CVE-2025-31951

Technical details for CVE-2025-31951 are not publicly available in the provided documents; no specifics on affected versions, root cause, or mitigations are included. Monitor for updates.

AlmaLinux 8 : nodejs:24 (ALSA-2026:7670)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:7670 advisory. nodejs: Nodejs denial of service CVE-2026-21637 minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 undici: Undici:...

Siemens APE1808 Inconsistent Interpretation of HTTP Requests (CVE-2025-55018)

An inconsistent interpretation of http requests 'http request smuggling' vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated attacker to smuggle an unlogged http request...

CVE-2026-1525

Undici vulnerability CVE-2026-1525 affects undici.request() and undici.Client when headers are passed as flat arrays with case-variant names (eg, Content-Length vs content-length). The issue is duplicate HTTP Content-Length headers in HTTP/1.1 requests, leading to malformed requests on the wire. ...

EUVD-2026-11688

Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, when using Transfer-Encoding: chunked, if a chunk's size parsed to a value of 2^64 or larger, it would be truncated to a 64-bit integer. In theory, this bug could enable HTTP request/response smuggling. This...

Security update for cpp-httplib (important)

openSUSE Security Update: Security update for cpp-httplib Announcement ID: openSUSE-SU-2026:0007-1 Rating: important References: 1245414 1246468 1246471 Cross-References: CVE-2025-52887 CVE-2025-53628 CVE-2025-53629 CVSS scores: CVE-2025-52887 SUSE: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:...

Low: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.1.4

Red Hat OpenShift Service Mesh 3.1.4 Red Hat OpenShift Service Mesh 3.1.4, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application. Fixes/Improvements: Updated to Istio version...

GO-2025-4118 File Browser has risk of HTTP Request/Response smuggling through vulnerable dependency in github.com/filebrowser/filebrowser

File Browser has risk of HTTP Request/Response smuggling through vulnerable dependency in github.com/filebrowser/filebrowser...

PT-2026-6059

Name of the Vulnerable Software and Affected Versions libsoup affected versions not specified Description An HTTP Request Smuggling issue exists in libsoup, an HTTP client/server library. The problem stems from non-RFC-compliant parsing within the soup filter input stream read line function,...

EUVD-2021-2157

Malware in sbrugna...

EUVD-2024-20841

Malicious code in bioql PyPI...

EUVD-2025-6969

Malicious code in bioql PyPI...

git-lfs security update

An update is available for git-lfs. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Git Large File Storage LFS replaces large files such as audio samples, video...

HTTP Request Smuggling

eventlet is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper handling of HTTP trailer sections, which allows an attacker to bypass front-end security controls, launch targeted attacks against active site users, and poison web caches...

Security Bulletin: IBM SPSS Analytic Server is affected by multiple vulnerabilities in Netty Codec (CVE-2025-58056, CVE-2025-55163, CVE-2025-58057).

Summary IBM SPSS Analytic Server is affected by multiple vulnerabilities in Netty Codec CVE-2025-58056, CVE-2025-55163, CVE-2025-58057. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-55163 DESCRIPTION: Netty is an asynchronous, event-driven network...

Linux Distros Unpatched Vulnerability : CVE-2019-17559

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and scheme parsing. Upgrade to...

ALSA-2025:9623 Moderate: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes: net/http:...

GHSA-93C7-7XQW-W357 Pingora has a Request Smuggling Vulnerability

A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning. Fixed in...

ALSA-2025:9147 Moderate: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

Moderate: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 For more details about the security issues, including the impact, a CVSS...