EUVD-2026-36477

The Aqara IAM/SSO gateway gw-builder.aqara.com exhibits a cross-origin request sharing vulnerability, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N 8.2 High...

Astra Linux - уязвимость в jetty9

In Eclipse Jetty versions 9.4.0 to 9.4.56, a buffer can be released incorrectly when encountering a gzip error during the inflation of a request body. This can lead to corrupted data and/or inadvertent sharing of data between requests...

EUVD-2024-54465

Malicious code in bioql PyPI...

CVE-2024-13009

CVE-2024-13009 (Jetty) affects Jetty 9.4.0–9.4.56 where a gzip error during inflating a request body can cause a buffer to be released incorrectly, potentially corrupting or sharing data between requests. Public IBM bulletins tie this CVE to IBM QRadar SIEM, IBM Storage Scale, and Tivoli Netcool/...

SUSE CVE-2019-18928

Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection...