CVE-2026-48998

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 contain improper Host header validation when parsing raw HTTP request messages and when deriving a server request URI from server variables. An attacker can provide a malformed Host header containing U...

EUVD-2026-36239

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 contain improper Host header validation when parsing raw HTTP request messages and when deriving a server request URI from server variables. An attacker can provide a malformed Host header containing U...

CVE-2026-48998 guzzlehttp/psr7 has Host Confusion via Authority Reinterpretation

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 contain improper Host header validation when parsing raw HTTP request messages and when deriving a server request URI from server variables. An attacker can provide a malformed Host header containing U...

CVE-2026-48998

GuzzleHttp/psr7 (PHP) before version 2.10.2 is affected by improper Host header validation when parsing raw HTTP requests or deriving a server request URI from server variables. An attacker can supply a Host header containing URI delimiters (for example [email protected]) that can be r...

RLSA-2026:24371 Important: frr security update

FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. Security Fixes: frr: denial of service via crafted FlowSpec component CVE-2026-37457 For more details about the security issues, including the...

kernel: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows

A flaw was found in the Linux kernel. A local attacker can exploit an out-of-bounds write vulnerability when the kernel recomputes an IPv6 Source Routing Header SRH. This issue occurs because insufficient headroom is reserved during the recompression process, leading to memory corruption...

MAL-2026-5635 Malicious code in routing-controls (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 095efa733141879758b3a97acff66255dd2bc05143649513ab18b6597bf2dedb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in routing-controls (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 095efa733141879758b3a97acff66255dd2bc05143649513ab18b6597bf2dedb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

kernel: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows

A flaw was found in the Linux kernel. A local attacker can exploit an out-of-bounds write vulnerability when the kernel recomputes an IPv6 Source Routing Header SRH. This issue occurs because insufficient headroom is reserved during the recompression process, leading to memory corruption...

CVE-2026-0268 Prisma Access Agent: Local Authenticated VPN Enforcement Bypass on Linux

A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel. This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS...

GHSA-3QMC-CJ7Q-62HV Litestar: AllowedHostsMiddleware bypasses host validation via client-controlled X-Forwarded-Host header

Summary AllowedHostsMiddleware trusts the X-Forwarded-Host header as a fallback when the Host header is absent. Since X-Forwarded-Host is a client-controllable header, an attacker can bypass the allowed hosts validation by omitting the Host header and supplying an X-Forwarded-Host header set to a...

SUSE-SU-2026:2332-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2026-31629: nfc: llcp: add missing return after LLCPCLOSED checks bsc1263790. - CVE-2026-43037: ip6tunnel: clear skb2-cb in ip4ip6err bsc1263995. - CVE-2026-43206:...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to fix various security issues The following security issues were fixed: CVE-2026-31405: media: dvb-net: fix OOB access in ULE extension header tables bsc1261700. CVE-2026-31629: nfc: llcp: add missing return after LLCPCLOSED checks bsc126379...

[SECURITY] Fedora 43 Update: exim-4.99.4-1.fc43

Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...

PT-2026-48543

Summary AllowedHostsMiddleware trusts the X-Forwarded-Host header as a fallback when the Host header is absent. Since X-Forwarded-Host is a client-controllable header, an attacker can bypass the allowed hosts validation by omitting the Host header and supplying an X-Forwarded-Host header set to a...

PT-2026-48529

A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel. This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS...

PT-2026-48501

CVE-2026-34908 is a CVSS 10.0 improper access control flaw in UniFi OS Server where nginx evaluates the raw request URI for authentication but routes using the normalized URI, allowing unauthenticated attackers to reach protected endpoints and chain into full root RCE...

CVE-2026-41727

Summary: Spring for Apache Kafka’s retry topic infrastructure does not adequately validate user-controlled header values, allowing a crafted retry_topic-attempts header to supply an out-of-range attempt count and cause the retry topic router to misidentify a message’s position in the retry sequen...

CVE-2026-41727 In Spring for Apache Kafka, forged retry topic headers subvert retry routing and backoff behavior

Spring Kafka's retry topic infrastructure did not sufficiently validate user-controlled header values before acting on them. A producer could send a record with a crafted retrytopic-attempts header to supply an out-of-range attempt count and cause the retry topic router to misidentify where the...

CVE-2026-46287

A flaw was found in the Linux kernel's txgbe network driver. When removing a module for a copper Network Interface Card NIC with an external physical layer PHY, the driver failed to acquire the necessary RTNL Routing Netlink lock before disconnecting the PHY. This oversight can lead to an RTNL...