CVE-2026-40395

Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service daemon panic for shared VCL. The headerplus.writereq0 function from vmodheaderplus updates the underlying req0, which is normally the original read-only request from which req is derived readable and writable from...

Rack::Request accepts invalid Host characters, enabling host allowlist bypass

Summary Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.host returns the full parsed value, applications that validate hosts using naive prefix or suffix checks can be...

CVE-2026-21710

A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called on a non-array...

Google Pixel 安全漏洞

The Google Pixel is a smartphone produced by Google Inc. The Google Pixel has a security vulnerability. This vulnerability stems from an obfuscation issue in the gmcddrhandlembamrreq function within the gmcmbaddr.c file, which may lead to an increase in local privileges...

Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-27005)

"The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27005 advisory. - In the Linux kernel, the following vulnerability has been resolved: interconnect: Don't access...

MiracleLinux 7 : krb5-1.15.1-51.el7 (AXSA:2021-2558:03)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2558:03 advisory. krb5: NULL pointer dereference in processtgsreq in kdc/dotgsreq.c via a FAST inner body that lacks server field CVE-2021-37750 Tenable has extracted the...

EUVD-2026-2663

Malicious code in transitive-req PyPI...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: md/raid1, raid10: do not ignore IO flags If blk-wbt is enabled by default, it was found that raid write performance is quite poor because all I/O operations are throttled by the wbt feature of underlying disks. This occurs...

PT-2025-54178

Name of the Vulnerable Software and Affected Versions FastBee versions prior to 2.1 Description A flaw exists in the SIP Message Handler component of FastBee, specifically within the getRootElement function located in the file...

PT-2025-53166

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.4.0-rc7+ 154 Description The Linux kernel contains a flaw within the virtio pmem subsystem. Specifically, the submit bio noacct function requires the bio operation to be either WRITE or ZONE APPEND for flush...

UBUNTU-CVE-2025-40259

In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Do not sleep in atomic context sgfinishremreq calls blkrqunmapuser. The latter function may sleep. Hence, call sgfinishremreq with interrupts enabled instead of disabled...

EUVD-2025-199114

Malicious code in puny-req npm...

Malicious code in puny-req (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b37178e16f3045461008067eca9077a2b41c9c0809b2fd8b3082038a7b74ab3 The package puny-req was found to contain malicious code. Source: ghsa-malware 4ed85c7d479a94c8140d2a0d11769e23097d68af45d550610438f446986c3cbb Any...

MAL-2025-191141 Malicious code in puny-req (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b37178e16f3045461008067eca9077a2b41c9c0809b2fd8b3082038a7b74ab3 The package puny-req was found to contain malicious code. Source: ghsa-malware 4ed85c7d479a94c8140d2a0d11769e23097d68af45d550610438f446986c3cbb Any...

PT-2025-49089

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the SCSI subsystem, specifically in the sg module. The sg finish rem req function calls blk rq unmap user, which can potentially lead to sleeping...

Astra Linux – Vulnerability in mbedtls

Mbed TLS versions prior to 3.6.4 allow a use-after-free in certain situations of applications developed in accordance with the documentation. The function mbedtlsx509stringtonames takes a head argument, which is documented as an output argument. The documentation does not indicate that the functi...

01os (>=0.0.1 <=0.0.14), 12factor-configclasses (>=0.2.1 <=0.2.6) +4440 more potentially affected by CVE-2025-62727 via starlette (>=0.10.1 <=0.49.0)

starlette PYPI version =0.10.1, =0.0.1, =0.2.1, =0.1.0, =0.3.6, =0.12.0, =0.4.2, =0.1.10, =0.0.1, =0.1.0, =0.1.3, =0.0.1, =0.1.5, =0.1.1, =0.1.9 and more Source cves: CVE-2025-62727 Source advisory: SNYK:PYTHON-STARLETTE-13733964...

EUVD-2013-1455

Malware in sbrugna...

EUVD-2017-18641

Malware in sbrugna...

EUVD-2006-3154

Malware in sbrugna...