AlmaLinux 8 : nodejs:24 (ALSA-2026:7670)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:7670 advisory. nodejs: Nodejs denial of service CVE-2026-21637 minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 undici: Undici:...

Siemens APE1808 Inconsistent Interpretation of HTTP Requests (CVE-2025-55018)

An inconsistent interpretation of http requests 'http request smuggling' vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated attacker to smuggle an unlogged http request...

CVE-2026-1525

CVE-2026-1525 is an Undici HTTP client issue where passing duplicate Content-Length headers (especially with mixed case variants like Content-Length and content-length) can produce malformed HTTP/1.1 requests and enable HTTP Request Smuggling in misconfigured environments. Public advisories indic...

GO-2025-4118 File Browser has risk of HTTP Request/Response smuggling through vulnerable dependency in github.com/filebrowser/filebrowser

File Browser has risk of HTTP Request/Response smuggling through vulnerable dependency in github.com/filebrowser/filebrowser...

EUVD-2021-2157

Malware in sbrugna...

EUVD-2025-6969

Malicious code in bioql PyPI...

EUVD-2024-20841

Malicious code in bioql PyPI...

Security Bulletin: IBM SPSS Analytic Server is affected by multiple vulnerabilities in Netty Codec (CVE-2025-58056, CVE-2025-55163, CVE-2025-58057).

Summary IBM SPSS Analytic Server is affected by multiple vulnerabilities in Netty Codec CVE-2025-58056, CVE-2025-55163, CVE-2025-58057. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-55163 DESCRIPTION: Netty is an asynchronous, event-driven network...

ALSA-2025:9623 Moderate: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes: net/http:...

GHSA-93C7-7XQW-W357 Pingora has a Request Smuggling Vulnerability

A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning. Fixed in...

ALSA-2025:9147 Moderate: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

Moderate: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 For more details about the security issues, including the impact, a CVSS...

Moderate: Red Hat Security Advisory: go-toolset:rhel8 security update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2025-4600

A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer due to improper handling of chunked-encoded HTTP requests. This allowed attackers to craft requests that could be misinterpreted by backend servers. The issue was fixed by disallowing stray data after ...

CVE-2024-53868

Apache Traffic Server is affected by CVE-2024-53868: request smuggling when chunked messages are malformed. Affected versions are 9.2.0–9.2.9 and 10.0.0–10.0.4. The issue is mitigated by upgrading to 9.2.10 or 10.0.5, which contain the fix. Impact is described as high (I), with no confidentiality...

Huawei EulerOS: Security Advisory for libsoup (EulerOS-SA-2025-1025)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2024:1305-1 Security update for nodejs16

This update for nodejs16 fixes the following issues: - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::Http2Session that could lead to HTTP/2 server crash bsc1222244 - CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation bsc1222384...

Cross site request forgery (csrf)

Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.51.7.0 on all platforms allows attacker to smuggle request. Vulnerability Cause Description: The httpparser does not comply with the RFC-7230 HTTP 1.1 specification. Attack scenario: If a message is received with both a...

SUSE-SU-2023:3975-1 Security update for python-gevent

This update for python-gevent fixes the following issues: - CVE-2023-41419: Fixed a http request smuggling bsc1215469...

SUSE-SU-2022:3571-1 Security update for rubygem-puma

This update for rubygem-puma fixes the following issues: Updated to version 4.3.12: - CVE-2022-24790: Fixed HTTP request smuggling if proxy is not RFC7230 compliant bsc1197818...