CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

PT-2026-43476

Name of the Vulnerable Software and Affected Versions OpenStack Swift versions 2.36.0 through 2.36.1 OpenStack Swift versions 2.37.0 through 2.37.1 Description The s3api middleware contains a flaw where the StreamingInput class enters an infinite loop when processing a truncated aws-chunked PUT...

CVE-2026-42578

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's HttpProxyHandler constructs HTTP CONNECT requests with header validation explicitly disabled. The newInitialMessage method creates headers using...

com.oviva.telematik:epa4all-client (>=1.0.0 <=1.2.0), com.oviva.telematik:epa4all-rest-service (>=1.0.0 <=1.2.0) +2 more potentially affected by CVE-2026-44900 via com.oviva.telematik:vau-httpclient (>=1.0.0 <=1.2.0)

com.oviva.telematik:vau-httpclient MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.2.0 Source cves: CVE-2026-44900 Source advisory: SNYK:JAVA-COMOVIVATELEMATIK-17157661...

CVE-2026-42271

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration i...

CVE-2026-42208 LiteLLM: SQL injection in Proxy API key verification

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.81.16 to before version 1.83.7, a database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An...

CVE-2026-42203

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.80.5 to before version 1.83.7, the POST /prompts/test endpoint accepted user-supplied prompt templates and rendered them without sandboxing. A crafted template could run arbitrary code inside the...

libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

GHSA-7XP7-M392-H92C @evomap/evolver has an unbounded request body in proxy /asset/submit that causes persistent disk-exhaustion DoS

Summary The EvoMap proxy daemon's HTTP body parser accepts requests of any size, and the POST /asset/submit route persists the full request body — verbatim and uncapped — as a JSONL line in /messages.jsonl. An unauthenticated local attacker other local user, container neighbor, or malicious npm...

UBUNTU-CVE-2026-34032

Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

CVE-2026-37504

Sensitive servertoken exposed via GET parameter in V2Board thru 1.7.4. In app/Http/Controllers/Server/UniProxyController.php, the server authentication token is accepted via GET parameter transmission. The token appears in URLs such as /api/v1/server/UniProxy/user?token=SECRET, causing it to be...

RHEL 9 : squid (RHSA-2026:10256)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:10256 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects. Security Fixes: squid: Squid: Deni...

RHEL 9 : squid (RHSA-2026:10257)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:10257 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects. Security Fixes: squid: Squid: Deni...

RLSA-2026:8119 Important: squid security update

Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects. Security Fixes: squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling CVE-2026-33526 Squid: Squid: Denial of Service via crafted ICP traffic CVE-2026-32748 For...

CVE-2026-6143

A security flaw has been discovered in farion1231 cc-switch up to 3.12.3. Affected by this issue is some unknown functionality of the file src-tauri/src/proxy/server.rs of the component ProxyServer. The manipulation results in permissive cross-domain policy with untrusted domains. The attack can ...

CVE-2026-6143 farion1231 cc-switch ProxyServer server.rs cross-domain policy

A security flaw has been discovered in farion1231 cc-switch up to 3.12.3. Affected by this issue is some unknown functionality of the file src-tauri/src/proxy/server.rs of the component ProxyServer. The manipulation results in permissive cross-domain policy with untrusted domains. The attack can ...

CVE-2026-6143

The vulnerability CVE-2026-6143 affects farion1231 cc-switch up to version 3.12.3. It targets the file src-tauri/src/proxy/server.rs in the ProxyServer component, enabling a permissive cross-domain policy with untrusted domains. This is a remote-attack vector, with the exploit publicly released. ...

CVE-2026-6143 farion1231 cc-switch ProxyServer server.rs cross-domain policy

A security flaw has been discovered in farion1231 cc-switch up to 3.12.3. Affected by this issue is some unknown functionality of the file src-tauri/src/proxy/server.rs of the component ProxyServer. The manipulation results in permissive cross-domain policy with untrusted domains. The attack can ...