CVE-2026-6734

Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination. This caus...

CVE-2026-6734 undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse

Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination. This caus...

CVE-2026-6734

Summary of CVE-2026-6734 : A vulnerability in undici’s Socks5ProxyAgent causes cross-origin request routing by reusing a single connection pool across multiple origins without verifying the pool origin. As a result, requests for origin B can be dispatched through the pool for origin A; credential...

kernel: libceph: make decode_pool() more resilient against corrupted osdmaps

In the Linux kernel, the following vulnerability has been resolved: libceph: make decodepool more resilient against corrupted osdmaps If the osdmap is maliciously corrupted such that the encoded length of cephpgpool envelope is less than what is expected for a particular encoding version,...

kernel: libceph: make decode_pool() more resilient against corrupted osdmaps

In the Linux kernel, the following vulnerability has been resolved: libceph: make decodepool more resilient against corrupted osdmaps If the osdmap is maliciously corrupted such that the encoded length of cephpgpool envelope is less than what is expected for a particular encoding version,...

PT-2026-50513

Name of the Vulnerable Software and Affected Versions undici versions 7.23.0 through 8.1.0 Description When using Socks5ProxyAgent, the software reuses a single connection pool across different origins without verifying if the pool's origin matches the requested origin. This leads to cross-origin...

CVE-2026-44890

A flaw was found in netty-codec-redis. A remote attacker can exploit this vulnerability by sending specially crafted Redis payloads across multiple connections without proper termination. This can exhaust the server's direct memory pool, leading to a Denial of Service DoS condition where legitima...

SUSE CVE-2026-44890

Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending crafted Redis payloads across multiple connections without \r\n. This exhausts the server's direct...

CVE-2026-48006 Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the RedisArrayAggregator handler permanently leaks pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array aggregate...

EUVD-2026-36492

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the RedisArrayAggregator handler permanently leaks pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array aggregate...

CVE-2026-48006 Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the RedisArrayAggregator handler permanently leaks pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array aggregate...

CVE-2026-47170

Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. This allows internal port...

CVE-2026-47170 Garlic-Hub: SSRF vulnerability in uploadFromUrl endpoint

Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. This allows internal port...

EUVD-2026-36288

Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. This allows internal port...

CVE-2026-47170

Garlic-Hub is affected by a CVE-2026-47170 SSRF in the uploadFromUrl endpoint. Prior to version 1.1 , authenticated users could cause the server to issue arbitrary HTTP requests to internal services, enabling internal port scanning, service fingerprinting, and retrieval of internal HTTP responses...

Missing Release of Memory after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime due to improper cleanup of pooled direct-memory buffers in the RedisArrayAggregator function. An attacker can exhaust the JVM-wide direct-memory pool by repeatedly opening and closing...

GHSA-6JV9-X5W9-2CCM Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator

Impact The RedisArrayAggregator handler permanently leaks pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array aggregate completes. The handler retains child messages in per-handler state depths field but defines no channelInactive, handlerRemoved, or...

Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator

Impact The RedisArrayAggregator handler permanently leaks pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array aggregate completes. The handler retains child messages in per-handler state depths field but defines no channelInactive, handlerRemoved, or...

kernel: libceph: make decode_pool() more resilient against corrupted osdmaps

In the Linux kernel, the following vulnerability has been resolved: libceph: make decodepool more resilient against corrupted osdmaps If the osdmap is maliciously corrupted such that the encoded length of cephpgpool envelope is less than what is expected for a particular encoding version,...

Malicious code in web-pool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2b1d78cd3ff0c5eeead299eb670d299590b48a453c9416ae2a692bc4173737c Requiring web-pool triggers middleware to spawn a detached node lib/initializeCaller.js. That script base64-decodes a hardcoded endpoint...