capture network packets and display detailed data for analysis. Versions of Wireshark from 4.6.0 to 4.6.4, as well as 4.4.0 to 4.4.14, have security vulnerabilities. These...

CVE-2026-40560

Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

CVE-2026-7360

Insufficient validation of untrusted input. in Compositing in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

CVE-2026-7353

Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

DEBIAN-CVE-2026-7346

Inappropriate implementation in Tint in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

DEBIAN-CVE-2026-7354

Out of bounds read and write in Angle in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...