RLSA-2026:25057 Important: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack CVE-2026-49975 For more details about the security issues, including the impact, a...

Important: Red Hat Security Advisory: mod_http2 security update

An update for modhttp2 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

ALPINE-CVE-2026-49975

Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's modhttp leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67...

CVE-2026-10276 hekmon8 Jenkins-server-mcp get_build_status/get_build_log/trigger_build index.ts jobPath server-side request forgery

A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component getbuildstatus/getbuildlog/triggerbuild. Such manipulation leads to server-side request forgery. The attack may be performed from remote. T...

CVE-2026-8359

When processing a request with a URL path starting with /status or /sysinfo, WOSHttpStatusModule.dll is to be loaded to handle such URL patterns. The WOSBinLoadHttpModule function in the dll would be called to set up a "module" object for that module. However, WOSHttpStatusModule.dll is not prese...

CVE-2026-40701

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpsslmodule module when the sslverifyclient directive is set to "on" or "optional," and the sslocsp directive is set to "on" or the leaf parameters are configured with a resolver. With this configuration, an unauthenticated attacke...

CVE-2026-33006

A flaw was found in the modauthdigest module of httpd. A remote unauthenticated attacker can bypass digest authentication by measuring timing discrepancies of requests. This issue leads to unauthorized access to resources protected by digest authentication. Mitigation Mitigation for this issue is...

bettercap Has an Integer Coercion Error in modules/mysql_server/mysql_server.go

A flaw has been found in bettercap up to 2.41.5. Affected by this issue is some unknown functionality of the file modules/mysqlserver/mysqlserver.go of the component MySQL Server. Executing a manipulation can lead to integer coercion error. The attack can be launched remotely. The attack requires...

GHSA-JCQV-2G3V-GM88 bettercap Has an Integer Coercion Error in modules/mysql_server/mysql_server.go

A flaw has been found in bettercap up to 2.41.5. Affected by this issue is some unknown functionality of the file modules/mysqlserver/mysqlserver.go of the component MySQL Server. Executing a manipulation can lead to integer coercion error. The attack can be launched remotely. The attack requires...

CVE-2026-8276

A flaw has been found in bettercap up to 2.41.5. Affected by this issue is some unknown functionality of the file modules/mysqlserver/mysqlserver.go of the component MySQL Server. Executing a manipulation can lead to integer coercion error. The attack can be launched remotely. The attack requires...

CVE-2026-8276 bettercap MySQL Server mysql_server.go integer coercion

A flaw has been found in bettercap up to 2.41.5. Affected by this issue is some unknown functionality of the file modules/mysqlserver/mysqlserver.go of the component MySQL Server. Executing a manipulation can lead to integer coercion error. The attack can be launched remotely. The attack requires...

Linux Distros Unpatched Vulnerability : CVE-2026-8276

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw has been found in bettercap up to 2.41.5. Affected by this issue is some unknown functionality of the file modules/mysqlserver/mysqlserver.go of the...

Filesystem MCP Server 路径遍历漏洞

The Filesystem MCP Server is a context-based protocol developed by Manan Sharma, which provides comprehensive access and manipulation of the file system. Version 1.0.0 of the Filesystem MCP Server contains a path traversal vulnerability. This vulnerability stems from improper handling of the...

Tenda F456 缓冲区错误漏洞

The Tenda F456 is a wireless router produced by the Chinese company Tenda. Version 1.0.0.5 of the Tenda F456 contains a buffer overflow vulnerability. This vulnerability stems from the improper handling of the page parameter in the frmL7ProtForm function of the goform/L7Prot component in the http...

[SECURITY] Fedora 44 Update: nginx-mod-brotli-1.0.0~rc-7.fc44

NGINX module for Brotli compression...

EUVD-2026-21990

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800...

CVE-2026-30809

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800...

CVE-2026-5619

A flaw has been found in Braffolk mcp-summarization-functions up to 0.1.5. This impacts an unknown function of the file src/server/mcp-server.ts of the component summarizecommand. Executing a manipulation of the argument command can lead to os command injection. The attack requires local access...

Portábilis i-Educar 代码注入漏洞

Portábilis i-Educar is an application developed by Portábilis Corporation. It can conveniently assist you in basic and technical education. Version 2.11 of Portábilis i-Educar contains a code injection vulnerability. This vulnerability arises from improper handling of the Name parameter in the...

CVE-2025-10685

CVE-2025-10685 describes a heap-based buffer overflow in Softing Industrial Automation GmbH smartLink SW-PN and smartLink SW-HT Webserver modules. Affected versions are SW-PN up to 1.03 and SW-HT up to 1.42. The issue is functionally a buffer overflow in the webserver components, with high impact...