EUVD-2026-38344

A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

CVE-2026-48931

A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

CVE-2026-48931

CVE-2026-48931 describes a flaw in Node.js HTTP Agent where a client may treat a response as valid if it is sent before the client issues a request. Affected are all supported Node.js lines (22, 24, 26). The documented impact is low severity (CVSS v3.0 base score 3.7) with no confidentiality or a...

CVE-2026-44516

Valtimo (versions 12.4.0–12.33.0 and 13.26.0) contains a vulnerability in the web module where the LoggingRestClientCustomizer intercepts outgoing HTTP calls via Spring RestClient and logs full request/response bodies and headers. When errors occur, this data can appear in HttpClientErrorExceptio...

elixir-nodejs 竞争条件问题漏洞

Elixir-nodejs is an open-source project by Revelry that serves as an Elixir API for calling Node.js functions. Versions of elixir-nodejs prior to 3.1.4 contained a race condition vulnerability. This vulnerability stemmed from race conditions in the working protocol, which led to the loss of...

Multi-Agent Honeypot-Based Request-Response Context Dataset for Improved SQL Injection Detection Performance

SQL injection remains a major threat to web applications, as existing defenses often fail against obfuscation and evolving attacks because of neglecting the request-response context. This paper presents a context-enriched SQL injection detection framework, focusing on constructing a high-quality...

Lighttpd 1.4.80 HTTP Request/Response Smuggling Vulnerability

Lighttpd is prone to an HTTP request/response smuggling vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

EUVD-2015-2260

Malware in sbrugna...

EUVD-2024-31913

Malicious code in bioql PyPI...

EUVD-2023-51294

Malicious code in bioql PyPI...

EUVD-2023-3324

Malicious code in bioql PyPI...

DEBIAN-CVE-2025-39726

In the Linux kernel, the following vulnerability has been resolved: s390/ism: fix concurrency management in ismcmd The s390x ISM device data sheet clearly states that only one request-response sequence is allowable per ISM function at any point in time. Unfortunately as of today the s390/ism driv...

CVE-2025-39726

In the Linux kernel, the following vulnerability has been resolved: s390/ism: fix concurrency management in ismcmd The s390x ISM device data sheet clearly states that only one request-response sequence is allowable per ISM function at any point in time. Unfortunately as of today the s390/ism driv...

Pitchfork HTTP Request/Response Splitting vulnerability

Impact HTTP Response Header Injection in Pitchfork Versions 0.11.0 when used in conjunction with Rack 3 Patches The issue was fixed in Pitchfork release 0.11.0 Workarounds There are no known work arounds. Users must upgrade...

Linux Distros Unpatched Vulnerability : CVE-2015-2756

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial ...

CVE-2023-47159 IBM Sterling File Gateway information disclosure

IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to enumerate usernames due to an observable discrepancy in request responses...

@chainsafe/lodestar (>=1.10.0-dev.00b94f3802 <=1.25.0-rc.0), @lodestar/beacon-node (>=1.10.0-dev.00b94f3802 <=1.25.0-rc.0) potentially affected by unknown CVE via @lodestar/reqresp (>=1.10.0-dev.a208afb45a <=1.25.0-rc.0)

@lodestar/reqresp NPM version =1.10.0-dev.a208afb45a, =1.10.0-dev.00b94f3802, =1.10.0-dev.00b94f3802, =1.25.0-rc.0 Source cves: unknown CVE Source advisory: OSV:GHSA-M9C9-MC2H-9WJW...

@chainsafe/lodestar (>=1.10.0-dev.00b94f3802 <=1.25.0-rc.0), @lodestar/beacon-node (>=1.10.0-dev.00b94f3802 <=1.25.0-rc.0) potentially affected by unknown CVE via @lodestar/reqresp (>=1.10.0-dev.a208afb45a <=1.25.0-rc.0)

@lodestar/reqresp NPM version =1.10.0-dev.a208afb45a, =1.10.0-dev.00b94f3802, =1.10.0-dev.00b94f3802, =1.25.0-rc.0 Source cves: unknown CVE Source advisory: OSV:GHSA-53RV-HCVM-RPP9...

Important: Red Hat Security Advisory: squid security update

An update for squid is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

BIT-HAPROXY-2024-53008

Inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL Access Control List set on the product. As a result, the attacker may obtain sensitive...