CVE-2026-50052

Affected products/versions: Vinyl Cache < 9.0.1 and Varnish Cache

EUVD-2026-34066

In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack request smuggling, which in turn can be used for cache poisoning, authentication bypass, or possibly even information disclosure and...

CVE-2026-50052

In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack request smuggling, which in turn can be used for cache poisoning, authentication bypass, or possibly even information disclosure and...

CVE-2026-50052

In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack request smuggling, which in turn can be used for cache poisoning, authentication bypass, or possibly even information disclosure and...

CVE-2026-10705

A flaw has been found in dask up to 3.0. Affected by this issue is the function nuniqueapprox of the file dask/dataframe/hyperloglog.py of the component HLL Handler. This manipulation causes resource consumption. The attack is possible to be carried out remotely. A high degree of complexity is...

CVE-2026-10703 EIPStackGroup OpENer SendRRData cipmessagerouter.c CreateMessageRouterRequestStructure use after free

A security vulnerability has been detected in EIPStackGroup OpENer up to 2.3.0. Affected is the function CreateMessageRouterRequestStructure of the file cipmessagerouter.c of the component SendRRData Handler. The manipulation leads to use after free. Remote exploitation of the attack is possible...

PT-2026-46046

Name of the Vulnerable Software and Affected Versions OP-TEE versions 4.3.0 through 4.10.x Description A type confusion occurs in OP-TEE OS when processing an 'FFA MEM SHARE' request from the normal world. This issue specifically affects configurations where OP-TEE is set as a Secure Partition...

CVE-2026-36611

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 returns 128 bytes of uninitialized buffer when receiving POST requests without SOAPAction header on UPnP port 1900, exposing internal memory to unauthenticated adjacent network attackers...

PT-2026-45903

In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack request smuggling, which in turn can be used for cache poisoning, authentication bypass, or possibly even information disclosure and...

CVE-2026-36576

An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request...

PT-2026-46097

Summary Cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. Impact If a developer uses the cookies parameter on a per-request basis then sensitive data might be leaked to an attacker if they manage to control a redirect. Workaround If unable to...

Linux Distros Unpatched Vulnerability : CVE-2026-45882

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - power: supply: pm8916bmsvm: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registerin...

Linux Distros Unpatched Vulnerability : CVE-2026-50052

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack...

CVE-2026-36611

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 returns 128 bytes of uninitialized buffer when receiving POST requests without SOAPAction header on UPnP port 1900, exposing internal memory to unauthenticated adjacent network attackers...

PT-2026-45999

Mercusys AC12G EU V1 with firmware AC12GEU V1 200909 returns 128 bytes of uninitialized buffer when receiving POST requests without SOAPAction header on UPnP port 1900, exposing internal memory to unauthenticated adjacent network attackers...

PT-2026-46100

Impact In versions = 1.5.0, = 2.74.1 Workarounds If upgrading is not immediately possible, avoid passing untrusted URLs into remote fetch functionality. References - Fix release: v2.74.1...

CVE-2026-36576

An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request...

CVE-2026-36611

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 returns 128 bytes of uninitialized buffer when receiving POST requests without SOAPAction header on UPnP port 1900, exposing internal memory to unauthenticated adjacent network attackers...

PT-2026-46010

In the Linux kernel, the following vulnerability has been resolved: clk: qcom: gfx3d: add parent to parent request map After commit d228ece36345 "clk: divider: remove round rate in favor of determine rate" determining GFX3D clock rate crashes, because the passed parent map doesn't provide the...

EUVD-2026-34152

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 returns 128 bytes of uninitialized internal buffer contents when receiving HTTP POST requests to undefined paths, exposing server state to unauthenticated adjacent network attackers...