Apache Tomcat has an HTTP Request/Response Smuggling vulnerability

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M1 through 9.0.115, from 8.5.0 through 8.5.100,...

EUVD-2026-21006

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M1 through 9.0.115, from 8.5.0 through 8.5.100,...

GHSA-563X-Q5RQ-57QP Apache Tomcat has an HTTP Request/Response Smuggling vulnerability

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M1 through 9.0.115, from 8.5.0 through 8.5.100,...

CVE-2026-35645

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession function that uses a synthetic operator.admin runtime scope. Attackers can exploit this by triggering session deletion without a request-scoped client to execute privilege...

CVE-2026-35645

OpenClaw is affected by a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession function, which uses a synthetic operator.admin runtime scope. OpenClaw versions before 2026.3.25 are vulnerable to triggering session deletion to execute privileged operations with ...

CVE-2026-35629

CVE-2026-35629 affects OpenClaw before version 2026.3.25. The issue is SSRF via unguarded configured base URLs in multiple channel extensions, where unprotected fetch() calls can rebinding requests to blocked internal destinations and access restricted resources. Impact per sources is limited to ...

CVE-2026-35618

OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 signature verification that allows attackers to bypass replay protection by modifying query parameters. The verification path derives replay keys from the full URL including query strings instead of the canonicalized...

CVE-2026-40114

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /api/v1/runs endpoint accepts an arbitrary webhookurl in the request body with no URL validation. When a submitted job completes success or failure, the server makes an HTTP POST request to this URL using httpx.AsyncClient. An...

CVE-2026-40114 PraisonAI has Server-Side Request Forgery via Unvalidated webhook_url in Jobs API

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /api/v1/runs endpoint accepts an arbitrary webhookurl in the request body with no URL validation. When a submitted job completes success or failure, the server makes an HTTP POST request to this URL using httpx.AsyncClient. An...

CVE-2026-5979

A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack can be launched...

CVE-2026-5981 D-Link DIR-605L POST Request formAdvFirewall buffer overflow

A vulnerability has been found in D-Link DIR-605L 2.13B01. This affects the function formAdvFirewall of the file /goform/formAdvFirewall of the component POST Request Handler. Such manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has...

CVE-2026-40107 SiYuan Affected by Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Rendering

SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with securityLevel: "loose" and htmlLabels: true. In this mode, tags with src attributes survive Mermaid's internal DOMPurify and land in SVG blocks. The SVG is injected via innerHTML with no secondary...

CVE-2026-5980 D-Link DIR-605L POST Request formSetMACFilter buffer overflow

A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACFilter of the file /goform/formSetMACFilter of the component POST Request Handler. This manipulation of the argument curTime causes buffer overflow. The attack may be initiated remotely. The exploit...

CVE-2026-5979 D-Link DIR-605L POST Request formVirtualServ buffer overflow

A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack can be launched...

CVE-2026-5979 D-Link DIR-605L POST Request formVirtualServ buffer overflow

A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack can be launched...

CVE-2026-5979

A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack can be launched...

CVE-2026-5979

D-Link DIR-605L, firmware 2.13B01, has a vulnerability in the POST Request Handler’s function formVirtualServ. The bug arises from manipulating the curTime argument, causing a buffer overflow. This enables a remote attack, with the exploit publicly available, and affects devices no longer support...

undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers

A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing e.g., "Content-Length" and "content-length". This can lead to HTTP Request Smuggling, a...

undici: Undici: HTTP header injection and request smuggling vulnerability

A flaw was found in undici, a Node.js HTTP/1.1 client. This vulnerability allows a remote attacker to inject malicious data into HTTP headers or prematurely end HTTP requests by sending specially crafted input to the upgrade option of client.request. This is possible because undici does not...

Important: Red Hat Security Advisory: nodejs:24 security update

An update for the nodejs:24 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...