121669 matches found
CVE-2026-33953
LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requests to private IP literals, but still performs server-side requests to internal-only resources when those resources are referenced through an internal hostname. This allows an authenticated user t...
CVE-2026-33939
Summary: CVE-2026-33939 affects Handlebars 4.0.0–4.7.8, where a template using decorator syntax referencing an unregistered decorator (e.g. {{*n}}) causes the runtime to call an undefined value as a function, leading to an unhandled TypeError and a potential single-request DoS. The issue is fixed...
DEBIAN-CVE-2026-33870
Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fi...
CVE-2026-33870
Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fi...
CVE-2026-31943
LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, isPrivateIP in packages/api/src/auth/domain.ts fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass SSRF protection and make the server issue HTTP requests ...
CVE-2026-33870
Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fi...
UBUNTU-CVE-2026-34475
Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mishandle URLs with a path of / for HTTP/1.1, potentially leading to cache poisoning or authentication bypass...
UBUNTU-CVE-2026-33870
Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fi...
GHSA-GJXX-92W9-8V8F Clerk: SSRF in the opt-in clerkFrontendApiProxy feature may leak secret keys to unintended host
Summary The clerkFrontendApiProxy function in @clerk/backend is vulnerable to Server-Side Request Forgery SSRF. An unauthenticated attacker can craft a request path that causes the proxy to send the application's Clerk-Secret-Key to an attacker-controlled server. Affected packages Only applicatio...
CVE-2026-33870
Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fi...
CVE-2026-33870 Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing
Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fi...
CVE-2026-33870 Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing
Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fi...
CVE-2026-33870 Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing
Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fi...
CVE-2026-33870
Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fi...
CVE-2026-33870
Netty HTTP request smuggling vulnerability (CVE-2026-33870) arises from how Netty versions prior to 4.1.132.Final and 4.2.10.Final parse quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. The IBM and OSS/Ecosystem advisories in the connected...
CVE-2026-4974
A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST Request Handler. Executing a manipulation of the argument Time can lead to stack-based buffer overflow. It is possible to launch the attack...
CVE-2026-4974 Tenda AC7 POST Request SetSysTimeCfg fromSetSysTime memory corruption
A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST Request Handler. Executing a manipulation of the argument Time can lead to stack-based buffer overflow. It is possible to launch the attack...
CVE-2026-4974
CVE-2026-4974 affects Tenda AC7 firmware version 15.03.06.44. The vulnerability is in the function fromSetSysTime of /goform/SetSysTimeCfg in the POST Request Handler, where manipulating the Time argument can cause a stack-based buffer overflow. This enables remote code execution over the network...
CVE-2026-31945
LibreChat is a ChatGPT clone with additional features. Versions 0.8.2-rc2 through 0.8.2 are vulnerable to a server-side request forgery SSRF attack when using agent actions or MCP. Although a previous SSRF vulnerability...
CVE-2026-31945 LibreChat Server-Side Request Forgery using DNS resolution
LibreChat is a ChatGPT clone with additional features. Versions 0.8.2-rc2 through 0.8.2 are vulnerable to a server-side request forgery SSRF attack when using agent actions or MCP. Although a previous SSRF vulnerability...