667 matches found
DEBIAN-CVE-2026-53433
fzf is vulnerable to a Denial of Service DoS due to inefficient HTTP body processing in the --listen mode due to inefficient HTTP body processing using repeated string concatenation, resulting in quadratic time complexity On². A crafted POST request with many small segments can trigger excessive...
CVE-2026-13563 Edimax EW-7478APC POST Request formL2TPSetup stack-based overflow
A vulnerability has been found in Edimax EW-7478APC 1.04. This impacts the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. Such manipulation of the argument L2TPUserName leads to stack-based buffer overflow. It is possible to launch the attack...
CVE-2026-53273 tee: optee: prevent use-after-free when the client exits before the supplicant
In the Linux kernel, the following vulnerability has been resolved: tee: optee: prevent use-after-free when the client exits before the supplicant Commit 70b0d6b0a199 "tee: optee: Fix supplicant wait loop" made the client wait as killable so it can be interrupted during shutdown or after a...
PT-2026-52368
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the OP-TEE driver of the Linux kernel. This occurs when a client task terminates while a supplicant is still processing its request. Because the client m...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: A missing check for the encryption key size was fixed in the L2CAPLEConnREQ. This addition ensures that the encryption key size is checked upon receiving the L2CAPLEConnREQ, which is required by...
CVE-2023-54365 Traefik - Denial of Service via HTTP/2 Request Handling
Traefik before 2.10.5 and 3.0.0-beta4 is affected by a denial-of-service vulnerability in HTTP/2 request handling inherited from the Go standard library's HTTP/2 implementation CVE-2023-44487 / CVE-2023-39325, the 'Rapid Reset' technique. A remote attacker can rapidly create and cancel HTTP/2...
CVE-2026-50872
An issue in the loopback request handling component of fossar selfoss v2.20-SNAPSHOT allows attackers to execute arbitrary commands and obtain sensitive information via supplying a crafted HTTP request...
CVE-2026-50872
An issue in the loopback request handling component of fossar selfoss v2.20-SNAPSHOT allows attackers to execute arbitrary commands and obtain sensitive information via supplying a crafted HTTP request...
FreeSWITCH 安全漏洞
FreeSWITCH is a free and open-source communication software developed by Anthony Minessale, an individual developer from the United States. This software can be used to create audio, video, and short message-based products and applications. Prior to FreeSWITCH version 1.11.1, there was a security...
CVE-2024-54013
Penetration Testing engineers at Amazon have identified a security flaw related to request handling in the web server component that could, under certain conditions, lead to unintended access to protected functions. The manufacturer has released patch firmware for the flaw, please refer to the...
Django 安全漏洞
Django is a set of open-source web frameworks based on the Python language, developed by the Django Foundation. This framework includes an object-oriented mapper, view system, template system, etc. Versions of Django prior to 6.0.6 and 5.2.15 contained security vulnerabilities. These...
Mint 安全漏洞
Mint is a functional underlying HTTP client library developed by Elixir Mint. Versions of Mint from 0.1.0 to 1.9.0 contained security vulnerabilities. These vulnerabilities were due to inconsistent interpretation of HTTP requests, which could allow attackers to cause asynchronous response frames ...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a race condition in the handling of ICReq requests and queue removal in nvmet-tcp. This...
Plack::Middleware::Security::Common 安全漏洞
Plack::Middleware::Security::Common is a Perl web application security header middleware developed by RRWO’s individual developers. Versions of Plack::Middleware::Security::Common prior to 0.13.1 contained security vulnerabilities. These vulnerabilities stemmed from ineffective header injection...
Astra Linux – Vulnerability in Firefox and Thunderbird
Bypass of the same-origin policy in the Request Handling component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...
ROS-20260515-73-0016
A vulnerability in the Google Chrome web browser is related to HTTP request handling errors. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...
ROS-20260513-73-0008
Vulnerability in rubygem-rack related to a flaw in http request handling. Exploitation of the vulnerability may allow a remote attacker to affect the integrity of protected information...
PT-2026-40607
Name of the Vulnerable Software and Affected Versions bandit versions 1.4.0 through 1.11.0 Description An unauthenticated remote attacker can cause a denial of service via memory exhaustion. The read data/2 function in Elixir.Bandit.HTTP1.Socket ignores the :length option when processing HTTP/1...
Bird-lg-go has a Fatal Out-of-Memory (OOM) Denial of Service via Unbounded JSON Decoding
Summary The apiHandler and similarly webHandlerTelegramBot processes user-provided JSON payloads by directly using json.NewDecoderr.Body.Decode&request without restricting the maximum read size. An unauthenticated remote attacker can stream an extremely large, endless JSON payload e.g., several...
CVE-2026-43372
CVE-2026-43372 resolves a leak in the Linux kernel Microchip DSA driver during PTP IRQ setup. If request_threaded_irq() fails, the error path previously only freed mappings that had succeeded; now the kernel disposes the newly created IRQ mapping to prevent resource exhaustion. Affected component...